The University of Southampton
University of Southampton Institutional Repository

Scalable bandwidth allocation based on domain attributes: Towards a DDoS-resistant data center

Scalable bandwidth allocation based on domain attributes: Towards a DDoS-resistant data center
Scalable bandwidth allocation based on domain attributes: Towards a DDoS-resistant data center

As the flourishing of cloud services, data centers are widely invested and deployed. However, facing the hazard of Distributed Denial of Service (DDoS) attacks, legitimate users' bandwidth access to a data center is not yet a guarantee. In response, capability-based DDoS defenses provide a promising countermeasure, especially when leveraging Autonomous System (AS) as a geographic constraint to throttle attacking flows. Unfortunately, previous schemes essentially involve a source-AS fair sharing strategy, which is too coarse-grained to provide fairness among heterogeneous AS entities. This paper proposes D4, a capability-based data center protection with state-defined allocating granularity. We differentiate the states of stub ASes through diverse aspects of domain attributes. D4 enables fair bandwidth allocation among source domains and scalable data center access for users. Our scheme is integrated with Border Gateway Protocol and can be practically deployed by Internet data centers. We illustrate the effectiveness of D4 via experiments under different scenarios and comparative simulations with closely related schemes.

Capability-based schemes, Cloud computing, Data center, Distributed denial of service defense, Domain attribute
1-6
Institute of Electrical and Electronics Engineers Inc.
Zhang, Yao
08d95f3b-0bee-4e08-809c-6fa2262d13fc
Xie, Lijia
3918b2ca-baee-4961-88a2-c81576965faa
Zhang, Dong
92a6427a-2020-4e81-9838-923d7964ed14
Liu, Gang
4e4751d4-284b-491e-a114-06948ce6d796
Wang, Qi
91220429-39a1-459a-9dfb-20fb90bfa974
Zhang, Yao
08d95f3b-0bee-4e08-809c-6fa2262d13fc
Xie, Lijia
3918b2ca-baee-4961-88a2-c81576965faa
Zhang, Dong
92a6427a-2020-4e81-9838-923d7964ed14
Liu, Gang
4e4751d4-284b-491e-a114-06948ce6d796
Wang, Qi
91220429-39a1-459a-9dfb-20fb90bfa974

Zhang, Yao, Xie, Lijia, Zhang, Dong, Liu, Gang and Wang, Qi (2018) Scalable bandwidth allocation based on domain attributes: Towards a DDoS-resistant data center. In 2017 IEEE Global Communications Conference, GLOBECOM 2017 - Proceedings. vol. 2018-January, Institute of Electrical and Electronics Engineers Inc. pp. 1-6 . (doi:10.1109/GLOCOM.2017.8254004).

Record type: Conference or Workshop Item (Paper)

Abstract

As the flourishing of cloud services, data centers are widely invested and deployed. However, facing the hazard of Distributed Denial of Service (DDoS) attacks, legitimate users' bandwidth access to a data center is not yet a guarantee. In response, capability-based DDoS defenses provide a promising countermeasure, especially when leveraging Autonomous System (AS) as a geographic constraint to throttle attacking flows. Unfortunately, previous schemes essentially involve a source-AS fair sharing strategy, which is too coarse-grained to provide fairness among heterogeneous AS entities. This paper proposes D4, a capability-based data center protection with state-defined allocating granularity. We differentiate the states of stub ASes through diverse aspects of domain attributes. D4 enables fair bandwidth allocation among source domains and scalable data center access for users. Our scheme is integrated with Border Gateway Protocol and can be practically deployed by Internet data centers. We illustrate the effectiveness of D4 via experiments under different scenarios and comparative simulations with closely related schemes.

Full text not available from this repository.

More information

Published date: 10 January 2018
Venue - Dates: 2017 IEEE Global Communications Conference, Singapore, Singapore, 2017-12-04 - 2017-12-08
Keywords: Capability-based schemes, Cloud computing, Data center, Distributed denial of service defense, Domain attribute

Identifiers

Local EPrints ID: 420853
URI: http://eprints.soton.ac.uk/id/eprint/420853
PURE UUID: 89ff2669-66f9-4202-89db-42648669f0c6
ORCID for Qi Wang: ORCID iD orcid.org/0000-0003-2645-5807

Catalogue record

Date deposited: 17 May 2018 16:30
Last modified: 13 Mar 2019 18:28

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×