Paper Info
Title
dfence: transparent network-based denial of service mitigation
Abstract
Denial of service (DoS) attacks are a growing threat to the availability of Internet services. We present dFence, a novel network-based defense system for mitigating DoS attacks. The main thesis of dFence is complete transparency to the existing Internet infrastructure with no software modifications at either routers, or the end hosts. dFence dynamically introduces special-purpose middlebox devices into the data paths of the hosts under attack. By intercepting both directions of IP traffic (to and from attacked hosts) and applying stateful defense policies, dFence middleboxes effectively mitigate a broad range of spoofed and unspoofed attacks. We describe the architecture of the dFence middlebox, mechanisms for ondemand introduction and removal, and DoS mitigation policies, including defenses against DoS attacks on the middlebox itself. We evaluate our prototype implementation based on Intel IXP network processors.
Year
Venue
Keywords
2007
NSDI
dos mitigation policy,dfence middlebox,existing internet infrastructure,dfence middleboxes,dos attack,dfence dynamically,special-purpose middlebox device,present dfence,service mitigation,transparent network-based denial,novel network-based defense system,internet service,denial of service,network processor
Field
DocType
Citations 
Transparency (graphic),Network processor,Denial-of-service attack,Spoofing attack,Middlebox,Computer science,Computer security,Computer network,Stateful firewall,Internet traffic,The Internet
Conference
29
PageRank 
References 
Authors
2.40
24
5
Name
Order
Citations
PageRank
Ajay Mahimkar120617.45
Jasraj Dange2292.40
Vitaly Shmatikov34560215.44
Harrick Vin434145.31
Yin Zhang53492281.04