Mitigating Denial of Capability with An Notification Mechanism

机译：通过通知机制减轻拒绝能力

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Denial-of-Service (DoS) attacks is a major threat to Internet security. Among numerous defense techniques, recently architecture-level capabilities scheme is a promising one. As a typical and comprehensive capabilities scheme, Traffic Validation Architecture (TVA) tries to limit DoS attacks essentially and completely. Yet its effectiveness suffers from a new kind of DoS attacks, Denial-of-Capability (DoC), which takes place in the connection-setup step when clients send requests for capabilities. To overcome the DoC attacks, potential attack characteristics are analyzed in detail. And a notification-based mechanism is proposed to mitigate DoC attacks and enhance the robustness of TVA. A capability-enabled router should send a reverse notification with a special and unforgeable source identifier to the source when it has to drop a request packet under DoC attacks. Then an enhanced request packet including the source identifier is returned by the source and verified by the router. The enhanced request packet with higher secure level is processed in enhanced channels instead of unprivileged channels. Moreover enhanced requests are fair-queued based on per-source instead of per-Pi in TVA. Theoretical analysis and simulation results show that the notification mechanism can suppress DoC attacks effectively and make the capabilities architecture more robust and practical.

机译：拒绝服务（DOS）攻击是对互联网安全的主要威胁。在众多防御技术中，最近的建筑级功能方案是有希望的。作为典型和综合的能力方案，流量验证架构（TVA）试图基本上完全限制DOS攻击。然而，当客户端发送能力请求时，它的有效性遭受了新的DOS攻击，拒绝能力（DOC），它在连接设置步骤中进行。为了克服DOC攻击，详细分析潜在的攻击特征。并提出了一种基于通知的机制来缓解DOC攻击并增强TVA的鲁棒性。启用能力的路由器应在源在DOC攻击下删除请求数据包时向源发送反向通知。然后由源返回包括源标识符的增强请求包，并由路由器验证。具有更高安全级别的增强型请求数据包在增强频道而不是未特权的信道中处理。此外，增强的请求是基于每次来源而不是TVA中的每PI的公平排队。理论分析和仿真结果表明，通知机制有效地抑制了DOC攻击，使能力架构更加强大，实用。

著录项

来源
《International Conference on Networking, Architecture, and Storage》|2008年||共8页
会议地点
作者
Guang Jin; Jiangang Yang; Wei Wei; Yabo Dong;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP393-53;
关键词

相似文献

外文文献
中文文献
专利

1. LIVING IN DENIAL - A COMPARISON OF DISTRIBUTED DENIAL OF SERVICE MITIGATION METHODS [J] . Elizabeth Unrein, Delaney L.S. Fish, Joshua Boeker, Issues in Information Systems . 2012,第1期

机译：生活在拒绝中-分布式拒绝服务缓解方法的比较
2. Design and Development of Proactive Models for Mitigating Denial-of-Service and Distributed Denial-of-Service Attacks [J] . Nagesh H.R, K. Chandra Sekaran International journal of computer science and network security . 2007,第7期

机译：缓解拒绝服务和分布式拒绝服务攻击的主动模型的设计和开发
3. Outperforming hummingbirds?￠???? load-lifting capability with a lightweight hummingbird-like flapping-wing mechanism Outperforming hummingbirds?￠???? load-lifting capability with a lightweight hummingbird-like flapping-wing mechanism Outperforming hummingbirds?￠???? load-lifting capability with a lightweight hummingbird-like flapping-wing mechanism [J] . Dominiek Reynaerts, Frederik Leys, Dirk Vandepitte Biology Open . 2016,第8期

机译：优于蜂鸟？像蜂鸟一样轻巧的拍打翼机构的起重能力优于蜂鸟？像蜂鸟一样轻巧的拍打翼机构的起重能力优于蜂鸟？具有轻型蜂鸟拍打翼机构的起重能力
4. Mitigating Denial of Capability with An Notification Mechanism [C] . Guang Jin, Jiangang Yang, Wei Wei, International Conference on Networking, Architecture, and Storage . 2008

机译：通过通知机制减轻拒绝能力
5. Mitigation of Denial of Service Attacks in Software Defined Network =MITIGATION OF DENIAL OF SERVICE ATTACKS IN SOFTWARE DEFINED NETWORK [D] . Dridi, Lobna. 2017

机译：软件定义网络中的拒绝服务攻击的缓解=软件定义网络中的拒绝服务攻击的缓解
6. Weight-of-Evidence Strategies to Mitigate the Influence of Messages of Science Denialism in Public Discussions [O] . Philipp Schmid, Marius Schwarzer, Cornelia Betsch 2020

机译：减肥战略以减轻科学否认信息在公开讨论中的影响
7. Securing an Internet of Things from Distributed Denial of Service and Mirai Botnet Attacks Using a Novel Hybrid Detection and Mitigation Mechanism [O] . M Karthik, M Krishnan 2021

机译：使用新型混合检测和缓解机制来保护分布式拒绝服务和Mirai僵尸网络攻击的事物互联网

Mitigating Denial of Capability with An Notification Mechanism

摘要

著录项

相似文献

相关主题

期刊订阅