Securecast: Multicast Based Protection Against Denial of Service Attacks
نویسنده
چکیده
In this paper, we introduce a proactive mechanism to protect Internet hosts against network based denial of service (DoS) attacks. We give Internet hosts an ability to explicitly control who to communicate with and therefore avoid potential DoS attacks coming from the others over the Internet. Our approach depends on the availability of the Source Specific Multicast (SSM) service in the Internet. The key characteristics of the SSM service that we exploit for our purpose are (1) in SSM, only the source can send to an SSM group, (2) packet delivery to a receiver depends on the receiver’s joining the SSM group, and (3) reverse path forwarding rule protects the communication against IP address spoofing attacks. We call our approach securecast. First, we present two slightly different operation modes for securecast: DoS protection and DoS prevention. Then, we discuss the issues that affect the successful deployment of securecast. These include multicast forwarding state scalability and data confidentiality. Finally, we evaluate securecast by comparing it to alternative approaches based on their performance and operational overhead.
منابع مشابه
Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملHF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملControlled Multicast Framework
The IP multicast has not been widely used by current internet service operators, and part of this relates to the nature of multicast, which is designed to allow any host to receive or send multicast traffic to the network. Internet service operators do not want to risk their network operation without sufficient control of the multicast sources and receivers and protection against the Denial of ...
متن کاملIGMPv3-Based Method for Avoiding DoS Attacks in Multicast-Enabled Networks
IP Multicast has proven to be very good for many-tomany multimedia communications like audio and videoconferencing. However, there are only few Internet Service Providers (ISPs) offering it as a true Internet service. Nowadays, IP Multicast has various issues that are not solved yet and that are making ISPs to think twice before offering IP Multicast to their customers. Some of these issues are...
متن کاملOn the Security of In-Packet Bloom-Filter Forwarding
Multicast protocols traditionally require that routers store information about the delivery trees. Recently, source-routed in-packet Bloom-filter (iBF) based multicast has been proposed as a remedy to this: instead of storing state in the network, the delivery tree is encoded in the packet itself using a Bloom filter. The packets are then forwarded based on the in-packet information instead of ...
متن کامل