{"title":"CoFence:利用网络功能虚拟化的协同DDoS防御","authors":"Bahman Rashidi, Carol J. Fung","doi":"10.1109/CNSM.2016.7818412","DOIUrl":null,"url":null,"abstract":"With the exponential growth of the Internet use, the impact of cyber attacks are growing rapidly. Distributed Denial of Service (DDoS) attacks are the most common but damaging type of cyber attacks. Among them SYN Flood attack is the most common type. Existing DDoS defense strategies are encountering obstacles due to their high cost and low flexibility. The emerging of Network Function Virtualization (NFV) technology introduces new opportunities for low-cost and flexible DDoS defense solutions. In this work, we propose CoFence — a DDoS defense mechanism which facilitates a collaboration framework among NFV-based peer domain networks. CoFence allows domain networks help each others handle large volumes of DDoS attacks through resource sharing. Specifically, we focus on the resource allocation problem in the collaboration framework. Through CoFence a domain network decides the amount of resource to share with other peers based on a reciprocal-based utility function. Our simulation results demonstrate the designed resource allocation system is effective, incentive compatible, fair, and reciprocal.","PeriodicalId":334604,"journal":{"name":"2016 12th International Conference on Network and Service Management (CNSM)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":"{\"title\":\"CoFence: A collaborative DDoS defence using network function virtualization\",\"authors\":\"Bahman Rashidi, Carol J. Fung\",\"doi\":\"10.1109/CNSM.2016.7818412\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the exponential growth of the Internet use, the impact of cyber attacks are growing rapidly. Distributed Denial of Service (DDoS) attacks are the most common but damaging type of cyber attacks. Among them SYN Flood attack is the most common type. Existing DDoS defense strategies are encountering obstacles due to their high cost and low flexibility. The emerging of Network Function Virtualization (NFV) technology introduces new opportunities for low-cost and flexible DDoS defense solutions. In this work, we propose CoFence — a DDoS defense mechanism which facilitates a collaboration framework among NFV-based peer domain networks. CoFence allows domain networks help each others handle large volumes of DDoS attacks through resource sharing. Specifically, we focus on the resource allocation problem in the collaboration framework. Through CoFence a domain network decides the amount of resource to share with other peers based on a reciprocal-based utility function. Our simulation results demonstrate the designed resource allocation system is effective, incentive compatible, fair, and reciprocal.\",\"PeriodicalId\":334604,\"journal\":{\"name\":\"2016 12th International Conference on Network and Service Management (CNSM)\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"34\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 12th International Conference on Network and Service Management (CNSM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CNSM.2016.7818412\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 12th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CNSM.2016.7818412","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
CoFence: A collaborative DDoS defence using network function virtualization
With the exponential growth of the Internet use, the impact of cyber attacks are growing rapidly. Distributed Denial of Service (DDoS) attacks are the most common but damaging type of cyber attacks. Among them SYN Flood attack is the most common type. Existing DDoS defense strategies are encountering obstacles due to their high cost and low flexibility. The emerging of Network Function Virtualization (NFV) technology introduces new opportunities for low-cost and flexible DDoS defense solutions. In this work, we propose CoFence — a DDoS defense mechanism which facilitates a collaboration framework among NFV-based peer domain networks. CoFence allows domain networks help each others handle large volumes of DDoS attacks through resource sharing. Specifically, we focus on the resource allocation problem in the collaboration framework. Through CoFence a domain network decides the amount of resource to share with other peers based on a reciprocal-based utility function. Our simulation results demonstrate the designed resource allocation system is effective, incentive compatible, fair, and reciprocal.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
