Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Scalable packet classification
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Packet Classification Using Extended TCAMs
ICNP '03 Proceedings of the 11th IEEE International Conference on Network Protocols
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
CoPTUA: Consistent Policy Table Update Algorithm for TCAM without Locking
IEEE Transactions on Computers
Algorithms for advanced packet classification with ternary CAMs
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Defense against low-rate TCP-targeted denial-of-service attacks
ISCC '04 Proceedings of the Ninth International Symposium on Computers and Communications 2004 Volume 2 (ISCC"04) - Volume 02
A TCAM-based distributed parallel IP lookup scheme and performance analysis
IEEE/ACM Transactions on Networking (TON)
DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors
IEEE Transactions on Computers
Fast and scalable packet classification
IEEE Journal on Selected Areas in Communications
Dynamic entropy based DoS attack detection method
Computers and Electrical Engineering
| Hi-index | 0.24 |
The survivability of the future Internet is largely dependent on whether it will be able to successfully address both security and performance issues facing the Internet. On one hand, the Internet becomes more and more vulnerable due to fast spreading malicious attacks. On the other hand, it is under great stress to meet ever growing/changing application demands while having to sustain multi-gigabit forwarding performance. In this paper, we propose a Ternary Content Addressable Memory (TCAM) coprocessor based solution for high speed, integrated TCP flow anomaly detection and policy filtering. The attacking packets with spoofed source IP addresses are detected through two-dimensional (2D) matching. The key features of the solution are: (1) setting flag bits in TCAM action code to support various packet treatments; (2) managing TCP flow state in pair to do 2D matching. We evaluate the solution's ability to detect TCP-based flooding attacks based on real-world-trace simulations. The results show that the proposed solution can match up OC-192 line rate. The possible modifications of the solution for the detection of low rate TCP-targeted attacks are also discussed.