Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
AINA
2006
IEEE
2006
IEEE
EC: an edge-based architecture against DDoS attacks and malware spread
The ability to limit unsolicited traffic in the Internet is important to defy DDoS attacks and to contain the spread of worms and viruses. The concept of capabilities, which requires that sources must acquire tokens prior to sending data, has been successfully applied on an end-to-end base to protect end systems. In this paper, we propose Edge-based Capabilities (EC), an architecture that prevents DDoS attacks and malware spread at the edge. EC introduces a novel network element termed gate. The gate controls IP packets that have previously been authenticated by and end-to-end mechanism. Authenticated traffic carries a session-specific tag in the IP header. Packets with valid tags are forwarded by the gate whereas traffic without or with wrong tags is treated with low priority or even dropped. EC achieves efficiency and scalability by defining a single lock against which tags are compared, removing the need to store per-flow information in the gate. Compared to related proposals, EC is...
Real-time Traffic| Added | 20 Aug 2010 |
| Updated | 20 Aug 2010 |
| Type | Conference |
| Year | 2006 |
| Where | AINA |
| Authors | Roger Karrer |
Comments (0)
Researcher Info
|
