Source address filtering in large scale network: A cooperative software mechanism design

Shu Yang; Mingwei Xu; Dan Wang; Jianping Wu

doi:10.1145/2079327.2079328

Source address filtering in large scale network: A cooperative software mechanism design

Shu Yang, Mingwei Xu, Dan Wang, Jianping Wu

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

Abstract

To prevent network infrastructure from malicious traffic, such as DDoS attack and scanning, source filtering is widely used in the network. There are different ways to store the filters, e.g., a blacklist of source addresses. Among them, TCAM-based is used as the de facto, because of its wire speed performance. Unfortunately, TCAM is a scarce resource because it's limited by small capacity, high power consumption and high cost. To save storage space, some TCAM-based solutions even block part of the legitimate traffic for better aggregation. Another choice is software based solutions, which have larger storage space compared to hardware based solutions. However, they require multiple accesses for a single lookup, which causes latency.

Original language	English
Title of host publication	Proceedings of the ACM CoNEXT Student Workshop, CoNEXT 2011
DOIs	https://doi.org/10.1145/2079327.2079328
Publication status	Published - 1 Dec 2011
Event	2011 ACM CoNext Student Workshop, CoNEXT 2011 - Tokyo, Japan Duration: 6 Dec 2011 → 6 Dec 2011

Publication series

Name	Proceedings of the ACM CoNEXT Student Workshop, CoNEXT 2011

Conference

Conference	2011 ACM CoNext Student Workshop, CoNEXT 2011
Country/Territory	Japan
City	Tokyo
Period	6/12/11 → 6/12/11

ASJC Scopus subject areas

Computer Networks and Communications

More information

10.1145/2079327.2079328

Cite this

@inproceedings{510cce22d1404b0aa52b2e62e4e88fe1,

title = "Source address filtering in large scale network: A cooperative software mechanism design",

abstract = "To prevent network infrastructure from malicious traffic, such as DDoS attack and scanning, source filtering is widely used in the network. There are different ways to store the filters, e.g., a blacklist of source addresses. Among them, TCAM-based is used as the de facto, because of its wire speed performance. Unfortunately, TCAM is a scarce resource because it's limited by small capacity, high power consumption and high cost. To save storage space, some TCAM-based solutions even block part of the legitimate traffic for better aggregation. Another choice is software based solutions, which have larger storage space compared to hardware based solutions. However, they require multiple accesses for a single lookup, which causes latency.",

author = "Shu Yang and Mingwei Xu and Dan Wang and Jianping Wu",

year = "2011",

month = dec,

day = "1",

doi = "10.1145/2079327.2079328",

language = "English",

isbn = "1595930361",

series = "Proceedings of the ACM CoNEXT Student Workshop, CoNEXT 2011",

booktitle = "Proceedings of the ACM CoNEXT Student Workshop, CoNEXT 2011",

note = "2011 ACM CoNext Student Workshop, CoNEXT 2011 ; Conference date: 06-12-2011 Through 06-12-2011",

}

Source address filtering in large scale network: A cooperative software mechanism design. / Yang, Shu; Xu, Mingwei; Wang, Dan et al.
Proceedings of the ACM CoNEXT Student Workshop, CoNEXT 2011. 2011. (Proceedings of the ACM CoNEXT Student Workshop, CoNEXT 2011).

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Source address filtering in large scale network

T2 - 2011 ACM CoNext Student Workshop, CoNEXT 2011

AU - Yang, Shu

AU - Xu, Mingwei

AU - Wang, Dan

AU - Wu, Jianping

PY - 2011/12/1

Y1 - 2011/12/1

N2 - To prevent network infrastructure from malicious traffic, such as DDoS attack and scanning, source filtering is widely used in the network. There are different ways to store the filters, e.g., a blacklist of source addresses. Among them, TCAM-based is used as the de facto, because of its wire speed performance. Unfortunately, TCAM is a scarce resource because it's limited by small capacity, high power consumption and high cost. To save storage space, some TCAM-based solutions even block part of the legitimate traffic for better aggregation. Another choice is software based solutions, which have larger storage space compared to hardware based solutions. However, they require multiple accesses for a single lookup, which causes latency.

AB - To prevent network infrastructure from malicious traffic, such as DDoS attack and scanning, source filtering is widely used in the network. There are different ways to store the filters, e.g., a blacklist of source addresses. Among them, TCAM-based is used as the de facto, because of its wire speed performance. Unfortunately, TCAM is a scarce resource because it's limited by small capacity, high power consumption and high cost. To save storage space, some TCAM-based solutions even block part of the legitimate traffic for better aggregation. Another choice is software based solutions, which have larger storage space compared to hardware based solutions. However, they require multiple accesses for a single lookup, which causes latency.

UR - http://www.scopus.com/inward/record.url?scp=84862946423&partnerID=8YFLogxK

U2 - 10.1145/2079327.2079328

DO - 10.1145/2079327.2079328

M3 - Conference article published in proceeding or book

AN - SCOPUS:84862946423

SN - 1595930361

SN - 9781595930361

T3 - Proceedings of the ACM CoNEXT Student Workshop, CoNEXT 2011

BT - Proceedings of the ACM CoNEXT Student Workshop, CoNEXT 2011

Y2 - 6 December 2011 through 6 December 2011

ER -

Source address filtering in large scale network: A cooperative software mechanism design

Abstract

Publication series

Conference

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this