Codef: Collaborative Defense Against Large-Scale Link-Flooding Attacks

CoNEXT '13: Conference on emerging Networking Experiments and Technologies Santa Barbara California USA December, 2013(2013)

引用 73|浏览34
暂无评分
摘要
Large-scale botnet attacks against Internet links using low-rate flows cannot be effectively countered by any of the traditional rate-limiting and flow-filtering mechanisms deployed in individual routers. In this paper, we present a collaborative defense mechanism, called CoDef, which enables routers to distinguish low-rate attack flows from legitimate flows, and protect legitimate traffic during botnet attacks. CoDef enables autonomous domains that are uncontaminated by bots to collaborate during link flooding attacks and reroute their customers' legitimate traffic in response to requests from congested routers. Collaborative defense using multi-path routing favors legitimate traffic while limiting the bandwidth available to attack traffic at a congested link We present CoDef's design and evaluate its effectiveness by exploring the domain-level path diversity of the Internet and performing simulations under various traffic conditions.
更多
查看译文
关键词
DDoS defense,collaborative defense,link-flooding attack,rerouting,bandwidth guarantees
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要