Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks

TL;DR

This paper introduces an automatic, real-time Internet traffic filtering protocol to effectively counteract DoS attacks, reducing manual intervention and enhancing network security.

Contribution

The paper presents a novel automatic filter propagation protocol that provides guaranteed protection against DoS attacks with bounded resource use and resistance to abuse.

Findings

Provides real-time automatic filtering against DoS attacks

Ensures protection with bounded router resource usage

Maintains efficiency amid Internet growth

Abstract

Denial of Service (DoS) attacks are one of the most challenging threats to Internet security. An attacker typically compromises a large number of vulnerable hosts and uses them to flood the victim's site with malicious traffic, clogging its tail circuit and interfering with normal traffic. At present, the network operator of a site under attack has no other resolution but to respond manually by inserting filters in the appropriate edge routers to drop attack traffic. However, as DoS attacks become increasingly sophisticated, manual filter propagation becomes unacceptably slow or even infeasible. In this paper, we present Active Internet Traffic Filtering, a new automatic filter propagation protocol. We argue that this system provides a guaranteed, significant level of protection against DoS attacks in exchange for a reasonable, bounded amount of router resources. We also argue that the proposed system cannot be abused by a malicious node to interfere with normal Internet operation. Finally, we argue that it retains its efficiency in the face of continued Internet growth.