Accession Number:

ADA582042

Title:

FLoc: Dependable Link Access for Legitimate Traffic in Flooding Attacks

Descriptive Note:

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA CYLAB

Personal Author(s):

Report Date:

2011-11-23

Pagination or Media Count:

19.0

Abstract:

Malware-contaminated hosts organized as a bot network can target and flood network links e.g., routers. Yet none of the countermeasures to link flooding proposed to date have provided dependable link access i.e., bandwidth guarantees for legitimate traffic during such attacks. In this paper, we present a router subsystem called FLoc Flow Localization that confines attack effects and provides differential bandwidth guarantees at a congested link 1 packet flows of uncontaminated domains i.e., Autonomous Systems receive better bandwidth guarantees than packet flows of contaminated ones and 2 legitimate flows of contaminated domains are guaranteed substantially higher bandwidth than attack flows. FLoc employs new preferential packet-drop and traffic-aggregation policies that limit collateral damage and protect legitimate flows from a wide variety of flooding attacks. We present FLocs analytical model for dependable link access, a router design based on it, and illustrate FLocs effectiveness using simulations of different flooding strategies and comparisons with other flooding defense schemes. Internet-scale simulation results corroborate FLocs effectiveness in the face of large-scale attacks in the real Internet.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE