An integrated experimental environment for distributed systems and networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
IP Easy-pass: a light-weight network-edge resource access control
IEEE/ACM Transactions on Networking (TON)
Cookies along trust-boundaries (CAT): accurate and deployable flood protection
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
| Hi-index | 0.00 |
Recently proposed capability mechanisms offer one part of the answer to the DDoS problem. They empower the victim to control the traffic it receives by selectively granting access to well-behaved clients via short-lived tickets. One major question still remains unanswered: how can victims distinguish between well-behaved and ill-behaved clients during the ticket-granting process. This paper offers one possible answer to this question, while also refining the basic capability mechanism. We propose the following novel features: (1) Reputation-based ticket-granting - long-term behavior of a client influences whether future tickets will be granted, (2) Fine-grained capabilities, which authorize access to the victim at a specified priority level based on a client's prior behavior, (3) Destination-based capabilities, granted by the defense located at the victim; this reduces operational cost, and breaks dependence of tickets on routes.