Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks

Denial of Service (DoS) attacks are one of the most challenging threats to Internet security. An attacker typically compromises a large number of vulnerable hosts and uses them to flood the victim's site with malicious traffic, clogging its tail circuit and interfering with normal traffic. At present, the network operator of a site under attack has no other resolution but to respond manually by inserting filters in the appropriate edge routers to drop attack traffic. However, as DoS attacks become increasingly sophisticated, manual filter propagation becomes unacceptably slow or even infeasible. In this paper, we present Active Internet Traffic Filtering, a new automatic filter propagation protocol. We argue that this system provides a guaranteed, significant level of protection against DoS attacks in exchange for a reasonable, bounded amount of router resources. We also argue that the proposed system cannot be abused by a malicious node to interfere with normal Internet operation. Finally, we argue that it retains its efficiency in the face of continued Internet growth.Comment: Briefly describes the core ideas of AITF, a protocol for facing Denial of Service Attacks. 6 pages lon

Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking

Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. In CCN, named content becomes a first-class entity. CCN focuses on content distribution, which dominates current Internet traffic and is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on distributed denial-of-service (DDoS) attacks; in particular we address interest flooding, an attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.Comment: The IEEE Conference on Local Computer Networks (LCN 2013

Controlling High Bandwidth Aggregates in the Network

The current Internet infrastructure has very few built-in protection mechanisms, and is therefore vulnerable to attacks and failures. In particular, recent events have illustrated the Internet's vulnerability to both denial of service (DoS) attacks and flash crowds in which one or more links in the network (or servers at the edge of the network) become severely congested. In both DoS attacks and flash crowds the congestion is due neither to a single flow, nor to a general increase in traffic, but to a well-defined subset of the traffic --- an aggregate. This paper proposes mechanisms for detecting and controlling such high bandwidth aggregates. Our design involves both a local mechanism for detecting and controlling an aggregate at a single router, and a cooperative pushback mechanism in which a router can ask upstream routers to control an aggregate. While certainly not a panacea, these mechanisms could provide some needed relief from flash crowds and flooding-style DoS attacks. The presentation in this paper is a first step towards a more rigorous evaluation of these mechanisms

Desarrollo de un modelo probabilístico y aplicación en Java para el cálculo de tiempos de Taxi Out

BibliografiaEn este proyecto se ha desarrollado un nuevo modelo para el cálculo de tiempos de Taxi-Out así como una aplicación escrita en el lenguaje de programación Java que hace uso de una base de datos SQL. La aplicación integra y utiliza el modelo presentado en combinación con la simulación orientada a eventos discretos para intentar calcular de forma más fidedigna los tiempos de recorrido de una aeronave, desde que sale de parking hasta su llegada a cabecera de pista.En aquest projecte s'ha desenvolupat un nou model pel càlcul de temps de Taxi-Out així com una aplicació escrita en el llenguatge de Java que fa ús d'una base de dades SQL. La aplicació integra i utilitza el model presentat en combinació amb la simulació orientada a sdeveniments discrets per intentar calcular de forma més fidedigna els temps de recorregut dels aeronaus, des de que surt del pàrquing fins la seva arribada a capçalera de pista.In this paper we have developed a new model to calculate aircrafts taxi-out times. Also we have designed an application in Java code which uses a SQL database. The application integrates the developed model in combination with a discrete event simulation. This makes more accurate the calculation of the time between parking to takeoff queue