首页>
外国专利>
Method and apparatus for improving the resilience of content distribution networks to distributed denial of service attacks
Method and apparatus for improving the resilience of content distribution networks to distributed denial of service attacks
展开▼
机译:用于提高内容分发网络对分布式拒绝服务攻击的弹性的方法和装置
展开▼
页面导航
摘要
著录项
相似文献
摘要
Several deterrence mechanisms suitable for content distribution networks (CDN) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism, an attacker is required to generate O(n2)amount of traffic to victimize a CDN-hosted site when the site content is served from n CDN caches. Without these modifications, the attacker must generate only O(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation among CDN-hosted Web sites to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site that disables its assigned servers, does not also bring down other Web sites hosted by the CDN.
展开▼