Coordination of anti-spoofing mechanisms in partial deployments

An, Hyok; Lee, Heejo; Perrig, Adrian

doi:10.1109/jcn.2016.000129

Cited by 1 publication

(1 citation statement)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent patches to improve Internet security and availability have been constrained by the current Internet architecture design. As network-based attacks on availability continue to increase each year [1], an improvised Internet architecture should offer availability and security based on its design, provide incentives for deployment, and consider economic, political, and legal issues at the design stage [2].…”

Section: Introduction 1motivationsmentioning

confidence: 99%

Resilience Evaluation of Multi-Path Routing against Network Attacks and Failures

Lee

et al. 2021

Electronics

Self Cite

View full text Add to dashboard Cite

The current state of security and availability of the Internet is far from being commensurate with its importance. The number and strength of DDoS attacks conducted at the network layer have been steadily increasing. However, the single path (SP) routing used in today’s Internet lacks a mitigation scheme to rapidly recover from network attacks or link failure. In case of a link failure occurs, it can take several minutes until failover. In contrast, multi-path routing can take advantage of multiple alternative paths and rapidly switch to another working path. According to the level of available path control, we classfy the multi-path routing into two types, first-hop multi-path (FMP) and multi-hop multi-path (MMP) routing. Although FMP routing supported by networks, such as SD-WAN, shows marginal improvements over the current SP routing of the Internet, MMP routing supported by a global Internet architecture provides strong improvement under network attacks and link failure. MMP routing enables changing to alternate paths to mitigate the network problem in other hops, which cannot be controlled by FMP routing. To show this comparison with practical outcome, we evaluate network performance in terms of latency and loss rate to show that MMP routing can mitigate Internet hazards and provide high availability on global networks by 18 participating ASes in six countries. Our evaluation of global networks shows that, if network attacks or failures occur in other autonomous systems (ASes) that FMP routing cannot avoid, it is feasible to deal with such problems by switching to alternative paths by using MMP routing. When the global evaluation is under a transit-link DDoS attack, the loss rates of FMP that pass the transit-link are affected significantly by a transit-link DDoS attack, but the other alternative MMP paths show stable status under the DDoS attack with proper operation.

show abstract

Section: Introduction 1motivationsmentioning

confidence: 99%