FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks

Soo Bum Lee; Virgil D. Gligor

doi:10.1109/ICDCS.2010.78

I
ICDCS
2010
2010 International Conference on Distributed Computing Systems
Abstract - FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Soo Bum Lee Articles by Virgil D. Gligor

2010 International Conference on Distributed Computing Systems

FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks

Genova, Italy

June 21-June 25

ISBN: 978-0-7695-4059-7

	ASCII Text	x
	Soo Bum Lee, Virgil D. Gligor, "FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks," 2012 IEEE 32nd International Conference on Distributed Computing Systems, pp. 327-338, 2010 International Conference on Distributed Computing Systems, 2010.

	BibTex	x
	@article{ 10.1109/ICDCS.2010.78, author = {Soo Bum Lee and Virgil D. Gligor}, title = {FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks}, journal ={2012 IEEE 32nd International Conference on Distributed Computing Systems}, volume = {0}, year = {2010}, issn = {1063-6927}, pages = {327-338}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCS.2010.78}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - 2012 IEEE 32nd International Conference on Distributed Computing Systems TI - FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks SN - 1063-6927 SP327 EP338 A1 - Soo Bum Lee, A1 - Virgil D. Gligor, PY - 2010 VL - 0 JA - 2012 IEEE 32nd International Conference on Distributed Computing Systems ER -

Soo Bum Lee

Virgil D. Gligor

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDCS.2010.78

Malware-contaminated hosts organized as a “bot network” can target and flood network links (e.g., routers). Yet, none of the countermeasures to link flooding proposed to date have provided dependable link access (i.e., bandwidth guarantees) for legitimate traffic during such attacks. In this paper, we present a router subsystem called FLoc (Flow Localization) that confines attack effects and provides differential bandwidth guarantees at a congested link: (1) packet flows of uncontaminated domains (i.e., Autonomous Systems) receive better bandwidth guarantees than packet flows of contaminated ones, and (2) legitimate flows of contaminated domains are guaranteed substantially higher bandwidth than attack flows. FLoc employs new preferential packet-drop and traffic-aggregation policies that limit “collateral damage” and protect legitimate flows from a wide variety of flooding attacks. We present FLoc’s analytical model for dependable link access, a router design based on it, and illustrate FLoc’s effectiveness using simulations of different flooding strategies and comparisons with other flooding defense schemes.

Citation:

Soo Bum Lee, Virgil D. Gligor, "FLoc : Dependable Link Access for Legitimate Traffic in Flooding Attacks," icdcs, pp.327-338, 2010 International Conference on Distributed Computing Systems, 2010

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.