Proceedings 2016 Network and Distributed System Security Symposium 2016
DOI: 10.14722/ndss.2016.23132
|View full text |Cite
|
Sign up to set email alerts
|

SIBRA: Scalable Internet Bandwidth Reservation Architecture

Abstract: This paper proposes a Scalable Internet Bandwidth Reservation Architecture (SIBRA) as a new approach against DDoS attacks, which, until now, continue to be a menace on today's Internet. SIBRA provides scalable inter-domain resource allocations and botnet-size independence, an important property to realize why previous defense approaches are insufficient. Botnetsize independence enables two end hosts to set up communication regardless of the size of distributed botnets in any Autonomous System in the Internet. … Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
28
0

Year Published

2016
2016
2022
2022

Publication Types

Select...
4
2
2

Relationship

2
6

Authors

Journals

citations
Cited by 34 publications
(29 citation statements)
references
References 49 publications
1
28
0
Order By: Relevance
“…Moreover, by design, the temporal pattern of the CICADAS attack is observable only at the target link, thereby rendering the redirection-based cloud traffic scrubbing service unusable. To mitigate such a stealthy DDoS attack, there needs to be support for DDoS-resilient Internet architectures [5] and efficient flow monitoring algorithms running at each router. However, none of these is easy to do with respect to design and deployment.…”
Section: Discussionmentioning
confidence: 99%
“…Moreover, by design, the temporal pattern of the CICADAS attack is observable only at the target link, thereby rendering the redirection-based cloud traffic scrubbing service unusable. To mitigate such a stealthy DDoS attack, there needs to be support for DDoS-resilient Internet architectures [5] and efficient flow monitoring algorithms running at each router. However, none of these is easy to do with respect to design and deployment.…”
Section: Discussionmentioning
confidence: 99%
“…Defcom nodes share attack information, such the DDoS source IP address, and perform rate limiting. SIBRA [34] provides a bandwidth reservation protocol for the Internet that guarantees resource allocation based on contracts between autonomous systems; thus, minimum bandwidth allocation can be ensured.…”
Section: Novel Ddos Mitigation Techniquesmentioning
confidence: 99%
“…Many previously proposed capability-based systems are likewise designed to work with a single scheduling policy. For instance, CRAFT [28] enforces per-flow fairness, Portcullis [41] and Mirage [37] enforce per-compute fairness, NetFence [34] enforces per-sender fairness, SIBRA [12] enforces per-steady-bandwidth fairness, and SpeakUp [48] enforces per-outbound-bandwidth fairness. If any of these mechanisms is ever deployed, a single policy will be enforced, forcing the victim to accept the choice made by the defense approach.…”
Section: Middlepolice's Desirable Propertiesmentioning
confidence: 99%
“…PerASFairshare is similar to PerSenderFairshare except that the mbox fairly allocates N total size on a per-AS basis. This policy mimics SIBRA [12], preventing bot-infested ASes from taking bandwidth away from legitimate ASes.…”
Section: Bandwidth Allocation Policiesmentioning
confidence: 99%
See 1 more Smart Citation