{"title":"一种针对恶意流量稳健监管的双水平防御设计","authors":"Ying Xu, R. Guérin","doi":"10.1109/SECCOMW.2006.359585","DOIUrl":null,"url":null,"abstract":"Deploying defense mechanisms in routers holds promises for protecting infrastructure resources such as link bandwidth or router buffers against network denial-of-service (DoS) attacks. However, in spite of their efficacy against brute-force flooding attacks, existing router-based defenses often perform poorly when confronted to more sophisticated attack strategies. This paper presents the design and evaluation of a system aimed at identifying and containing a broad range of malicious traffic patterns. Its main feature is a double time horizon architecture, designed for effective regulation of attacking traffic at both short and long time scales. The short horizon component responds quickly to transient traffic surges that deviate significantly from regular (TCP) traffic, i.e., attackers that generate sporadic short bursts. Conversely, the long horizon mechanism enforces strict conformance with normal TCP behavior, but does so by considering traffic over longer time periods, and is therefore aimed at attackers that attempt to capture a significant amount of link bandwidth. The performance of the proposed system was tested extensively. Our findings suggest that the implementation cost of the system is reasonable, and that it is indeed efficient against various types of attacks while remaining transparent to normal TCP users","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A Double Horizon Defense Design for Robust Regulation of Malicious Traffic\",\"authors\":\"Ying Xu, R. Guérin\",\"doi\":\"10.1109/SECCOMW.2006.359585\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deploying defense mechanisms in routers holds promises for protecting infrastructure resources such as link bandwidth or router buffers against network denial-of-service (DoS) attacks. However, in spite of their efficacy against brute-force flooding attacks, existing router-based defenses often perform poorly when confronted to more sophisticated attack strategies. This paper presents the design and evaluation of a system aimed at identifying and containing a broad range of malicious traffic patterns. Its main feature is a double time horizon architecture, designed for effective regulation of attacking traffic at both short and long time scales. The short horizon component responds quickly to transient traffic surges that deviate significantly from regular (TCP) traffic, i.e., attackers that generate sporadic short bursts. Conversely, the long horizon mechanism enforces strict conformance with normal TCP behavior, but does so by considering traffic over longer time periods, and is therefore aimed at attackers that attempt to capture a significant amount of link bandwidth. The performance of the proposed system was tested extensively. Our findings suggest that the implementation cost of the system is reasonable, and that it is indeed efficient against various types of attacks while remaining transparent to normal TCP users\",\"PeriodicalId\":156828,\"journal\":{\"name\":\"2006 Securecomm and Workshops\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 Securecomm and Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECCOMW.2006.359585\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 Securecomm and Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECCOMW.2006.359585","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Double Horizon Defense Design for Robust Regulation of Malicious Traffic
Deploying defense mechanisms in routers holds promises for protecting infrastructure resources such as link bandwidth or router buffers against network denial-of-service (DoS) attacks. However, in spite of their efficacy against brute-force flooding attacks, existing router-based defenses often perform poorly when confronted to more sophisticated attack strategies. This paper presents the design and evaluation of a system aimed at identifying and containing a broad range of malicious traffic patterns. Its main feature is a double time horizon architecture, designed for effective regulation of attacking traffic at both short and long time scales. The short horizon component responds quickly to transient traffic surges that deviate significantly from regular (TCP) traffic, i.e., attackers that generate sporadic short bursts. Conversely, the long horizon mechanism enforces strict conformance with normal TCP behavior, but does so by considering traffic over longer time periods, and is therefore aimed at attackers that attempt to capture a significant amount of link bandwidth. The performance of the proposed system was tested extensively. Our findings suggest that the implementation cost of the system is reasonable, and that it is indeed efficient against various types of attacks while remaining transparent to normal TCP users
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
