The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Os ataques distribuídos de negação de serviço (DDoS) são um problema premente na Internet, conforme demonstrado pelos ataques recentes aos principais servidores de comércio eletrônico e ISPs. Como o ataque é altamente distribuído, uma solução eficaz deve ser formulada com uma abordagem distribuída. Recentemente, foram propostas algumas soluções, nas quais nós intermediários da rede filtram ou modelam o tráfego congestionado. Essas soluções podem diminuir o tráfego congestionado, mas ainda causam “problema de vítimas colaterais”, ou seja, pacotes legítimos podem ser descartados por engano. Neste artigo, propomos a Plataforma de Contramedidas Ativas para minimizar o congestionamento de tráfego e resolver o problema das vítimas colaterais usando o paradigma de Redes Ativas, que incorpora programabilidade em nós intermediários da rede. Nossa plataforma pode evitar a sobrecarga do alvo e o consumo autônomo da largura de banda da rede tanto do backbone quanto do site protegido. Além disso, pode melhorar o problema das vítimas colaterais com base na política do usuário. Este artigo mostra o conceito de nossa plataforma, design do sistema e avaliação da eficácia usando um protótipo.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Dai KASHIWA, Eric Y. CHEN, Hitoshi FUJI, Shuichi MACHIDA, Hiroshi SHIGENO, Ken-ichi OKADA, Yutaka MATSUSHITA, "Active Countermeasure Platform against DDoS Attacks" in IEICE TRANSACTIONS on Information,
vol. E85-D, no. 12, pp. 1918-1928, December 2002, doi: .
Abstract: Distributed Denial of Service (DDoS) attacks are a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPs. Since the attack is highly distributed, an effective solution must be formulated with a distributed approach. Recently, some solutions, in which intermediate network nodes filter or shape congested traffic, have been proposed. These solutions may decrease the congested traffic, but they still cause "collateral victims problem," that is, legitimate packets may be discarded mistakenly. In this paper, we propose Active Countermeasure Platform to minimize traffic congestion and to address the collateral victim problem using the Active Networks paradigm, which incorporates programmability into intermediate network nodes. Our platform can prevent overloading of the target and consuming the network bandwidth of both the backbone and the protected site autonomously. In addition, it can improve the collateral victim problem based on user policy. This paper shows the concept of our platform, system design and evaluation of the effectiveness using a prototype.
URL: https://global.ieice.org/en_transactions/information/10.1587/e85-d_12_1918/_p
Copiar
@ARTICLE{e85-d_12_1918,
author={Dai KASHIWA, Eric Y. CHEN, Hitoshi FUJI, Shuichi MACHIDA, Hiroshi SHIGENO, Ken-ichi OKADA, Yutaka MATSUSHITA, },
journal={IEICE TRANSACTIONS on Information},
title={Active Countermeasure Platform against DDoS Attacks},
year={2002},
volume={E85-D},
number={12},
pages={1918-1928},
abstract={Distributed Denial of Service (DDoS) attacks are a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPs. Since the attack is highly distributed, an effective solution must be formulated with a distributed approach. Recently, some solutions, in which intermediate network nodes filter or shape congested traffic, have been proposed. These solutions may decrease the congested traffic, but they still cause "collateral victims problem," that is, legitimate packets may be discarded mistakenly. In this paper, we propose Active Countermeasure Platform to minimize traffic congestion and to address the collateral victim problem using the Active Networks paradigm, which incorporates programmability into intermediate network nodes. Our platform can prevent overloading of the target and consuming the network bandwidth of both the backbone and the protected site autonomously. In addition, it can improve the collateral victim problem based on user policy. This paper shows the concept of our platform, system design and evaluation of the effectiveness using a prototype.},
keywords={},
doi={},
ISSN={},
month={December},}
Copiar
TY - JOUR
TI - Active Countermeasure Platform against DDoS Attacks
T2 - IEICE TRANSACTIONS on Information
SP - 1918
EP - 1928
AU - Dai KASHIWA
AU - Eric Y. CHEN
AU - Hitoshi FUJI
AU - Shuichi MACHIDA
AU - Hiroshi SHIGENO
AU - Ken-ichi OKADA
AU - Yutaka MATSUSHITA
PY - 2002
DO -
JO - IEICE TRANSACTIONS on Information
SN -
VL - E85-D
IS - 12
JA - IEICE TRANSACTIONS on Information
Y1 - December 2002
AB - Distributed Denial of Service (DDoS) attacks are a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPs. Since the attack is highly distributed, an effective solution must be formulated with a distributed approach. Recently, some solutions, in which intermediate network nodes filter or shape congested traffic, have been proposed. These solutions may decrease the congested traffic, but they still cause "collateral victims problem," that is, legitimate packets may be discarded mistakenly. In this paper, we propose Active Countermeasure Platform to minimize traffic congestion and to address the collateral victim problem using the Active Networks paradigm, which incorporates programmability into intermediate network nodes. Our platform can prevent overloading of the target and consuming the network bandwidth of both the backbone and the protected site autonomously. In addition, it can improve the collateral victim problem based on user policy. This paper shows the concept of our platform, system design and evaluation of the effectiveness using a prototype.
ER -