Scholz et al., 2020 - Google Patents
SYN flood defense in programmable data planesScholz et al., 2020
View PDF- Document ID
- 5599843315393134275
- Author
- Scholz D
- Gallenmüller S
- Stubbe H
- Carle G
- Publication year
- Publication venue
- Proceedings of the 3rd P4 Workshop in Europe
External Links
Snippet
The SYN flood attack is a common attack strategy as part of Distributed Denial-of-Service, which steadily becomes more frequent and of higher volume. To defend against SYN floods, preventing valuable service downtime, malicious traffic has to be separated from legitimate …
- 235000010384 tocopherol 0 abstract description 28
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/19—Flow control or congestion control at layers above network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/24—Flow control or congestion control depending on the type of traffic, e.g. priority or quality of service [QoS]
- H04L47/2441—Flow classification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/12—Congestion avoidance or recovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/16—Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
- H04L69/163—Adaptation of TCP data exchange control procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/16—Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W28/00—Network traffic or resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATIONS NETWORKS
- H04W12/00—Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Scholz et al. | SYN flood defense in programmable data planes | |
| Radhakrishnan et al. | TCP fast open | |
| Afek et al. | Network anti-spoofing with SDN data plane | |
| Ambrosin et al. | Lineswitch: Efficiently managing switch flow in software-defined networking while effectively tackling dos attacks | |
| US9838421B2 (en) | Systems and methods utilizing peer measurements to detect and defend against distributed denial of service attacks | |
| US8875287B2 (en) | Server with mechanism for reducing internal resources associated with a selected client connection | |
| Sanmorino et al. | DDoS attack detection method and mitigation using pattern of the flow | |
| US9032524B2 (en) | Line-rate packet filtering technique for general purpose operating systems | |
| US20170359349A1 (en) | Method and apparatus for causing a delay in processing requests for internet resources received from client devices | |
| US9749354B1 (en) | Establishing and transferring connections | |
| EP2289221A2 (en) | Network intrusion protection | |
| Baig et al. | Controlled virtual resource access to mitigate economic denial of sustainability (EDoS) attacks against cloud infrastructures | |
| Jansen et al. | KISt: Kernel-informed socket transport for ToR | |
| Mohammadi et al. | SYN‐Guard: An effective counter for SYN flooding attack in software‐defined networking | |
| François et al. | Network security through software defined networking: a survey | |
| Jamjoom et al. | Persistent dropping: An efficient control of traffic aggregates | |
| Scholz et al. | Me love (SYN-) cookies: SYN flood mitigation in programmable data planes | |
| Quach et al. | Investigation of the 2016 linux tcp stack vulnerability at scale | |
| US11102239B1 (en) | Client device identification on a network | |
| CN1783809B (en) | Alleviation method of network amplification attack and its network subsystem | |
| Boppana et al. | Analyzing the vulnerabilities introduced by ddos mitigation techniques for software-defined networks | |
| Noureddine et al. | Revisiting client puzzles for state exhaustion attacks resilience | |
| Vellalacheruvu et al. | Effectiveness of built-in security protection of microsoft’s windows server 2003 against TCP SYN based DDoS attacks | |
| Boteanu et al. | A comprehensive study of queue management as a DoS counter-measure | |
| Bawa et al. | Critical review of economical denial of sustainability (EDoS) mitigation techniques |