Mitigating Denial of Capability with An Notification Mechanism

机译：借助通知机制缓解拒绝能力

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Denial-of-service (DoS) attacks is a major threat to Internet security. Among numerous defense techniques, recently architecture-level capabilities scheme is a promising one. As a typical and comprehensive capabilities scheme, traffic validation architecture (TVA) tries to limit DoS attacks essentially and completely. Yet its effectiveness suffers from a new kind of DoS attacks, denial-of-capability (DoC), which takes place in the connection-setup step when clients send requests for capabilities. To overcome the DoC attacks, potential attack characteristics are analyzed in detail. And a notification-based mechanism is proposed to mitigate DoC attacks and enhance the robustness of TVA. A capability-enabled router should send a reverse notification with a special and unforgeable source identifier to the source when it has to drop a request packet under DoC attacks. Then an enhanced request packet including the source identifier is returned by the source and verified by the router. The enhanced request packet with higher secure level is processed in enhanced channels instead of unprivileged channels. Moreover enhanced requests are fair-queued based on per-source instead of per-Pi in TVA. Theoretical analysis and simulation results show that the notification mechanism can suppress DoC attacks effectively and make the capabilities architecture more robust and practical.

机译：拒绝服务（DoS）攻击是对Internet安全的主要威胁。在众多防御技术中，最近的体系结构级功能方案是有前途的。作为一种典型且全面的功能方案，流量验证体系结构（TVA）试图从根本上完全限制DoS攻击。然而，其有效性却遭受了一种新型的DoS攻击，即拒绝能力（DoC），这种攻击发生在客户端发送功能请求时的连接设置步骤中。为了克服DoC攻击，详细分析了潜在的攻击特征。提出了一种基于通知的机制来减轻DoC攻击并增强TVA的鲁棒性。启用功能的路由器在遭受DoC攻击时必须丢弃请求数据包时，应向源发送带有特殊且不可伪造的源标识符的反向通知。然后，包括源标识符的增强型请求包由源返回并由路由器进行验证。具有更高安全级别的增强请求数据包将在增强通道而不是非特权通道中进行处理。此外，增强请求是根据每个源而不是TVA中的每个Pi进行公平排队的。理论分析和仿真结果表明，通知机制可以有效地抑制DoC攻击，使功能体系结构更加健壮和实用。

著录项

来源
《Networking Architecture and Storage, 2007 International Conference on; Guilin,China》|1976年|P.101-108|共8页
会议地点 Ames IA(US)
作者
Guang Jin; Jiangang Yang; Wei Wei; Yabo Dong;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类工业技术;
关键词
Internet; security of data; telecommunication security; Internet security; capability-enabled router; denial of capability; denial-of-service attacks; notification-based mechanism; traffic validation architecture;

机译：互联网;数据安全性;电信安全性;互联网安全性;支持功能的路由器;拒绝能力;拒绝服务攻击;基于通知的机制;流量验证架构;

相似文献

外文文献
中文文献
专利

1. LIVING IN DENIAL - A COMPARISON OF DISTRIBUTED DENIAL OF SERVICE MITIGATION METHODS [J] . Elizabeth Unrein, Delaney L.S. Fish, Joshua Boeker, Issues in Information Systems . 2012,第1期

机译：生活在拒绝中-分布式拒绝服务缓解方法的比较
2. Design and Development of Proactive Models for Mitigating Denial-of-Service and Distributed Denial-of-Service Attacks [J] . Nagesh H.R, K. Chandra Sekaran International journal of computer science and network security . 2007,第7期

机译：缓解拒绝服务和分布式拒绝服务攻击的主动模型的设计和开发
3. Outperforming hummingbirds?￠???? load-lifting capability with a lightweight hummingbird-like flapping-wing mechanism Outperforming hummingbirds?￠???? load-lifting capability with a lightweight hummingbird-like flapping-wing mechanism Outperforming hummingbirds?￠???? load-lifting capability with a lightweight hummingbird-like flapping-wing mechanism [J] . Dominiek Reynaerts, Frederik Leys, Dirk Vandepitte Biology Open . 2016,第8期

机译：优于蜂鸟？像蜂鸟一样轻巧的拍打翼机构的起重能力优于蜂鸟？像蜂鸟一样轻巧的拍打翼机构的起重能力优于蜂鸟？具有轻型蜂鸟拍打翼机构的起重能力
4. Mitigating Denial of Capability with An Notification Mechanism [C] . Guang Jin, Jiangang Yang, Wei Wei, International Conference on Networking, Architecture, and Storage . 2008

机译：通过通知机制减轻拒绝能力
5. Mitigation of Denial of Service Attacks in Software Defined Network =MITIGATION OF DENIAL OF SERVICE ATTACKS IN SOFTWARE DEFINED NETWORK [D] . Dridi, Lobna. 2017

机译：软件定义网络中的拒绝服务攻击的缓解=软件定义网络中的拒绝服务攻击的缓解
6. Weight-of-Evidence Strategies to Mitigate the Influence of Messages of Science Denialism in Public Discussions [O] . Philipp Schmid, Marius Schwarzer, Cornelia Betsch 2020

机译：减肥战略以减轻科学否认信息在公开讨论中的影响
7. Securing an Internet of Things from Distributed Denial of Service and Mirai Botnet Attacks Using a Novel Hybrid Detection and Mitigation Mechanism [O] . M Karthik, M Krishnan 2021

机译：使用新型混合检测和缓解机制来保护分布式拒绝服务和Mirai僵尸网络攻击的事物互联网

Mitigating Denial of Capability with An Notification Mechanism

摘要

著录项

相似文献

相关主题

期刊订阅