DocumentCode
2132440
Title
Joint Application and Network Defense against DDoS Flooding Attacks in the Future Internet
Author
Karrer, Roger P. ; Kuehn, Ulrich ; Huehn, Thomas
Author_Institution
Deutsche Telekom Labs., Tech. Univ. Berlin, Berlin, Germany
Volume
1
fYear
2008
fDate
13-15 Dec. 2008
Firstpage
11
Lastpage
16
Abstract
The threat of denial of service flooding attacks in the Internet is rapidly increasing. Especially the use of techniques that allow attackers to hide their attack traffic raises concerns: attack distribution and rotation in botnets to obfuscate senders, low-rate bandwidth attacks, and attacks that mimic realistic patterns such as flash crowds. The defense against such attacks is limited due to a deadlock: the attacks must be stopped inside the network, but the network is unable to distinguish legitimate and unsolicited traffic. In contrast, end systems may distinguish legitimate users from bots, but are unable to stop the attacks inside the network. This paper advocates for a joint end system-network defense to address such attacks in the future. Edge-based capabilities (EC) is a novel framework that combines end-to-end authentication with network-based control. Applications authenticate legitimate senders and issue capabilities to tag their packets, and the network filters out untagged packets. This paper describes the mechanisms that make EC a secure, efficient, and scalable solution. Moreover, we argue that EC is an attractive solution because it can be incrementally deployed and because it provides the right incentives to users, servers, and ISPs.
Keywords
Internet; telecommunication security; telecommunication traffic; DDoS flooding attack; Internet; attack traffic; botnets; edge-based capabilities; end-to-end authentication; network defense; network filter; network-based control; Authentication; Bandwidth; Communication system traffic control; Computer crime; Filters; Floods; IP networks; System recovery; Telecommunication traffic; Web and internet services; DDos; Edgebased Capabilities;
fLanguage
English
Publisher
ieee
Conference_Titel
Future Generation Communication and Networking, 2008. FGCN '08. Second International Conference on
Conference_Location
Hainan Island
Print_ISBN
978-0-7695-3431-2
Type
conf
DOI
10.1109/FGCN.2008.168
Filename
4734048
Link To Document