Analysis and simulation of a fair queueing algorithm
SIGCOMM '89 Symposium proceedings on Communications architectures & protocols
Virtual clock: a new traffic control algorithm for packet switching networks
SIGCOMM '90 Proceedings of the ACM symposium on Communications architectures & protocols
Promoting the use of end-to-end congestion control in the Internet
IEEE/ACM Transactions on Networking (TON)
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
IEEE/ACM Transactions on Networking (TON)
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
The spoofer project: inferring the extent of source address filtering on the internet
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
AS-based accountability as a cost-effective DDoS defense
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
To filter or to authorize: network-layer DoS defense against multimillion-node botnets
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
A local mean field analysis of security investments in networks
Proceedings of the 3rd international workshop on Economics of networked systems
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
We propose an tiered incentive system called Integrity-Based Queuing (IBQ) for protection against Internet Distributed Denial-of-Service (DDoS) attacks. Our proposal can be implemented step-by-step where each integrity improvement brings a direct benefit to the autonomous system making it. IBQ proposes preferential queuing based on integrity: good, bad and middle. Since implementation can rarely be complete or network-wide we provide incremental benefit by prioritizing service for domains with better integrity. We have provided a basic analysis to relate performance to measurable integrity of the client. We have designed the architecture for authentication, queuing and defense. We have tested IBQ for applications with real-time requirements and show how performance improves with higher assurance.