Deployable Overlay Network for Defense against Distributed SYN Flood Attacks

スポンサーリンク

概要

• 論文の詳細を見る

• Distributed denial-of-service attacks on public servers have recently become more serious. Most of them are SYN flood attacks, since the malicious attackers can easily exploit the TCP specification to generate traffic making public servers unavailable. We need a defense method which can protect legitimate traffic so that end users can connect the target servers during such attacks. In this paper, we propose a new framework, in which all of the TCP connections to the victim servers from a domain are maintained at the gateways of the domain (i. e., near the clients). We call the nodes maintaining the TCP connection defense nodes. The defense nodes check whether arriving packets are legitimate or not by maintaining the TCP connection. That is, the defense nodes delegate reply packets to the received connection request packets and identify the legitimate packets by checking whether the clients reply to the reply packets. Then, only identified traffic are relayed via overlay networks. As a result, by deploying the defense nodes at the gateways of a domain, the legitimate packets from the domain are relayed apart from other packets including attack packets and protected. Our simulation results show that our method can protect legitimate traffic from the domain deploying our method. We also describe the deployment scenario of our defense mechanism.

• （社）電子情報通信学会の論文
• 2008-08-01

著者

• ATA Shingo

  Graduate School of Engineering, Osaka City University

• Ata Shingo

  Graduate School Of Engeneering Osaka City University

• MURATA Masayuki

  Graduate School of Information Science and Technology, Osaka University

• Ohsita Yuichi

  Graduate School Of Economics Osaka University

• Murata Masayuki

  Osaka Univ. Suita‐shi Jpn

• Murata Masayuki

  Graduate School Of Information Science And Technology

• Murata Masayuki

  Graduate School Of Frontier Biosciences Osaka University

• Ata Shingo

  Osaka City Univ. Osaka‐shi Jpn

• Murata Masayuki

  Graduate School Of Engineering Science Osaka University

関連論文

• Error Probability Analysis of Majority Decision in Tree Network Composed of BSC
• A Failure-Tolerant Structure in Router-level Internet Topologies
• Performance Improvement of an Ad Hoc Network System for Wireless Data Service(Terrestrial Radio Communications)
• BS-4-8 Design and Architecture of Server Platform for Network Virtualization and Adaptive Network Control(BS-4. System, control and design technologies for emerging network)
• New Methods for Maintaining Fairness between Well-Behaved TCP Flows and Tampered-TCP Flows at Edge Routers
• Performance Improvement by Packet Buffering in Mobile IP Based Networks
• Call Admission Control for QoS Provisioning in Multimedia Wireless ATM Networks
• A Combination Scheme of ARQ and FEC for Multimedia Wireless ATM Networks
• Performance Comparisons of Approaches for Providing Connections Service over ATM Networks (Special Issue on Network Interworking)
• Self-Organization Based Network Architecture for New Generation Networks
• BS-7-2 Error-tolerant and energy-efficient coverage control based on attractor selection model for wireless sensor networks(BS-7. Network Planning, Control and Management)
• Improvement of TCP Throughput by Combination of Data and ACK Packets in Ad Hoc Networks(Ad Hoc Network)(Networking Technologies for Mobile Internet Systems)
• SB-10-2 Cache Replacement Algorithm for P2P Media Streaming(SB-10. Latest Trends on Broadband Contents Delivery Technologies)
• Proxy Caching Mechanisms with Quality Adjustment for Video Streaming Services(Proxy Caching)(Special Issue on Content Delivery Networks)
• SB-6-5 An Application of System Identification to Modeling End-to-End Packet Delay Dynamics of the Internet
