{"title":"减少基于Bloom-filter转发的暴力攻击","authors":"B. Alzahrani, V. Vassilakis, M. Reed","doi":"10.1109/CFIC.2013.6566320","DOIUrl":null,"url":null,"abstract":"The in-packet Bloom filter forwarding mechanism is a source routing approach used in Information-centric networking (ICN). This mechanism is vulnerable to brute-force attacks that can be used for distributed denial-of-service (DDoS) attacks and unsolicited messages (spam). In this paper we analytically calculate the probability of brute-force attacks and determine the time required by the attacker to launch a successful attack. We find that using scenarios reported by other researchers this type of attacks is achievable in few seconds, which is unacceptable. The paper proposes a solution to mitigate the brute-force attacks by significantly increasing the time before a successful attack. Consequently, it is possible to change link identifiers before the attacker can adapt to the changes. We evaluate the proposed solution in terms of network security and scalability.","PeriodicalId":271890,"journal":{"name":"2013 Conference on Future Internet Communications (CFIC)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Mitigating brute-force attacks on Bloom-filter based forwarding\",\"authors\":\"B. Alzahrani, V. Vassilakis, M. Reed\",\"doi\":\"10.1109/CFIC.2013.6566320\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The in-packet Bloom filter forwarding mechanism is a source routing approach used in Information-centric networking (ICN). This mechanism is vulnerable to brute-force attacks that can be used for distributed denial-of-service (DDoS) attacks and unsolicited messages (spam). In this paper we analytically calculate the probability of brute-force attacks and determine the time required by the attacker to launch a successful attack. We find that using scenarios reported by other researchers this type of attacks is achievable in few seconds, which is unacceptable. The paper proposes a solution to mitigate the brute-force attacks by significantly increasing the time before a successful attack. Consequently, it is possible to change link identifiers before the attacker can adapt to the changes. We evaluate the proposed solution in terms of network security and scalability.\",\"PeriodicalId\":271890,\"journal\":{\"name\":\"2013 Conference on Future Internet Communications (CFIC)\",\"volume\":\"62 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-05-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 Conference on Future Internet Communications (CFIC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CFIC.2013.6566320\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Conference on Future Internet Communications (CFIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CFIC.2013.6566320","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Mitigating brute-force attacks on Bloom-filter based forwarding
The in-packet Bloom filter forwarding mechanism is a source routing approach used in Information-centric networking (ICN). This mechanism is vulnerable to brute-force attacks that can be used for distributed denial-of-service (DDoS) attacks and unsolicited messages (spam). In this paper we analytically calculate the probability of brute-force attacks and determine the time required by the attacker to launch a successful attack. We find that using scenarios reported by other researchers this type of attacks is achievable in few seconds, which is unacceptable. The paper proposes a solution to mitigate the brute-force attacks by significantly increasing the time before a successful attack. Consequently, it is possible to change link identifiers before the attacker can adapt to the changes. We evaluate the proposed solution in terms of network security and scalability.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
