Nem Tanto, Nem Tão Pouco: Existe um Timeout Ótimo para PIT CCN na Mitigação ao de Ataques DoS
Abstract
Distributed Denial of Service is still a frequent problem in the current Internet. The Content Centric Networks have been proposed as a new architecture for the Future Internet that has properties that minimize current attacks. However, a new type of flooding attack packets may exploit the content request and distribution protocols. This paper proposes an analytical modeling of flooding attacks in content centric networks, addressing the conditions for such attacks to occur. It also proposes an optimization model that maximizes the system throughput.References
Afanasyev, A., Mahadevan, P., Moiseenko, I., Uzun, E. e Zhang, L. (2013). Interest flooding attack and countermeasures in Named Data Networking. Em Proceedings of International Federation for Information Processing Networking, IFIP 2013.
Afanasyev, A., Moiseenko, I. e Zhang, L. (2012). ndnSIM: NDN simulator for NS-3. Relatório Técnico NDN-0005.
Boteanu, D. e Fernandez, J. M. (2013). A comprehensive study of queue management as a DoS counter-measure. International Journal of Information Security IJIS, SpringerVerlag, páginas 1–36.
Chung, Y. (2012). Distributed denial of service is a scalability problem. ACM SIGCOMM Computer Communication Review, 42(1):69–71.
Gasti, P., Tsudik, G., Uzun, E. e Zhang, L. (2012). DoS & DDoS in Named-Data Networking. http://arxiv.org/abs/1208.0952.
Jacobson, V., Smetters, D. K., Thornton, J. D. e Plass, M. F. (2009). Networking Named Content. International Conference on emerging Networking Experiments and Technologies, CoNEXT’09.
Kendall, D. G. (1951). Some problems in the theory of queues. Journal of the Royal Statistical Society. Series B (Methodological), Wiley for the Royal Statistical Society, 13(2):151–185.
Kharoufeh, J. (2011). The M/G/s/s queue. Wiley Encyclopedia of Operations Research and Management Science, John Wiley & Sons, New York, NY.
Mirkovic, J. e Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2):39–53.
Perino, D. e Varvello, M. (2011). A reality check for Content Centric Networking. Em Proceedings of the ACM SIGCOMM Workshop on Information-Centric Networking, ICN ’11, páginas 44–49.
Ribeiro, I. C. G., Guimarães, F. Q., Kazienko, J., Rocha, A. A. A., Velloso, P. B., Moraes, I. M. e De Albuquerque, C. V. (2012). Segurança em Redes Centradas em Conteúdo: vulnerabilidades, ataques e contramedidas. Minicurso Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, SBSeg, páginas 101–150.
Ross, S. M. (2013). Simulation. Academic Press, 5a. edição.
Takahashi, Y. e Kino, I. (1998). The supplementary variable technique and product form solutions. Communications of Operations Research Society of Japan, 43(10):562–567.
Trossen, D., Sarela, M. e Sollins, K. (2010). Arguments for an information-centric internetworking architecture. ACM SIGCOMM Computer Communications Review, 40(2):26–33.
You, W., Mathieu, B., Truong, P., Peltier, J. e Simon, G. (2012). Realistic storage of pending requests in Content-Centric Network routers. Em International Conference on Communications in China, ICCC, páginas 120–125.
Afanasyev, A., Moiseenko, I. e Zhang, L. (2012). ndnSIM: NDN simulator for NS-3. Relatório Técnico NDN-0005.
Boteanu, D. e Fernandez, J. M. (2013). A comprehensive study of queue management as a DoS counter-measure. International Journal of Information Security IJIS, SpringerVerlag, páginas 1–36.
Chung, Y. (2012). Distributed denial of service is a scalability problem. ACM SIGCOMM Computer Communication Review, 42(1):69–71.
Gasti, P., Tsudik, G., Uzun, E. e Zhang, L. (2012). DoS & DDoS in Named-Data Networking. http://arxiv.org/abs/1208.0952.
Jacobson, V., Smetters, D. K., Thornton, J. D. e Plass, M. F. (2009). Networking Named Content. International Conference on emerging Networking Experiments and Technologies, CoNEXT’09.
Kendall, D. G. (1951). Some problems in the theory of queues. Journal of the Royal Statistical Society. Series B (Methodological), Wiley for the Royal Statistical Society, 13(2):151–185.
Kharoufeh, J. (2011). The M/G/s/s queue. Wiley Encyclopedia of Operations Research and Management Science, John Wiley & Sons, New York, NY.
Mirkovic, J. e Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2):39–53.
Perino, D. e Varvello, M. (2011). A reality check for Content Centric Networking. Em Proceedings of the ACM SIGCOMM Workshop on Information-Centric Networking, ICN ’11, páginas 44–49.
Ribeiro, I. C. G., Guimarães, F. Q., Kazienko, J., Rocha, A. A. A., Velloso, P. B., Moraes, I. M. e De Albuquerque, C. V. (2012). Segurança em Redes Centradas em Conteúdo: vulnerabilidades, ataques e contramedidas. Minicurso Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, SBSeg, páginas 101–150.
Ross, S. M. (2013). Simulation. Academic Press, 5a. edição.
Takahashi, Y. e Kino, I. (1998). The supplementary variable technique and product form solutions. Communications of Operations Research Society of Japan, 43(10):562–567.
Trossen, D., Sarela, M. e Sollins, K. (2010). Arguments for an information-centric internetworking architecture. ACM SIGCOMM Computer Communications Review, 40(2):26–33.
You, W., Mathieu, B., Truong, P., Peltier, J. e Simon, G. (2012). Realistic storage of pending requests in Content-Centric Network routers. Em International Conference on Communications in China, ICCC, páginas 120–125.
Published
2013-11-11
How to Cite
GUIMARÃES, Flávio de Q.; RIBEIRO, Igor C. G.; ROCHA, Antônio A. de A.; ALBUQUERQUE, Célio V. N. de.
Nem Tanto, Nem Tão Pouco: Existe um Timeout Ótimo para PIT CCN na Mitigação ao de Ataques DoS. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 13. , 2013, Manaus.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2013
.
p. 253-266.
DOI: https://doi.org/10.5753/sbseg.2013.19550.
