Yaar et al., 2004 - Google Patents
SIFF: A stateless Internet flow filter to mitigate DDoS flooding attacksYaar et al., 2004
View PDF- Document ID
- 11097798932622990403
- Author
- Yaar A
- Perrig A
- Song D
- Publication year
- Publication venue
- IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004
External Links
Snippet
One of the fundamental limitations of the Internet is the inability of a packet flow recipient to halt disruptive flows before they consume the recipient's network link resources. Critical infrastructures and businesses alike are vulnerable to DoS attacks or flash-crowds that can …
- 210000003702 immature single positive T cell 0 abstract description 23
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/19—Flow control or congestion control at layers above network layer
- H04L47/193—Flow control or congestion control at layers above network layer at transport layer, e.g. TCP related
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/24—Flow control or congestion control depending on the type of traffic, e.g. priority or quality of service [QoS]
- H04L47/2441—Flow classification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/16—Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
- H04L69/163—Adaptation of TCP data exchange control procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/16—Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/32—Packet discarding or delaying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L29/00—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
- H04L29/02—Communication control; Communication processing contains provisionally no documents
- H04L29/06—Communication control; Communication processing contains provisionally no documents characterised by a protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yaar et al. | SIFF: A stateless Internet flow filter to mitigate DDoS flooding attacks | |
| Yang et al. | A DoS-limiting network architecture | |
| Yaar et al. | StackPi: New packet marking and filtering mechanisms for DDoS and IP spoofing defense | |
| US8171562B2 (en) | System and methods for protecting against denial of service attacks | |
| Argyraki et al. | Active internet traffic filtering: Real-time response to denial-of-service attacks. | |
| Lakshminarayanan et al. | Taming IP packet flooding attacks | |
| Gu et al. | Denial of service attacks | |
| Abliz | Internet denial of service attacks and defense mechanisms | |
| Handley et al. | Internet denial-of-service considerations | |
| Argyraki et al. | Scalable network-layer defense against internet bandwidth-flooding attacks | |
| Badishi et al. | Keeping denial-of-service attackers in the dark | |
| US6973040B1 (en) | Method of maintaining lists of network characteristics | |
| Wang et al. | An IP traceback mechanism for reflective DoS attacks | |
| Mahajan et al. | DDoS attack prevention and mitigation techniques-a review | |
| Khattab et al. | Honeypot back-propagation for mitigating spoofing distributed denial-of-service attacks | |
| Shi et al. | OverDoSe: A generic DDoS protection service using an overlay network | |
| Barham et al. | Techniques for lightweight concealment and authentication in IP networks | |
| US7818795B1 (en) | Per-port protection against denial-of-service and distributed denial-of-service attacks | |
| Perrig et al. | StackPi: a new defense mechanism against IP spoofing and DDoS attacks | |
| Adkins et al. | Taming IP packet flooding attacks | |
| Kumarasamy et al. | An active defense mechanism for TCP SYN flooding attacks | |
| Santhanam et al. | Active cache based defense against dos attacks in wireless mesh network | |
| Huici et al. | An edge-to-edge filtering architecture against DoS | |
| Fowler et al. | Impact of denial of service solutions on network quality of service | |
| Badishi et al. | Keeping denial-of-service attackers in the dark |