Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
INFOCOM
2009
IEEE
2009
IEEE
Adaptive Early Packet Filtering for Defending Firewalls Against DoS Attacks
—A major threat to data networks is based on the fact that some traffic can be expensive to classify and filter as it will undergo a longer than average list of filtering rules before being rejected by the default deny rule. An attacker with some information about the access-control list (ACL) deployed at a firewall or an intrusion detection and prevention system (IDS/IPS) can craft packets that will have maximum cost. Most optimizations made to current filtering techniques target the accepted traffic. In this paper, we present a techniques that is light weight, traffic-adaptive and can be deployed on top of any filtering mechanism to pre-filter unwanted expensive traffic. The technique utilizes Internet traffic characteristics coupled with special carefully tuned representation of the policy to generate early defense policies. We use Boolean expressions built as BDDs to represent relaxed versions of the policy that are faster to evaluate. Moreover, it is guaranteed that t...
Real-time Traffic| Added | 24 May 2010 |
| Updated | 24 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | INFOCOM |
| Authors | Adel El-Atawy, Ehab Al-Shaer, Tung Tran, Raouf Boutaba |
Comments (0)
Researcher Info
|
