Abstract | ||
---|---|---|
Despite large-scale flooding attacks, capability-based defense schemes provide end hosts with guaranteed communication. However, facing the challenges of enabling scalable bandwidth fair sharing and adapting to attack strategies, none of the existing schemes adequately stand. In this paper we present Tumbler, a flooding attack defense mechanism that provides scalable competition-based bandwidth fairness at the Autonomous System (AS) granularity, and on-demand bandwidth allocation for end hosts in each AS. Tumbler enforces adaptability in the capability establishment via competition factors that are calculated upon leaf ASes’ bandwidth utilization and reputation. Transit ASes independently manage each competition factor based on the corresponding feedback from dedicated bandwidth accounting and monitoring policies. Through Internet-scale simulations, we demonstrate the effectiveness of Tumbler against a variety of attack scenarios and illustrate the deployment benefits for ISPs. |
Year | DOI | Venue |
---|---|---|
2016 | https://doi.org/10.1016/j.comnet.2016.06.005 | Computer Networks |
Keywords | DocType | Volume |
DDoS attack,Capability scheme,Bandwidth allocation,Competition factor | Journal | 105 |
Citations | PageRank | References |
2 | 0.40 | 18 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yao Zhang | 1 | 32 | 8.91 |
Xiaoyou Wang | 2 | 2 | 0.40 |
Adrian Perrig | 3 | 15842 | 1035.20 |
Zhiming Zheng | 4 | 128 | 16.80 |