Abstract

****************************************
Denial of service (DoS) attacks frequently happen on
the Internet, paralyzing Internet services and causing millions of
dollars of financial loss.  A number of network architectures have
been proposed to address the DoS problem, but they all resort to
per-host fair queuing to protect legitimate senders when the
assumption that receivers can be trusted to expel attack traffic
fails. This work presents NetFence, a DoS-resistant network
architecture that provably guarantees a sender's fair share of network
resources without keeping per-host queues in core network routers and
without trusting the receivers. It behaves as effectively as a
capability-based system when receivers can identify and bar unwanted
traffic. We use a Linux implementation, testbed experiments,
ns-2 simulations, and theoretical analysis to show that NetFence is an
effective and scalable DoS solution that reduces the amount of state
maintained by
the bottleneck routers in network core by a few orders of magnitude.
****************************************

Speaker Bio
****************************************
Xiaowei Yang is an assistant professor in the Department of Computer
Science at Duke University. Before joining Duke, she was an assistant
professor in the Department of Computer Science at the University of
California at Irvine. She received a PhD in Computer Science from
Massachusetts Institute of Technology, and a BE in Electronic
Engineering from Tsinghua University. She is a receipt of the NSF
CAREER award.
****************************************