By Topic

Scalable Network-Layer Defense Against Internet Bandwidth-Flooding Attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Argyraki, K. ; Sch. of Comput. & Commun. Sci., EPFL, Lausanne, Switzerland ; Cheriton, D.R.

In a bandwidth-flooding attack, compromised sources send high-volume traffic to the target with the purpose of causing congestion in its tail circuit and disrupting its legitimate communications. In this paper, we present active Internet traffic filtering (AITF), a network-layer defense mechanism against such attacks. AITF enables a receiver to contact misbehaving sources and ask them to stop sending it traffic; each source that has been asked to stop is policed by its own Internet service provider (ISP), which ensures its compliance. An ISP that hosts misbehaving sources either supports AITF (and accepts to police its misbehaving clients), or risks losing all access to the complaining receiver-this is a strong incentive to cooperate, especially when the receiver is a popular public-access site. We show that AITF preserves a significant fraction of a receiver's bandwidth in the face of bandwidth flooding, and does so at a per-client cost that is already affordable for today's ISPs; this per-client cost is not expected to increase, as long as botnet-size growth does not outpace Moore's law. We also show that even the first two networks that deploy AITF can maintain their connectivity to each other in the face of bandwidth flooding. We conclude that the network-layer of the Internet can provide an effective, scalable, and incrementally deployable solution against bandwidth-flooding attacks.

Published in:

Networking, IEEE/ACM Transactions on  (Volume:17 ,  Issue: 4 )