On power-law relationships of the Internet topology
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
SYN-dog: Sniffing SYN Flooding Sources
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Solving the Ingress Filtering Issue in an IPv6 Multihomed Home Network
ICN '10 Proceedings of the 2010 Ninth International Conference on Networks
Comparative Evaluation of Spoofing Defenses
IEEE Transactions on Dependable and Secure Computing
Traceback of DDoS Attacks Using Entropy Variations
IEEE Transactions on Parallel and Distributed Systems
StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense
IEEE Journal on Selected Areas in Communications
Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics
IEEE Transactions on Information Forensics and Security
Hi-index | 0.00 |
The research community has proposed numerous network security solutions, each dealing with a specific problem such as address spoofing, denial-of-service attacks, denial-of-quality attacks, reflection attacks, viruses, or worms. However, due to the lack of fundamental support from the Internet, individual solutions often share little common ground in their design, which causes a practical problem: deploying all these vastly different solutions will add exceedingly high complexity to the Internet routers. In this paper, we propose a simple generic extension to the Internet, providing a new type of information, called path addresses, that simplify the design of security systems for packet filtering, fair resource allocation, packet classification, IP traceback, filter push-back, etc. IP addresses are owned by end hosts; path addresses are owned by the network core, which is beyond the reach of the hosts. We describe how to enhance the Internet protocols for path addresses that meet the uniqueness requirement, completeness requirement, safety requirement, and incrementally deployable requirement. We evaluate the performance of our scheme both analytically and by simulations, which show that, at small overhead, the false positive ratio and the false negative ratio can both be made negligibly small.