论文信息 - CIRL: DDoS mitigation in eFIT

CIRL: DDoS mitigation in eFIT

DDoS attacks have been a topic of research for some time, and a number of solutions have been proposed which address their prevention or mitigation. However, none of these proposed systems have been widely deployed, and as a result the internet at large remains susceptible to relatively simple, stealthy, and potent DDoS attacks. We conjecture that there are two related fundamental reasons that the proposed systems have not been widely deployed: many of the proposed systems require either large-scale deployment to be successful, or cannot be incrementally deployed, or both. In this paper, we present a new system, Core Ingress Rate Limiting (CIRL), which attempts to address both of these problems by working in the context of a new internet architecture, eFIT, and borrowing some techniques from existing proposals. eFIT is designed to solve a dierent problem in the internet, but its architecture provides useful facilities for CIRL and its incremental deployment could be used to ensure a wide deployment of CIRL thereby avoiding incremental deployability concerns.

Christopher Frost | Mike Mammarella | Christopher Frost | Mike Mammarella

[1] Daniel Massey. A Proposal for Scalable Internet Routing & Addressing , 2007 .

[2] Steven M. Bellovin,et al. Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[3] Ricardo V. Oliveira,et al. Internet Routing: Separating Customers from Providers , 2006 .

[4] Michael Walfish,et al. DDoS defense by offense , 2006, SIGCOMM 2006.

[5] Stefan Savage,et al. Inferring Internet denial-of-service activity , 2001, TOCS.

[6] Ratul Mahajan,et al. Controlling high bandwidth aggregates in the network , 2002, CCRV.

[7] Xiaowei Yang,et al. A DoS-limiting network architecture , 2005, SIGCOMM '05.

[8] David Wetherall,et al. Preventing Internet denial-of-service with capabilities , 2004, Comput. Commun. Rev..

[9] Mark Handley,et al. Using Routing and Tunneling to Combat DoS Attacks , 2005, SRUTI.

[10] Dawn Xiaodong Song,et al. SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.