Defending Network-Based Services Against Denial of Service Attacks

Author

Kurian, Jinu ; Sarac, Kamil ; Almeroth, Kevin

Author_Institution

Dept. of Comput. Sci., Univ. of Texas at Dallas, Dallas, TX

fYear

2006

fDate

9-11 Oct. 2006

Firstpage

17

Lastpage

22

Abstract

Over the last decade, several value-added services have been proposed for deployment in the Internet. IP multicast is an example of such a service. IP multicast is a stateful service in that it requires routers to maintain state for forwarding multicast data toward receivers. This characteristic makes the service and its users vulnerable to denial-of-service (DoS) attacks. One type of attack aims to saturate the available buffer space for storing state information at the routers. A successful attack can prevent end systems from properly joining multicast groups. In this paper, we present a solution to state overload attacks; evaluate the overhead of the solution through a combination of simulation and implementation; and outline an incremental deployment strategy for its partial deployment. The evaluation results indicate that our solution improves the resistance of IP multicast to state overload attacks.

Keywords

IP networks; Internet; buffer storage; multicast protocols; telecommunication network routing; telecommunication security; DoS; IP multicast communication; Internet; PIM; buffer space; denial-of-service attack; forwarding multicast data routing; incremental deployment strategy; protocol independent multicast; state overload attack; Availability; Computer crime; Computer science; Information security; Internet; Multicast communication; Multicast protocols; Quality of service; Spine; TV;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Communications and Networks, 2006. ICCCN 2006. Proceedings.15th International Conference on

Conference_Location

Arlington, VA

ISSN

1095-2055

Print_ISBN

1-4244-0572-6

Type

conf

DOI

10.1109/ICCCN.2006.286239

Filename

4067619