Router plugins: a software architecture for next-generation routers
IEEE/ACM Transactions on Networking (TON)
ACM Transactions on Computer Systems (TOCS)
PromethOS: A Dynamically Extensible Router Architecture Supporting Explicit Routing
IWAN '02 Proceedings of the IFIP-TC6 4th International Working Conference on Active Networks
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
FIDRAN: A Flexible Intrusion Detection and Response Framework for Active Networks
ISCC '03 Proceedings of the Eighth IEEE International Symposium on Computers and Communications
Access for sale: a new class of worm
Proceedings of the 2003 ACM workshop on Rapid malcode
Experiences with worm propagation simulations
Proceedings of the 2003 ACM workshop on Rapid malcode
ICPS '04 Proceedings of the The IEEE/ACS International Conference on Pervasive Services
An Economic Damage Model for Large-Scale Internet Attacks
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Splits stream handlers: deploying application-level services to attached network processors
Splits stream handlers: deploying application-level services to attached network processors
The SwitchWare active network architecture
IEEE Network: The Magazine of Global Internetworking
An extensible and flexible system for network anomaly detection
AN'06 Proceedings of the First IFIP TC6 international conference on Autonomic Networking
Hi-index | 0.00 |
Distributed denial of service (DDoS) attacks in the Internet pose huge problems on nowadays communication infrastructure. Attacks either destroy information or impede access to a service. Since the significance of the Internet to business and economy is growing rapidly, efficient protection mechanisms are urgently required to protect hosts from being infected and, more important, sites from being attacked. Detection of DDoS attacks requires deep packet inspection at link speed, and context-dependent packet handling for countermeasures. This functionality is not achievable with nowadays commercial high-performance routers. In this paper, we therefore present our problem space exploration of DDoS attacks and propose a flexible service architecture for detection and filter mechanisms to counteract DDoS attacks. To achieve the performance required for backbone routers together with the flexibility needed for services counteracting DDoS attacks, we base the proposal on our PromethOS NP router platform that manages and controls hierarchical network nodes built of network and host processors.