Xiaowei Yang

NetFence: Preventing Internet Denial of Service from Inside Out

By: 
Xin Liu, Xiaowei Yang, and Yong Xia
Appears in: 
CCR October 2010

Denial of Service (DoS) attacks frequently happen on the Internet, paralyzing Internet services and causing millions of dollars of financial loss. This work presents NetFence, a scalable DoSresistant network architecture. NetFence uses a novel mechanism, secure congestion policing feedback, to enable robust congestion policing inside the network. Bottleneck routers update the feedback in packet headers to signal congestion, and access routers use it to police senders’ traffic.

To Filter or to Authorize: Network-Layer DoS Defense Against Multimillion-node Botnets

By: 
Xin Liu, Xiaowei Yang, and Yanbin Lu
Appears in: 
CCR October 2008

This paper presents the design and implementation of a filter-based DoS defense system (StopIt) and a comparison study on the effectiveness of filters and capabilities. Central to the StopIt design is a novel closed-control, open-service architecture: any receiver can use StopIt to block the undesired traffic it receives, yet the design is robust to various strategic attacks from millions of bots, including filter exhaustion attacks and bandwidth flooding attacks that aim to disrupt the timely installation of filters.

Syndicate content