• Impact of Limited Number of Wired Channels on Soft Handoff in CDMA Cellular Systems(Special lssue on lnnovative Mobile Communication Technologies at the Dawn of the 21^ Century)
• Effective Algorithms for Multicast Video Transport to Meet Various QoS Requirements(Special Issue on Multimedia Communications in Heterogeneous Network Environments)
• Performance Improvement of TCP over EFCI-Based ABR Service Class by Tuning of Congestion Control Parameters (Special Issue on Network Interworking)
• Performance Evaluation and Parameter Tuning of TCP over ABR Service in ATM Networks (Special Issue on High Speed Local Area Network)
• Fair Bandwidth Allocation in FRP-Based ATM Local Area Networks (Special Issue on High Speed Local Area Network)
• Design Algorithm for Virtual Path Based ATM Networks
• BS-3-24 A GPS-free Self-Organized Location Establishment Scheme for Environmental Wireless Sensor Networks
• BS-3-13 An attractor network for logical topology control.
• Self Organizing Topology Transformation for Peer-To-Peer (P2P) Networks
• Evaluation of Free-Riding Traffic Problem in Overlay Routing and Its Mitigation Method
• Effectiveness of Overlay Routing Based on Delay and Bandwidth Information
• Packet Switch Architectures for Very Small Optical RAM
• Packet switch architectures for very small optical RAM (フォトニックネットワーク)
• Packet switch architectures for very small optical RAM (光エレクトロニクス)
• Packet switch architectures for very small optical RAM (レーザ・量子エレクトロニクス)
• Estimation of Current Traffic Matrices from Long-Term Traffic Variations
• Design Methodology of a Sensor Network Architecture Supporting Urgent Information and Its Evaluation
• Deployable Overlay Network for Defense against Distributed SYN Flood Attacks
• Node pacing for optical packet switching (フォトニックネットワーク)
• Identification of Attack Nodes from Traffic Matrix Estimation(Internet)
• Proposal of an Assured Corridor Mechanism for Urgent Information Transmission in Wireless Sensor Networks(Network)
• An Integrated Routing Mechanism for Cross-Layer Traffic Engineering in IP over WDM Networks(Internet)
• Analysis Evaluation of Parallel TCP : Is It Really Effective for Long Fat Networks?(Internet)
• A Comparative Study of Switch Architectures For Small-buffered Optical Packet Switched Networks
• A Comparative Study of Switch Architectures For Small-buffered Optical Packet Switched Networks
• Detecting Distributed Denial-of-Service Attacks by Analyzing TCP SYN Packets Statistically(Internet)
• Inferring Network Impact Factors : Applying Mixed Distribution to Measured RTTs
• An Application of Separate Coding to Space-Time Turbo-Coded Modulation(Special Issue on Multiple Access and Signal Transmission Techniques for Future Mobile Communications)
• A Comparison of BER Performance and Decoding Complexity in Separately Turbo-Coded Modulations
• A Study of Control Plane Stability with Retry Traffic : Comparison of Hard- and Soft-State Protocols
• A Comparative Study of Switch Architectures For Small-buffered Optical Packet Switched Networks
• A Comparative Study of Switch Architectures For Small-buffered Optical Packet Switched Networks
• A Comparative Study of Switch Architectures For Small-buffered Optical Packet Switched Networks
• A Comparative Study of Switch Architectures For Small-buffered Optical Packet Switched Networks
• Rate-based Paced XCP for Small Buffered Optical Packet Switched Networks(MPλ(Lambda)S,フォトニックネットワーク/制御,光波長変換,スイッチング,PON,一般)
• Rate-based Paced XCP for Small Buffered Optical Packet Switched Networks
• Towards Establishing Ambient Network Environment
• FOREWORD
• TCP Congestion Control Mechanisms for Achieving Predictable Throughput Using Inline Network Measurement
• PERFORMANCE COMPARISONS OF ABT/IT AND DT IN ATM NETWORKS
• B-6-2 Effect of Data Selection on Data Aggregation in a Wireless Sensor Network
• 1P202 1C1240 セミインタクト細胞とそのリシール技術を用いたメンブレンダイナミクス研究(細胞生物的課題(接着,運動,骨格,伝達,膜),口頭発表,第48回日本生物物理学会年会)
