CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Mitigating Distributed Denial of Capability Attacks Using Sink Tree Based Quota Allocation

Zhang Fu (Institutionen för data- och informationsteknik, Nätverk och system, Datakommunikation och distribuerade system (Chalmers)) ; Marina Papatriantafilou (Institutionen för data- och informationsteknik, Nätverk och system, Datakommunikation och distribuerade system (Chalmers)) ; Philippas Tsigas (Institutionen för data- och informationsteknik, Nätverk och system, Datakommunikation och distribuerade system (Chalmers)) ; Wei Wei
In the Proceedings of 25th ACM Symposium on Applied Computing (SAC 2010) p. 713-718. (2010)
[Konferensbidrag, refereegranskat]

Network capabilities have been proposed to prevent Distributed Denial of Service (DDoS) attacks proactively. A capability is a ticket-like token, checkable by routers, that a server can issue for legitimate traffic. Still, malicious hosts may swamp a server with requests for capability establishment, essentially causing possible Denial-of-Capability (DoC). In this paper, we propose an algorithm to mitigate DoC attacks. The algorithm divides the server's capacity for handling capability requests into quotas. Quotas are allocated based on a sink tree architecture. Randomization and Bloom filters are used as tools against threats (attacking scenarios). We both analytically and experimentally show that legitimate hosts can get service with guaranteed probability. We also address issues on fault-tolerance and the deployment of the approach proposed.

Nyckelord: Denial-of-Service, Denial-of-Capability, Sink Tree



Denna post skapades 2010-01-12. Senast ändrad 2011-01-12.
CPL Pubid: 106659

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)