By Topic

EC: an edge-based architecture against DDoS attacks and malware spread

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
R. P. Karrer ; Deutsche Telekom Laboratories, TU Berlin, Germany

The ability to limit unsolicited traffic in the Internet is important to defy DDoS attacks and to contain the spread of worms and viruses. The concept of capabilities, which requires that sources must acquire tokens prior to sending data, has been successfully applied on an end-to-end base to protect end systems. In this paper, we propose edge-based capabilities (EC), an architecture that prevents DDoS attacks and malware spread at the edge. EC introduces a novel network element termed gate. The gate controls IP packets that have previously been authenticated by an end-to-end mechanism. Authenticated traffic carries a session-specific tag in the IP header. Packets with valid tags are forwarded by the gate whereas traffic without or with wrong tags is treated with low priority or even dropped. EC achieves efficiency and scalability by defining a single lock against which tags are compared, removing the need to store per-flow information in the gate. Compared to related proposals, EC is easy to deploy as the gate can be added incrementally and EC requires only a single network element to be added at the edge

Published in:

20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)  (Volume:2 )

Date of Conference:

18-20 April 2006