FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks

Lee, Soo Bum; Gligor, Virgil D.

doi:10.1109/icdcs.2010.78

Cited by 17 publications

(6 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Capability-based mechanisms [7,19,24,30,32,44,46] aim at isolating legitimate flows from malicious DDoS attack traffic. Network capabilities are access tokens issued by onpath entities (e.g., routers and destination) to the source.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

SIBRA: Scalable Internet Bandwidth Reservation Architecture

Băsescu

Reischuk

Szałachowski

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

This paper proposes a Scalable Internet Bandwidth Reservation Architecture (SIBRA) as a new approach against DDoS attacks, which, until now, continue to be a menace on today's Internet. SIBRA provides scalable inter-domain resource allocations and botnet-size independence, an important property to realize why previous defense approaches are insufficient. Botnetsize independence enables two end hosts to set up communication regardless of the size of distributed botnets in any Autonomous System in the Internet. SIBRA thus ends the arms race between DDoS attackers and defenders. Furthermore, SIBRA is based on purely stateless operations for reservation renewal, flow monitoring, and policing, resulting in highly efficient router operation, which is demonstrated with a full implementation. Finally, SIBRA supports Dynamic Interdomain Leased Lines (DILLs), offering new business opportunities for ISPs.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Network capabilities [7,24,30,44,46] are not effective against attacks such as Coremelt [38] that build on legitimate low-bandwidth flows to swamp core network links. FLoc [24] in particular considers bot-contaminated domains, but it is ineffective in case of dispersed botnets.…”

Section: Introductionmentioning

confidence: 99%

SIBRA: Scalable Internet Bandwidth Reservation Architecture

Băsescu

Reischuk

Szałachowski

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…CoDef leverages a collaboration mechanism between Autonomous Systems (ASes) and therefore, requires a widespread deployment to be effective. FLoc [15] and PSP [16] are two bandwidth allocation mechanisms introduced to alleviate the effect of link flooding attacks. Whereas FLoc requires router support and provides fair allocation for flows within an AS, PSP leverages current Internet routers and only provides bandwidth isolation between ASes.…”

Section: Related Workmentioning

confidence: 99%

SPONGE: Software-Defined Traffic Engineering to Absorb Influx of Network Traffic

Henry

Chowdhury

Lahmadi

et al. 2019

2019 IEEE 44th Conference on Local Computer Networks (LCN)

View full text Add to dashboard Cite

Existing shortest path-based routing in wide area networks or equal cost multi-path routing in data center networks do not consider the load on the links while taking routing decisions. As a consequence, an influx of network traffic stemming from events such as distributed link flooding attacks and data shuffle during large scale analytics can congest network links despite the network having sufficient capacity on alternate paths to absorb the traffic. This can have several negative consequences, service unavailability, delayed flow completion, packet losses, among others. In this regard, we propose SPONGE, a traffic engineering mechanism for handling sudden influx of network traffic. SPONGE models the network as a stochastic process, takes the switch queue occupancy and traffic rate as inputs, and leverages the multiple available paths in the network to route traffic in a way that minimizes the overall packet loss in the network. We demonstrate the practicality of SPONGE through an OpenFlow based implementation, where we periodically and pro-actively reroute network traffic to the routes computed by SPONGE. Mininet emulations using real network topologies show that SPONGE is capable of reducing packet drops by 20% on average even when the network is highly loaded because of an ongoing link flooding attack.

show abstract

“…If we assume all TCP flows compete for a common bottleneck bandwidth (i.e., that of an attack-target link), the packet drop ratio of a path, which is denoted by γ Si , can be expresses as γ Si = 8 3Wi(Wi+2) . And, the packet drop rate (denoted by δ Si ) is δ Si = 2·nS i Wi·Rtti [27]. Since…”

Section: ) Attack Path Identificationmentioning

confidence: 99%

FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks

Lee¹,

Gligor²

2011

Self Cite

View full text Add to dashboard Cite

Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number.

show abstract

FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks

Cited by 17 publications

References 13 publications

SIBRA: Scalable Internet Bandwidth Reservation Architecture

SIBRA: Scalable Internet Bandwidth Reservation Architecture

SPONGE: Software-Defined Traffic Engineering to Absorb Influx of Network Traffic

FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks

Contact Info

Product

Resources

About