Analysis of the increase and decrease algorithms for congestion avoidance in computer networks
Computer Networks and ISDN Systems
Random early detection gateways for congestion avoidance
IEEE/ACM Transactions on Networking (TON)
Efficient fair queueing using deficit round robin
SIGCOMM '95 Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
The macroscopic behavior of the TCP congestion avoidance algorithm
ACM SIGCOMM Computer Communication Review
ACM Transactions on Computer Systems (TOCS)
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
IEEE/ACM Transactions on Networking (TON)
Towards an accurate AS-level traceroute tool
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Policing congestion response in an internetwork using re-feedback
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Countering DoS attacks with stateless multipath overlays
Proceedings of the 12th ACM conference on Computer and communications security
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Realistic internet traffic simulation through mixture modeling and a case study
WSC '05 Proceedings of the 37th conference on Winter simulation
Designing extensible IP router software
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Phalanx: withstanding multimillion-node botnets
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
To filter or to authorize: network-layer DoS defense against multimillion-node botnets
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Accountable internet protocol (aip)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
dfence: transparent network-based denial of service mitigation
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
New directions in communications (or which way to the information age?)
IEEE Communications Magazine - Part Anniversary
Bootstrapping accountability in the internet we have
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Efficient defence against misbehaving TCP receiver DoS attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automatic control method of DDoS defense policy through the monitoring of system resource
AICT'11 Proceedings of the 2nd international conference on Applied informatics and computing theory
How well can congestion pricing neutralize denial of service attacks?
Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Architecting for edge diversity: supporting rich services over an unbundled transport
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Endpoint mitigation of DDoS attacks based on dynamic thresholding
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
STRIDE: sanctuary trail -- refuge from internet DDoS entrapment
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Hi-index | 0.00 |
Denial of Service (DoS) attacks frequently happen on the Internet, paralyzing Internet services and causing millions of dollars of financial loss. This work presents NetFence, a scalable DoS-resistant network architecture. NetFence uses a novel mechanism, secure congestion policing feedback, to enable robust congestion policing inside the network. Bottleneck routers update the feedback in packet headers to signal congestion, and access routers use it to police senders' traffic. Targeted DoS victims can use the secure congestion policing feedback as capability tokens to suppress unwanted traffic. When compromised senders and receivers organize into pairs to congest a network link, NetFence provably guarantees a legitimate sender its fair share of network resources without keeping per-host state at the congested link. We use a Linux implementation, ns-2 simulations, and theoretical analysis to show that NetFence is an effective and scalable DoS solution: it reduces the amount of state maintained by a congested router from per-host to at most per-(Autonomous System).