Atre et al., 2022 - Google Patents
Surgeprotector: Mitigating temporal algorithmic complexity attacks using adversarial schedulingAtre et al., 2022
View PDF- Document ID
- 10346241130005621923
- Author
- Atre N
- Sadok H
- Chiang E
- Wang W
- Sherry J
- Publication year
- Publication venue
- Proceedings of the ACM SIGCOMM 2022 Conference
External Links
Snippet
Denial-of-Service (DoS) attacks are the bane of public-facing network deployments. Algorithmic complexity attacks (ACAs) are a class of DoS attacks where an attacker uses a small amount of adversarial traffic to induce a large amount of work in the target system …
- 230000000116 mitigating 0 title abstract description 23
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/24—Flow control or congestion control depending on the type of traffic, e.g. priority or quality of service [QoS]
- H04L47/2441—Flow classification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
- H04L12/56—Packet switching systems
- H04L12/5693—Queue scheduling in packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/22—Traffic shaping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/19—Flow control or congestion control at layers above network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/46—Multiprogramming arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Atre et al. | Surgeprotector: Mitigating temporal algorithmic complexity attacks using adversarial scheduling | |
| Sonchack et al. | Enabling Practical Software-defined Networking Security Applications with OFX. | |
| Kaufmann et al. | High performance packet processing with flexnic | |
| Zhang et al. | Control plane reflection attacks in SDNs: New attacks and countermeasures | |
| Kohler et al. | The Click modular router | |
| CN101771627B (en) | Equipment and method for analyzing and controlling node real-time deep packet on internet | |
| AlSabah et al. | DefenestraTor: Throwing out windows in Tor | |
| Kotani et al. | A packet-in message filtering mechanism for protection of control plane in openflow networks | |
| Addanki et al. | ABM: Active buffer management in datacenters | |
| US9712374B1 (en) | Network services resource management | |
| Ricciulli et al. | TCP SYN flooding defense | |
| Tsikoudis et al. | LEoNIDS: A low-latency and energy-efficient network-level intrusion detection system | |
| Scholz et al. | SYN flood defense in programmable data planes | |
| CN103442076A (en) | Usability guarantee method for cloud storage system | |
| Sadok et al. | A case for spraying packets in software middleboxes | |
| Zhang et al. | Control plane reflection attacks and defenses in software-defined networks | |
| Yu et al. | Cebinae: Scalable in-network fairness augmentation | |
| US11811733B2 (en) | Systems and methods for operating a networking device | |
| Csikor et al. | Tuple space explosion: A denial-of-service attack against a software packet classifier | |
| Fejes et al. | Who will save the internet from the congestion control revolution? | |
| Wu et al. | Efficient large flow detection over arbitrary windows: An algorithm exact outside an ambiguity region | |
| Zhou et al. | Cerberus: Enabling efficient and effective in-network monitoring on programmable switches | |
| Addanki et al. | Credence: Augmenting Datacenter Switch Buffer Sharing with {ML} Predictions | |
| Beams et al. | Packet scheduling with optional client privacy | |
| Cascone et al. | Relaxing state-access constraints in stateful programmable data planes |