Stateless Filtering Based on Enhanced Capabilities
Jin Guang①② Yang Jian-gang① Wei Wei① Dong Ya-bo①
①(College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China) ②(College of Information Science and Engineering, Ningbo University, Ningbo 315211, China)
Abstract:Major defensive mechanisms against DoS attacks in the Internet are reviewed. Especially the most recent capabilities techniques, such as basic concepts, stateless flow filtering and the Traffic Validation Architecture (TVA), are analyzed deeply. The related discussions about the shortcomings of current capabilities techniques, such as potential Denial-of-Capability (DoC) attacks, decrement of transmission efficiency, are given in detail. Some improvement methods are provided. They include protecting capabilities requests with notifications, bi-level capabilities, flexible and dynamical capabilities assignment, etc. These methods enhance the robustness and efficiency of capabilities. Theoretical evaluations and simulations show that the improvements outperform original schemes and are more practical in the Internet.