Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks defense approaches overwhelming. This paper presents two taxonomies for classifying defenses, thus provides researchers with better understanding problem current solution space. attack classification criteria was selected to highlight commonalities important features strategies, that define challenges dictate design countermeasures. taxonomy classifies body existing DDoS defenses...

Distributed denial-of-service (DDoS) attacks present an Internet-wide threat. We propose D-WARD, a DDoS defense system deployed at source-end networks that autonomously detects and stops originating from these networks. Attacks are detected by the constant monitoring of two-way traffic flows between network rest Internet periodic comparison with normal flow models. Mismatching rate-limited in proportion to their aggressiveness. D-WARD offers good service legitimate even during attack, while...

The Transmission Control Protocol (TCP) carries most Internet traffic, so performance of the depends to a great extent on how well TCP works. Performance characteristics particular version are defined by congestion control algorithm it employs. This paper presents survey various proposals that preserve original host-to-host idea TCP-namely, neither sender nor receiver relies any explicit notification from network. proposed solutions focus variety problems, starting with basic problem...

We describe a new approach to power saving and battery life extension on an untethered laptop through wireless remote processing of power-costly tasks. ran series experiments comparing the consumption processes run locally with that same remotely. examined trade-off between communication expenditures cost local processing. This paper describes our methodology results experiments. suggest ways further improve this approach, outline software design support process execution.

Forcing all IP packets to carry correct source addresses can greatly help network security, attack tracing, and problem debugging. However, due asymmetries in today's Internet routing, routers do not have readily available information verify the correctness of address for each incoming packet. In this paper we describe a new protocol, named SAVE, that provide with needed validation. SAVE messages propagate valid from location destinations, allowing router along way build an table associates...

Defenses against flooding distributed denial-of-service (DDoS) commonly respond to the attack by dropping excess traffic, thus reducing overload at victim. The major challenge is differentiation of legitimate from so that policies can be selectively applied. We propose D-WARD, a source-end DDoS defense system achieves autonomous detection and surgically accurate response, thanks its novel traffic profiling techniques, adaptive response deployment. Moderate volumes seen near sources, even...

Reducing power consumption for server-class computers is important, since increased energy usage causes more heat dissipation, greater cooling requirements, reduced computational density, and higher operating costs. For a typical data center, storage accounts 27% of consumption. Conventional RAIDs cannot easily reduce because loads are balanced to use all disks, even light loads. We have built the power-aware RAID (PARAID), which reduces commodity disks without specialized hardware. PARAID...

One approach to detecting insider misbehavior is monitor system call activity and watch for danger signs or unusual behavior. We describe an experimental designed test this approach. tested the system's ability detect common by examining file process-related calls. Our results show that can many such activities.

Increasing use of the Internet for critical services makes flooding distributed denial-of-service (DDoS) a top security threat. A nature DDoS suggests that mechanism is necessary successful defense. Three main defense functionalities -- attack detection, rate limiting and traffic differentiation are most effective when performed at victim-end, core sourceend respectively. Many existing systems in one aspect defense, but none offers comprehensive solution has seen wide deployment. We propose...

This research proposes and tests an approach to engineering distributed file systems that are aimed at wide-scale, Internet-based use. The premise is replication essential deliver performance availability, yet the traditional conservative replica consistency algorithms do not scale this environment. Our Ficus replicated system uses a single-copy optimistic update policy with reconciliation reliably detect concurrent updates automatically restore of directory replicas. peer-to-peer model in...

Article Free Access Share on The remote processing framework for portable computer power saving Authors: Alexey Rudenko University of California, Los Angeles AngelesView Profile , Peter Reiher Gerald J. Popek PLATINUM technology Inc. Inc.View Geoffrey H. Kuenning Computer Science Department, Harvey Mudd College CollegeView Authors Info & Claims SAC '99: Proceedings the 1999 ACM symposium Applied computingFebruary Pages 365–372https://doi.org/10.1145/298151.298385Online:28 February...

Currently, there is no effective defense against large-scale distributed denial-of-service (DDoS) attacks. While numerous DDoS systems exist that offer excellent protection from specific attack types and scenarios, they can frequently be defeated by an attacker aware of their weaknesses. A necessary requirement for successful wide deployment, but none these guarantee deployment simply because depends more on market social aspects than the technical performance system.To successfully handle...

Optimistic systems execute events out of order and must undo their errors to produce correct results. Undoing incorrect work can be expensive. By restraining optimism, such might fewer thereby run faster. This paper examines two methods tested in the Time Warp Operating System. The first method explicitly prevents from executing far simulation future. second tries identify objects that are doing has undone; allowed less often. Experimental results show only modest gains were realized, even...

Researchers in the denial-of-service (DoS) field lack accurate, quantitative, and versatile metrics to measure service denial simulation testbed experiments. Without such metrics, it is impossible severity of various attacks, quantify success proposed defenses, compare their performance. Existing DoS equate with slow communication, low throughput, high resource utilization, loss rate. These are not because they fail monitor all traffic parameters that signal degradation. They quantitative...

The increasing popularity and acceptance of VANETs will make the deployment autonomous vehicles easier faster since VANET reduce dependence on expensive sensors.However, these benefits are counterbalanced by possible security attacks.We demonstrate a VANET-based botnet attack in an vehicle scenario that can cause serious congestion targeting hot spot road segments.We show via simulation increase trip times cars targeted area orders magnitude.After 5 minutes, becomes completely unusable.More...

Most network applications provide poor service when the network's capabilities are below a minimum level assumed by developer. As wider array of technologies become available, users will be increasingly frustrated with lack flexibility in such applications. The services provided an application should tunable to appropriate for and associated costs underlying network. Other researchers have shown that proxy agents can tailor communication pattern characteristics Dynamic deployment multiple...

Modern file systems assume the use of disk, a system-wide performance bottleneck for over decade. Current disk caching and RAM either impose high overhead to access memory content or fail provide mechanisms achieve data persistence across reboots.The Conquest system is based on observation that becoming inexpensive, which enables all services be delivered from memory, except providing large storage capacity. Unlike caching, uses with battery backup as persistent storage, provides specialized...