DDoS解决方案的权衡

Min Fan, Zhang Jun-yan, Li Wan-pei, Yang Guo-wei
{"title":"DDoS解决方案的权衡","authors":"Min Fan, Zhang Jun-yan, Li Wan-pei, Yang Guo-wei","doi":"10.1109/PDCAT.2003.1236287","DOIUrl":null,"url":null,"abstract":"Distributed denial of service (DDoS) has become a serious threat to the Internet. Many schemes against DDoS attacks have been proposed, including ingress/egress filtering, IP traceback, authentication, and so on. We focus on tradeoffs of DDoS solutions. Three tradeoffs are considered, the first one is space, complexity, efficiency and robustness tradeoffs of these packet marking schemes; the second one is marking probability of node sampling scheme, the third one is timeout period of server for three-hand-shaking. Two schemes are suggested, one is combining node append scheme with node sampling scheme, the other is setting SYN timeout dynamically. Proper tradeoffs can be made using these schemes.","PeriodicalId":145111,"journal":{"name":"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies","volume":"271 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Tradeoffs of DDoS solutions\",\"authors\":\"Min Fan, Zhang Jun-yan, Li Wan-pei, Yang Guo-wei\",\"doi\":\"10.1109/PDCAT.2003.1236287\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed denial of service (DDoS) has become a serious threat to the Internet. Many schemes against DDoS attacks have been proposed, including ingress/egress filtering, IP traceback, authentication, and so on. We focus on tradeoffs of DDoS solutions. Three tradeoffs are considered, the first one is space, complexity, efficiency and robustness tradeoffs of these packet marking schemes; the second one is marking probability of node sampling scheme, the third one is timeout period of server for three-hand-shaking. Two schemes are suggested, one is combining node append scheme with node sampling scheme, the other is setting SYN timeout dynamically. Proper tradeoffs can be made using these schemes.\",\"PeriodicalId\":145111,\"journal\":{\"name\":\"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies\",\"volume\":\"271 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-10-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PDCAT.2003.1236287\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDCAT.2003.1236287","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

摘要

分布式拒绝服务(DDoS)已成为互联网面临的严重威胁。针对DDoS攻击的防御方案有很多,包括入口/出口过滤、IP回溯、身份验证等。我们专注于DDoS解决方案的权衡。本文考虑了三个方面的权衡,首先是这些包标记方案在空间、复杂性、效率和鲁棒性方面的权衡;二是节点采样方案的标记概率,三是服务器三手握手的超时时间。提出了两种方案,一种是节点追加和节点采样相结合的方案,另一种是动态设置SYN超时。可以使用这些方案进行适当的权衡。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Tradeoffs of DDoS solutions
Distributed denial of service (DDoS) has become a serious threat to the Internet. Many schemes against DDoS attacks have been proposed, including ingress/egress filtering, IP traceback, authentication, and so on. We focus on tradeoffs of DDoS solutions. Three tradeoffs are considered, the first one is space, complexity, efficiency and robustness tradeoffs of these packet marking schemes; the second one is marking probability of node sampling scheme, the third one is timeout period of server for three-hand-shaking. Two schemes are suggested, one is combining node append scheme with node sampling scheme, the other is setting SYN timeout dynamically. Proper tradeoffs can be made using these schemes.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信