Affiliation:
1. University of California, Irvine
2. University of Washington
Abstract
We present the design and evaluation of TVA, a network architecture that limits the impact of Denial of Service (DoS) floods from the outset. Our work builds on earlier work on capabilities in which senders obtain short-term authorizations from receivers that they stamp on their packets. We address the full range of possible attacks against communication between pairs of hosts, including spoofed packet floods, network and host bottlenecks, and router state exhaustion. We use simulation to show that attack traffic can only degrade legitimate traffic to a limited extent, significantly outperforming previously proposed DoS solutions. We use a modified Linux kernel implementation to argue that our design can run on gigabit links using only inexpensive off-the-shelf hardware. Our design is also suitable for transition into practice, providing incremental benefit for incremental deployment.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Software
Reference25 articles.
1. DDoS attacks still pose threat to Internet. BizReport 11/4/03. DDoS attacks still pose threat to Internet. BizReport 11/4/03.
2. Extortion via DDoS on the rise. Network World 5/16/05. Extortion via DDoS on the rise. Network World 5/16/05.
Cited by
56 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献