Defending Against DDoS Attacks in Bloom Filter based Multicasting
نویسندگان
چکیده
Bloom filter (BF) based forwarding is an effective approach to implement scalable multicasting in distributed systems. The forwarding BF carried by each packet can encode either multicast tree or destination IP addresses, which are termed as tree oriented approach (TOA) and destination oriented approach (DOA), respectively. Recent studies have indicated that TOA based protocols have serious vulnerabilities under some distributed denial-of-service (DDoS) attacks, and raised doubt about deployability of BF based multicasting. However, security analysis for DOA based protocols is still unavailable. In this paper, we present a systematic analysis of security performance of BF based multicasting. Important DDoS attacks and the corresponding defending mechanisms are studied in the context of DOA. We have positive findings that DOA, with convenient enhancement, has a robust performance in resisting a variety of DDoS attacks that can deny service of TOA based protocols. Moreover, we reveal that TOA based protocols are prone to flow duplication attack when applied in the data center network (DCN). We propose a dynamic-sized BF mechanism to defend against flow duplication attack for TOA based protocols in the DCN. Simulation results are presented to validate our theoretical analysis.
منابع مشابه
A Lightweight Cooperative Detection Framework of Ddos/dos Attacks Based on Counting Bloom Filter
Detection and traceback of distributed denial of service (DDoS/DoS) attacks have become a challenge for network security. In this paper, we propose a lightweight cooperative detection framework (CCBFF) based on counting bloom filter to detect and trace DDoS/DoS attack online. The CCBFF contains 2 counting bloom filters CBF1 and CBF2. The CBF1 distinguishes different network connection topology ...
متن کاملDefending Against Distributed Denial of Service Attacks Using Selective Pushback
In this paper, we introduce a router-based system to defend against Distributed Denial of Service (DDoS) attacks. DDoS attacks are treated as a congestioncontrol problem. The main issue is to identify the congestion and then pushback a packet filter to the router closest to the source that causes congestion. Unlike previous approaches, we propose an anomaly detection scheme using source informa...
متن کاملDefending Wireless Infrastructure Against the Challenge of DDoS Attacks
This paper addresses possible Distributed Denial-of-Service (DDoS) attacks toward the wireless Internet including the Wireless Extended Internet, the Wireless Portal Network, and the Wireless Ad Hoc network. We propose a conceptual model for defending against DDoS attacks on the wireless Internet, which incorporates both cooperative technological solutions and economic incentive mechanisms buil...
متن کاملDefending Wireless Infrastructure Against the Challenge of DDoS
This paper addresses possible Distributed Denial-of-Service (DDoS) attacks toward the wireless Internet including the Wireless Extended Internet, the Wireless Portal Network, and the Wireless Ad Hoc network. We propose a conceptual model for defending against DDoS attacks on the wireless Internet, which incorporates both cooperative technological solutions and economic incentive mechanisms buil...
متن کاملProtection from distributed denial of service attacks using history-based IP filtering
In this paper, we introduce a practical scheme to defend against Distributed Denial of Service (DDoS) attacks based on IP source address filtering. The edge router keeps a history of all the legitimate IP addresses which have previously appeared in the network. When the edge router is overloaded, this history is used to decide whether to admit an incoming IP packet. Unlike other proposals to de...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1504.04948 شماره
صفحات -
تاریخ انتشار 2015