Off-the-wall: Lightweight Distributed Filtering to Mitigate Distributed Denial of Service Attacks
Paper in proceeding, 2012
Distributed Denial of Service (DDoS) attacks are hard to
deal with, due to the fact that it is difficult to distinguish legitimate
traffic from malicious traffic, especially since the latter is from
distributed sources. To accurately filter malicious traffic one needs
(strong but costly) packet authentication primitives which increase the
design complexity and typically affect throughput. It is a challenge
to keep a balance between throughput and security/protection of the
network core and end resources. In this paper, we propose SIEVE,
a lightweight distributed filtering protocol/method. Depending on the
attacker’s ability, SIEVE can provide a standalone filter for moderate
adversary models and a complementary filter which can enhance
the performance of strong and more complex methods for stronger
adversary models.
Message Authentication
Randomness
DDoS
Security
Overlay
Author
Zhang Fu
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Marina Papatriantafilou
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Proceedings of the IEEE Symposium on Reliable Distributed Systems
10609857 (ISSN)
Article number 6424855 207-212978-0-7695-4784-8 (ISBN)
Areas of Advance
Information and Communication Technology
Subject Categories
Communication Systems
Computer Systems
DOI
10.1109/SRDS.2012.45
ISBN
978-0-7695-4784-8