direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

Es gibt keine deutsche Übersetzung dieser Webseite.

Roger Karrer's Publications

Joint Application and Network Defense against DDoS Flooding Attacks in the Future Internet
Zitatschlüssel KKH-ECIE-08
Autor Karrer, Roger and Kühn, Ulrich and Hühn, Thomas
Buchtitel Proceedings of the Second International Conference on Future Generation Communication and Networking (FGCN '08)
Seiten 11–16
Jahr 2008
ISBN 978-0-7695-3431-2
DOI http://dx.doi.org/10.1109/FGCN.2008.168
Ort Sanya, Hainan Island, China
Monat December
Zusammenfassung The threat of Denial of Service flooding attacks in the Internet is rapidly increasing. Especially the use of techniques that allow attackers to hide their attack traffic raises concerns: attack distribution and rotation in botnets to obfuscate senders, low-rate bandwidth attacks, and attacks that mimic realistic patterns such as flash crowds. The defense against such attacks is limited due to a deadlock: the attacks must be stopped inside the network, but the network is unable to distinguish legitimate and unsolicited traffic. In contrast, end systems may distinguish legitimate users from bots, but are unable to stop the attacks inside the network. This paper advocates for a joint end system-network defense to address such attacks in the future. Edge-based Capabilities (EC) is a novel framework that combines end-to-end authentication with network-based control. Applications authenticate legitimate senders and issue capabilities to tag their packets, and the network filters out untagged packets. This paper describes the mechanisms that make EC a secure, efficient, and scalable solution. Moreover, we argue that EC is an attractive solution because it can be incrementally deployed and because it provides the right incentives to users, servers, and ISPs.
Download Bibtex Eintrag

Zusatzinformationen / Extras


Schnellnavigation zur Seite über Nummerneingabe