Scholars@Duke

A DoS-limiting network architecture

Publication ,  Journal Article
Yang, X; Wetherall, D; Anderson, T
Published in: Computer Communication Review
October 1, 2005
Published version (DOI)

We present the design and evaluation of TVA, a network architecture that limits the impact of Denial of Service (DoS) floods from the outset. Our work builds on earlier work on capabilities in which senders obtain short-term authorizations from receivers that they stamp on their packets. We address the full range of possible attacks against communication between pairs of hosts, including spoofed packet floods, network and host bottlenecks, and router state exhaustion. We use simulation to show that attack traffic can only degrade legitimate traffic to a limited extent, significantly outperforming previously proposed DoS solutions. We use a modified Linux kernel implementation to argue that our design can run on gigabit links using only inexpensive off-the-shelf hardware. Our design is also suitable for transition into practice, providing incremental benefit for incremental deployment. Copyright 2005 ACM.

Duke Scholars

Xiaowei Yang
Author Xiaowei Yang Computer Science
Altmetric Attention Stats
Dimensions Citation Stats

Published In

Computer Communication Review

DOI

10.1145/1090191.1080120

EISSN

0146-4833

ISSN

0146-4833

Publication Date

October 1, 2005

Volume

35

Issue

4

Start / End Page

241 / 252

Related Subject Headings

  • Networking & Telecommunications
  • 4606 Distributed computing and systems software
  • 4006 Communications engineering
  • 1005 Communications Technologies
  • 0805 Distributed Computing
  • 0803 Computer Software
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Yang, X., Wetherall, D., & Anderson, T. (2005). A DoS-limiting network architecture. Computer Communication Review, 35(4), 241–252. https://doi.org/10.1145/1090191.1080120
Yang, X., D. Wetherall, and T. Anderson. “A DoS-limiting network architecture.” Computer Communication Review 35, no. 4 (October 1, 2005): 241–52. https://doi.org/10.1145/1090191.1080120.
Yang X, Wetherall D, Anderson T. A DoS-limiting network architecture. Computer Communication Review. 2005 Oct 1;35(4):241–52.
Yang, X., et al. “A DoS-limiting network architecture.” Computer Communication Review, vol. 35, no. 4, Oct. 2005, pp. 241–52. Scopus, doi:10.1145/1090191.1080120.
Yang X, Wetherall D, Anderson T. A DoS-limiting network architecture. Computer Communication Review. 2005 Oct 1;35(4):241–252.

Published In

Computer Communication Review

DOI

10.1145/1090191.1080120

EISSN

0146-4833

ISSN

0146-4833

Publication Date

October 1, 2005

Volume

35

Issue

4

Start / End Page

241 / 252

Related Subject Headings

  • Networking & Telecommunications
  • 4606 Distributed computing and systems software
  • 4006 Communications engineering
  • 1005 Communications Technologies
  • 0805 Distributed Computing
  • 0803 Computer Software