direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Page Content

Roger Karrer's Publications

Joint Application and Network Defense against DDoS Flooding Attacks in the Future Internet
Citation key KKH-ECIE-08
Author Karrer, Roger and Kühn, Ulrich and Hühn, Thomas
Title of Book Proceedings of the Second International Conference on Future Generation Communication and Networking (FGCN '08)
Pages 11–16
Year 2008
ISBN 978-0-7695-3431-2
DOI http://dx.doi.org/10.1109/FGCN.2008.168
Location Sanya, Hainan Island, China
Month December
Abstract The threat of Denial of Service flooding attacks in the Internet is rapidly increasing. Especially the use of techniques that allow attackers to hide their attack traffic raises concerns: attack distribution and rotation in botnets to obfuscate senders, low-rate bandwidth attacks, and attacks that mimic realistic patterns such as flash crowds. The defense against such attacks is limited due to a deadlock: the attacks must be stopped inside the network, but the network is unable to distinguish legitimate and unsolicited traffic. In contrast, end systems may distinguish legitimate users from bots, but are unable to stop the attacks inside the network. This paper advocates for a joint end system-network defense to address such attacks in the future. Edge-based Capabilities (EC) is a novel framework that combines end-to-end authentication with network-based control. Applications authenticate legitimate senders and issue capabilities to tag their packets, and the network filters out untagged packets. This paper describes the mechanisms that make EC a secure, efficient, and scalable solution. Moreover, we argue that EC is an attractive solution because it can be incrementally deployed and because it provides the right incentives to users, servers, and ISPs.
Download Bibtex entry

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe