{"title":"在使用活动NIC门户的负载攻击下保持有用的服务器吞吐量","authors":"O. Demir, K. Ghose","doi":"10.1109/GLOCOM.2004.1378389","DOIUrl":null,"url":null,"abstract":"The paper presents a solution to denial-of-service (DoS) attacks on servers where. the server resources are saturated by repeated request for execution of scripts or download requests for large files. Existing solutions for coping with DoS attacks, which are primarily based on limiting the traffic rates, are incapable of providing any protection against load attacks, as these attacks do not manifest themselves as heavy bursts of traffic. We present an intelligent gateway based solution for maintaining the useful throughput of the servers under load attacks that uses specific information from the servers to perform dynamic load balancing and dynamic packet filtering. The intelligent gateway is implemented using a dual-ported active network card (NIC). Clients are classified according to their request history, and rate limits are imposed at the gateway for each class according to the level and duration of the attack. Results for a prototype implementation indicate our solution to be an effective deterrent against load attacks.","PeriodicalId":162046,"journal":{"name":"IEEE Global Telecommunications Conference, 2004. GLOBECOM '04.","volume":"85 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Maintaining useful server throughput under load attacks using active NIC portals\",\"authors\":\"O. Demir, K. Ghose\",\"doi\":\"10.1109/GLOCOM.2004.1378389\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The paper presents a solution to denial-of-service (DoS) attacks on servers where. the server resources are saturated by repeated request for execution of scripts or download requests for large files. Existing solutions for coping with DoS attacks, which are primarily based on limiting the traffic rates, are incapable of providing any protection against load attacks, as these attacks do not manifest themselves as heavy bursts of traffic. We present an intelligent gateway based solution for maintaining the useful throughput of the servers under load attacks that uses specific information from the servers to perform dynamic load balancing and dynamic packet filtering. The intelligent gateway is implemented using a dual-ported active network card (NIC). Clients are classified according to their request history, and rate limits are imposed at the gateway for each class according to the level and duration of the attack. Results for a prototype implementation indicate our solution to be an effective deterrent against load attacks.\",\"PeriodicalId\":162046,\"journal\":{\"name\":\"IEEE Global Telecommunications Conference, 2004. GLOBECOM '04.\",\"volume\":\"85 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-11-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Global Telecommunications Conference, 2004. GLOBECOM '04.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/GLOCOM.2004.1378389\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Global Telecommunications Conference, 2004. GLOBECOM '04.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GLOCOM.2004.1378389","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Maintaining useful server throughput under load attacks using active NIC portals
The paper presents a solution to denial-of-service (DoS) attacks on servers where. the server resources are saturated by repeated request for execution of scripts or download requests for large files. Existing solutions for coping with DoS attacks, which are primarily based on limiting the traffic rates, are incapable of providing any protection against load attacks, as these attacks do not manifest themselves as heavy bursts of traffic. We present an intelligent gateway based solution for maintaining the useful throughput of the servers under load attacks that uses specific information from the servers to perform dynamic load balancing and dynamic packet filtering. The intelligent gateway is implemented using a dual-ported active network card (NIC). Clients are classified according to their request history, and rate limits are imposed at the gateway for each class according to the level and duration of the attack. Results for a prototype implementation indicate our solution to be an effective deterrent against load attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
