Title :
Defending Network-Based Services Against Denial of Service Attacks
Author :
Kurian, Jinu ; Sarac, Kamil ; Almeroth, Kevin
Author_Institution :
Dept. of Comput. Sci., Univ. of Texas at Dallas, Dallas, TX
Abstract :
Over the last decade, several value-added services have been proposed for deployment in the Internet. IP multicast is an example of such a service. IP multicast is a stateful service in that it requires routers to maintain state for forwarding multicast data toward receivers. This characteristic makes the service and its users vulnerable to denial-of-service (DoS) attacks. One type of attack aims to saturate the available buffer space for storing state information at the routers. A successful attack can prevent end systems from properly joining multicast groups. In this paper, we present a solution to state overload attacks; evaluate the overhead of the solution through a combination of simulation and implementation; and outline an incremental deployment strategy for its partial deployment. The evaluation results indicate that our solution improves the resistance of IP multicast to state overload attacks.
Keywords :
IP networks; Internet; buffer storage; multicast protocols; telecommunication network routing; telecommunication security; DoS; IP multicast communication; Internet; PIM; buffer space; denial-of-service attack; forwarding multicast data routing; incremental deployment strategy; protocol independent multicast; state overload attack; Availability; Computer crime; Computer science; Information security; Internet; Multicast communication; Multicast protocols; Quality of service; Spine; TV;
Conference_Titel :
Computer Communications and Networks, 2006. ICCCN 2006. Proceedings.15th International Conference on
Conference_Location :
Arlington, VA
Print_ISBN :
1-4244-0572-6
DOI :
10.1109/ICCCN.2006.286239
