Proactive detection of DDOS attacks in Publish-Subscribe networks

Information centric networking (ICN) using architectures such as Publish-Subscribe Internet Routing Paradigm (PSIRP) or Publish-Subscribe Internet Technology (PURSUIT) has been proposed as an important candidate for the Internet of the future. ICN is an emerging research area that proposes a transformation of the current host centric Internet architecture into an architecture where information items are of primary importance. This change allows network functions such as routing and locating to be optimized based on the information items themselves. The Bloom filter based content delivery is a source routing scheme that is used in the PSIRP/PURSUIT architectures. Although this mechanism solves many issues of today’s Internet such as the growth of the routing table and the scalability problems, it is vulnerable to distributed denial-of-service (DDoS) attacks. In this paper, we present a new content delivery scheme that has the advantages of Bloom filter based approach while at the same time being able to prevent DDoS attacks on the forwarding mechanism. Our security analysis suggests that with the proposed approach, the forwarding plane is able to resist attacks such as DDoS with very high probabilit

New Internet routing architecture

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (p. 173-181).(cont.) mechanism, a user only needs to know a small region of the Internet in order to select a route to reach a destination. In addition, a novel route representation and packet forwarding scheme is designed such that a source and a destination address can uniquely represent a sequence of providers a packet traverses. Network measurement, simulation, and analytic modeling are used in combination to evaluate the design of NIRA. The evaluation suggests that NIRA is scalable.The present Internet routing system faces two challenging problems. First, unlike in the telephone system, Internet users cannot choose their wide-area Internet service providers (ISPs) separately from their local access providers. With the introduction of new technologies such as broadband residential service and fiber-to-the-home, the local ISP market is often a monopoly or a duopoly. The lack of user choice is likely to reduce competition among wide-area ISPs, limiting the incentives for wide-area ISPs to improve quality of service, reduce price, and offer new services. Second, the present routing system fails to scale effectively in the presence of real-world requirements such as multi-homing for robust and redundant Internet access. A multi-homed site increases the amount of routing state maintained globally by the Internet routing system. As the demand for multi-homing continues to rise, the amount of routing state continues to grow. This dissertation presents the design of a new Internet routing architecture (NIRA) that simultaneously addresses these two problems. NIRA gives a user the ability to choose the sequence of Internet service providers his packets traverse. It also has better scaling characteristics than today's routing system. The design of NIRA is decomposed into four modular components: route discovery, route availability discovery, route representation and packet forwarding, and provider compensation. This dissertation describes mechanisms to realize each of these components. It also makes clear those places in the design where a globally agreed mechanism is needed, and those places where alternative mechanisms can be designed and deployed locally. In particular, this dissertation describes a scalable route discovery mechanism. With thisby Xiaowei Yang.Ph.D

Towards Scalable MANETs

International audienceIn the near-future, self-organized networking is expected to become an important component in ITS, and in the Internet architecture in general. An essential challenge concerning the integration of this new component is the accomplishment of scalable and efficient mobile ad hoc routing. This paper overviews considerations relative to the design of such MANET protocols inside the framework provided by the IETF, stating the need for new hybrid protocols and architecture which offer a gradual transition from "traditional" MANET routing towards scalable MANET routing integrated in the Internet. This paper also proposes a tentative solution in this domain: DHT-OLSR, based on OLSR enhanced with dynamic clustering and distributed hash table routing

A software-defined architecture for next-generation cellular networks

In the recent years, mobile cellular networks are undergoing fundamental changes and many established concepts are being revisited. New emerging paradigms, such as Software-Defined Networking (SDN), Mobile Cloud Computing (MCC), Network Function Virtualization (NFV), Internet of Things (IoT),and Mobile Social Networking (MSN), bring challenges in the design of cellular networks architectures. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a scalable and efficient way. In this paper, first we discuss the limitations of the current LTE architecture. Second, driven by the new communication needs and by the advances in aforementioned areas, we propose a new architecture for next generation cellular networks. Some of its characteristics include support for distributed content routing, Heterogeneous Networks(HetNets) and multiple Radio Access Technologies (RATs). Finally, we present simulation results which show that significant backhaul traffic savings can be achieved by implementing caching and routing functions at the network edge

Multi-region routing

Dissertação apresentada na Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa para a obtenção do grau de Mestre em Engenharia Electrotécnica e de ComputadoresThis thesis proposes a new inter-domain routing protocol. The Internet's inter-domain routing protocol Border Gateway Protocol (BGP) provides a reachability solution for all domains; however it is also used for purposes outside of routing. In terms of routing BGP su ers from serious problems, such as slow routing convergence and limited scalability. The proposed architecture takes into consideration the current Internet business model and structure. It bene ts from a massively multi-homed Internet to perform multipath routing. The main foundation of this thesis was based on the Dynamic Topological Information Architecture (DTIA). We propose a division of the Internet in regions to contain the network scale where DTIA's routing algorithm is applied. An inter-region routing solution was devised to connect regions; formal proofs were made in order to demonstrate the routing convergence of the protocol. An implementation of the proposed solution was made in the network simulator 2 (ns-2). Results showed that the proposed architecture achieves faster convergence than BGP. Moreover, this thesis' solution improves the algorithm's scalability at the inter-region level, compared to the single region case

Link State Contract Routing

The Internet's simple design resulted in huge success in basic telecommunicationservices. However, the current Internet architecture has failed in terms of introducingmany innovative technologies as end-to-end (E2E) services such as multicasting,guaranteed quality of services (QoS) and many others. We argue that contractingover static service level agreements (SLA) and point-to-anywhere service definitionsare the main reasons behind this failure. In that sense, the Internet architecture needsmajor shifts since it neither allows (i) users to indicate their value choices at sufficientgranularity nor (ii) providers to manage risks involved in investment for new innovativeQoS technologies and business relationships with other providers as well as users.To allow these much needed economic flexibilities, we introduce contract-switching asa new paradigm for the design of future Internet architecture. In this work, we implementcontract-routing framework with specific focus on long-term contracted servicesin Link State Contract Routing scheme. Our work shows that E2e guaranteed QoSservices can be achieved in routing over contracted edge-to-edge service abstractionswhich are built on today's popular protocols with reasonable protocol overhead

Scale-free networks and scalable interdomain routing

Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia InformáticaThe exponential growth of the Internet, due to its tremendous success, has brought to light some limitations of the current design at the routing and arquitectural level, such as scalability and convergence as well as the lack of support for traffic engineering, mobility, route differentiation and security. Some of these issues arise from the design of the current architecture, while others are caused by the interdomain routing scheme - BGP. Since it would be quite difficult to add support for the aforementioned issues, both in the interdomain architecture and in the in the routing scheme, various researchers believe that a solution can only achieved via a new architecture and (possibly) a new routing scheme. A new routing strategy has emerged from the studies regarding large-scale networks, which is suitable for a special type of large-scale networks which characteristics are independent of network size: scale-free networks. Using the greedy routing strategy a node routes a message to a given destination using only the information regarding the destination and its neighbours, choosing the one which is closest to the destination. This routing strategy ensures the following remarkable properties: routing state in the order of the number of neighbours; no requirements on nodes to exchange messages in order to perform routing; chosen paths are the shortest ones. This dissertation aims at: studying the aforementioned problems, studying the Internet configuration as a scale-free network, and defining a preliminary path onto the definition of a greedy routing scheme for interdomain routing