• A Distributed Clustering Method for Hierarchical Routing in Large-Scaled Wavelength Routed Networks(Next Generation Photonic Network Technologies)
• A Simultaneous Inline Measurement Mechanism for Capacity and Available Bandwidth of End-to-End Network Path(Network)
• Special Section on Networking Technologies for Overlay Networks
• Overlay Network Technologies for QoS Control(Networking Technologies for Overlay Networks)
• Experimental Results of Implementing High-Speed and Parallel TCP Variants for Long Fat Networks (Internet)
• Hierarchically Aggregated Fair Queueing (HAFQ) for Per-Flow Fair Bandwidth Allocation(Switching for Communications)
• Performance Analysis and Improvement of HighSpeed TCP with TailDrop/RED Routers(Internet)
• BS-10-28 Layered Attractor Selection for Clustering and Data Gathering in Wireless Sensor Networks
• Impact of Clock Skewness on Synchronized Sensor Clusters Operating with IEEE 802.15.4 MAC (日韓合同ワークショップ 1st Korea-Japan Joint Workshop on Ubiquitous Computing and Networking Systems (ubiCNS 2005))
• Two-Layer Modeling for Local Area Networks
• Background TCP Data Transfer with Inline Network Measurement(Internet)
• BS-5-4 A Packet Burst-based Inline Network Measurement Mechanism
• Packet-Mode Scheduling with Proportional Fairness for Input-Queued Switches(Switching for Communications)
• Scalable and Efficient Ant-Based Routing Algorithm for Ad-Hoc Networks(Network)
• 格子状ネットワークにおける多数決判定中継の誤り率特性(研究速報)
• Error Probability Analysis of Majority Decision in Tree Network Composed of BSC
• PID Congestion Control in ATM with Propagation Delay
• A Transport-Layer Solution for Alleviating TCP Unfairness in a Wireless LAN Environment
• On the benefits of virtual network topology control based on attractor selection model in changing environments (フォトニックネットワーク)
• A Practical Approach for Coded OFDM with Partial Transmit Sequence(Mobile Multimedia Communications)
• Modulation Classification Error Analysis with Phase Offset
• Using Mixed Distribution for Modeling End-to-End Delay Characteristics
• Dual-Optimization of General Orthogonal Modulations for Two Channel Impairments
• A DQDB with Insertion Buffer and Local RQ Counter
• Improving TCP Performance for Wireless Cellular Networks by Adaptive FEC Combined with Explicit Loss Notification(Special Issue on Mobile Multimedia Communications)
• A New TCAM Architecture for Managing ACL in Routers
• Error performance of network coding by low density parity check codes (衛星通信)
• Multimedia communication in camera-based wireless sensor networks (情報ネットワーク)
• On Characteristics of Multi-Hop Communication in Large-Scale Clustered Sensor Networks(Network)
• Optimized General Orthogonal Modulations in Multiple Access Systems(HISC2006)
• Synchronization-Based Data Gathering Scheme for Sensor Networks(Software Platform Technologies, Ubiquitous Networks)
• Error Probability of Orthogonal Modulation Estimation by Clustering(Transmission Technology)
• Estimating Environment-Independent Parameters on Basis of Comparative Assessment of User's Subjectivity
• Analysis of Path Switching Performance Metrics for Optical Hybrid Switching Networks (フォトニックネットワーク)
• BS-3-35 Optical Path Network Reconfiguration Algorithm Considering Geographical Placement of Optical Path(BS-3. Management and Control Technologies for Innovative Networks)
• Adaptive Timer-Based Countermeasures against TCP SYN Flood Attacks
• FPS-RAM : Fast Prefix Search RAM-Based Hardware for Forwarding Engine
• Proposal for Autonomous Decentralized Structure Formation Based on Local Interaction and Back-Diffusion Potential
• FOREWORD
• Basis Vector Estimation Analysis for Identification of Block Orthogonal Modulations
• Analysis of Path Switching Performance Metrics for Optical Hybrid Switching Networks
• Introducing delete feature for unnecessary data to content-hash based distributed archive system
• Performance Analysis of Optical Path/Packet Integrated Networks

もっと見る 閉じる

スポンサーリンク