Defending against Large-scale Internet DDoS Attacks

演讲人: Adrian Perrig Carnegie Mellon University
时间: 2005-05-24 09:00-2005-05-24 09:00
地点:FIT-1-222, Tsinghua University

Today's Internet hosts are threatened by IP spoofing attacks and large scale Distributed Denial-of-Service (DDoS) attacks. We propose two new defense mechanisms, Pi and SIFF. Pi enables receivers to detect packets with a spoofed IP source address, and SIFF enables receivers to stop malicious flows in the Internet.
In Pi, a packet is marked deterministically by routers along its path towards the destination. Packets traveling along the same path will have the same marking so that an attack victim need only identify the Pi marks of attack packets to filter out all further attack packets with the same marking. In addition, the victim can associate Pi marks with source IP addresses to detect source IP address spoofing by changes in the corresponding Pi mark.
Our Stateless Internet Flow Filter (SIFF) enables an end-host to selectively stop individual flows before ever reaching its network, without requiring routers to keep per-flow state and without requiring ISP cooperation. We divide all network traffic into two classes, privileged (prioritized packets subject to recipient control) and unprivileged (legacy traffic). Privileged channels are established through a capability exchange handshake. Capabilities are dynamic and verified statelessly by the routers in the network, and can be revoked by quenching update messages to an offending host. SIFF is transparent to legacy clients and servers, but only updated hosts will enjoy its benefits.


Adrian Perrig is an Assistant Professor in Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science at Carnegie Mellon University. He earned his Ph.D. degree in Computer Science from Carnegie Mellon University, and spent three years during his Ph.D. degree at University of California at Berkeley. He received his B.Sc. degree in Computer Engineering from the Swiss Federal Institute of Technology in Lausanne (EPFL). Adrian's research interests revolve around building secure systems and include Internet security, security for sensor networks and mobile applications. More information about his research is available at: