Mitigating Bandwidth-Exhaustion Attacks using Congestion Puzzles

机译：使用拥塞难题缓解带宽耗尽攻击

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

We present congestion puzzles (CP), a new countermeasure to bandwidth-exhaustion attacks. Like other defenses based on client puzzles, CP attempts to force attackers to invest vast resources in order to effectively perform denial-of-service attacks. Unlike previous puzzle-based approaches, however, ours is the first designed for the bandwidth-exhaustion attacks that are common at the network (IP) layer. At the core of CP is an elegant distributed puzzle mechanism that permits routers to cooperatively impose and check puzzles. We demonstrate through analysis and simulation that CP can effectively defend networks from flooding attacks without relying on the formulation of attack signatures to filter traffic. Moreover, as many such attacks are conducted by "zombie" computers that have been silently commandeered without the knowledge of their owners, the overheads that CP imposes on heavily engaged zombies can increase the likelihood that the computer's owner detects the compromise and takes action to remedy it.

机译：我们提出了拥塞难题（CP），这是对带宽耗尽攻击的一种新对策。像其他基于客户端难题的防御一样，CP试图迫使攻击者投入大量资源，以有效地执行拒绝服务攻击。但是，与以前的基于难题的方法不同，我们的方法是第一个针对网络（IP）层常见的带宽耗尽攻击而设计的。 CP的核心是一种优雅的分布式拼图机制，该机制允许路由器协同实施和检查拼图。通过分析和仿真，我们证明了CP可以有效地防御网络遭受洪泛攻击，而无需依赖攻击特征码来过滤流量。而且，由于许多此类攻击都是由“僵尸”计算机进行的，这些计算机在不了解其所有者的情况下被悄悄地占领了，因此，CP强加于忙碌的僵尸上的开销可能会增加计算机所有者检测到威胁并采取补救措施的可能性。它。

著录项

来源
《Association for Computing Machinery(ACM) Conference on Computer and Communications Security(CS 2004); 20041025-29; Washington,DC(US)》|2004年|P.257-267|共11页
会议地点 WashingtonDC(US)
作者
XiaoFeng Wang; Michael K. Reiter;
展开▼
作者单位

School of Informatics and Computer Science Department, Indiana University at Bloomington, Bloomington, IN, USA;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类计算技术、计算机技术;
关键词
client puzzle; denial of service;

机译：客户难题;拒绝服务;

相似文献

外文文献
中文文献
专利

1. Mitigating Congestion Based DoS Attacks By Using Weighted Fair Queuing With An Enhanced AQM Technique [J] . A. Sreeja, M. Ganesh Karthik International Journal of Applied Engineering Research . 2015,第10期

机译：通过使用加权AQM技术加权公平排队来缓解基于拥塞的DoS攻击
2. Mitigating congestion based DoS attacks with an enhanced AQM technique [J] . Harkeerat Bedi, Sankardas Roy, Sajjan Shiva Computer Communications . 2015,第feba1期

机译：使用增强的AQM技术缓解基于拥塞的DoS攻击
3. Efficient Congestion Mitigation Using Congestion-Aware Steiner Trees and Network Coding Topologies [J] . M. A. R. Chaudhry, Z. Asad, A. Sprintson, VLSI Design . 2011,第CAD期

机译：使用拥塞感知的Steiner树和网络编码拓扑来有效缓解拥塞
4. Mitigating bandwidth-exhaustion attacks using congestion puzzles [C] . XiaoFeng Wang, Michael K. Reiter ACM conference on Computer and communications security . 2004

机译：使用拥塞难题缓解带宽耗尽攻击
5. A novel puzzle-based framework for mitigating distributed denial of service attacks against internet applications [D] . Abliz, Mehmud 2015

机译：一个新颖的基于拼图的框架，用于缓解针对Internet应用程序的分布式拒绝服务攻击
6. Analyzing the Impact of Traffic Congestion Mitigation: From an Explainable Neural Network Learning Framework to Marginal Effect Analyses [O] . Jianping Sun, Jifu Guo, Xin Wu, 2019

机译：分析缓解交通拥堵的影响：从可解释的神经网络学习框架到边际效应分析
7. Mitigating bandwidth-exhaustion attacks using congestion puzzles [O] . Xiaofeng Wang, Michael K. Reiter 2004

机译：使用拥塞难题减轻带宽耗尽攻击
8. Using Client Puzzles to Mitigate Distributed Denial of Service Attacks in the Tor Anonymous Routing Environment [R] . Fraser, N. A., Kelly, D. J., Raines, R. A., 2007

机译：使用客户端谜题来缓解Tor匿名路由环境中的分布式拒绝服务攻击

Mitigating Bandwidth-Exhaustion Attacks using Congestion Puzzles

摘要

著录项

相似文献

相关主题

期刊订阅