Proof for effective and efficient web caching

Perfect-LFU, the optimal replacement policy for Web caches, achieves high performance (cache hit-rate) exploiting Zipf's law, but is very expensive to implement. It is proved that an alternative policy, called Window-LFU, achieves equivalent performance at a significantly lower cost.Electronics Letter

Packet-Marking Scheme for DDoS Attack Prevention

Abstract One of the main difficulties in the detection and prevention of Distributed Denial of Service (DDoS) attacks is that the incoming packets cannot be traced back to the source of the attack, because (typically) they contain invalid or spoofed source IP address. For that reason, a victim system cannot determine whether an incoming packet is part of a DDoS attack or belongs to a legitimate user. Various methods have been proposed to solve the problem of IP traceback for large packet flows. These methods rely on the assumption that they can gather a sufficient number of packets from the same source, in order to reconstruct the traversed path or to determine the source address. In this paper we introduce a packet marking scheme which enables the unique identification of the path that each incoming packet has traversed, relying only on the information inside that packet. We show how the proposed scheme enables real time identification and filtering of the DDoS attack traffic. The proposed scheme is simple to implement, introduces no bandwidth overhead, low computational overhead and has low fault probability. Using the above metrics, we compare our proposed scheme with existing marking schemes and demonstrate its advantages over them. Finally, we introduce a method that can be used post mortem, in order to determine the source IP address of the attacking systems (up to the nearest router to the source)