GGrantIndex
← Search

CT-ER: A DoS-resistant Internet Architecture

$200,000FY2006CSENSF

University Of California-Irvine, Irvine CA

Investigators

Abstract

This research is to design and evaluate an Internet architecture that is resistant to Denial-of-Service (DoS) flooding attacks of any scale. DoS attacks have become an increasing threat to the reliability of the Internet. These attacks are capable of knocking any user, site, and server right off the Internet. This research targets the root cause of the DoS flooding problem: the network's inability to intelligently handle overload. When DoS attacks occur, the network drops legitimate traffic and attack traffic alike, leading to heavy losses of legitimate traffic, which in turn triggers the TCP-friendly backoff of legitimate clients, further reducing the volume of legitimate traffic. One approach to robustly distinguish legitimate and attack traffic is network capabilities. Capabilities are short-term authorizations that senders request from receivers and stamp on their packets. They allow a destination to classify traffic into two broad categories: authorized traffic and unauthorized traffic. With capabilities, the network is able to discard unauthorized traffic in favor of authorized traffic, and protects authorized communications from unauthorized attempts. This research will design and evaluate a DoS-resistant network architecture that builds on the concept of capabilities. It will also compare the costs and benefits of this solution with solutions that build on other primitives, such as black-list filters.

View original record on NSF Award Search →
CT-ER: A DoS-resistant Internet Architecture · GrantIndex