Measuring bottleneck link speed in packet-switched networks
Performance Evaluation
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
End-to-end available bandwidth: measurement methodology, dynamics, and relation with TCP throughput
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Exploiting Routing Redundancy via Structured Peer-to-Peer Overlays
ICNP '03 Proceedings of the 11th IEEE International Conference on Network Protocols
Trading Resiliency for Security: Model and Algorithms
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
INFOCOM'96 Proceedings of the Fifteenth annual joint conference of the IEEE computer and communications societies conference on The conference on computer communications - Volume 2
Tapestry: a resilient global-scale overlay for service deployment
IEEE Journal on Selected Areas in Communications
IEEE Network: The Magazine of Global Internetworking
Adding resilience to message oriented middleware
Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
| Hi-index | 0.00 |
Denial of Service (DoS) attacks pose significant threats. For mission-critical applications such as disaster recovery and battlefield coordination, any disruption can entail serious consequences. Most of the prior work on countering DoS has taken an offensive approach in that they focus on detecting and blocking the attacks. Such approaches are always in a tight ''cat and mouse'' race with the attackers. Indeed, more sophisticated and finer-grained distributed DoS attacks may evade detection altogether. We believe a more defensive approach whose primary objective is to survive the attacks by sustaining reasonable performance to legitimate clients should be a key part of a repertoire of tools to counter DoS. In this paper, we present a survivable overlay network architecture called rewire that is purpose-built to resist DoS; it achieves this by dynamically ''adapting'' the overlay topology to maximize end-to-end connectivity between clients and end servers. The heart of rewire is a novel probing mechanism that is responsive to network state yet scalable. It yields high-performance paths as determined by application-level metrics. We evaluate rewire against recent overlay solutions to DoS, and show that rewire is able to achieve equivalent blocking probability (i.e., similar resistance to DoS attacks) in large network topologies (e.g., 100 overlay nodes over a physical network of 600 nodes) while reducing the probe overhead from the typical O(N) in other schemes to O(logN), where N is the number of overlay nodes.