发明名称 |
Method and apparatus for improving the resilience of content distribution networks to distributed denial of service attacks |
摘要 |
Several deterrence mechanisms suitable for content distribution networks (CDN) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism, an attacker is required to generate O(n2)amount of traffic to victimize a CDN-hosted site when the site content is served from n CDN caches. Without these modifications, the attacker must generate only O(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation among CDN-hosted Web sites to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site that disables its assigned servers, does not also bring down other Web sites hosted by the CDN.
|
申请公布号 |
US7836295(B2) |
申请公布日期 |
2010.11.16 |
申请号 |
US20020207695 |
申请日期 |
2002.07.29 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
CHARI SURESH N.;CHENG PAU-CHEN;LEE KANG-WON;SAHU SAMBIT;SHAIKH ANEES A. |
分类号 |
G06F21/20;H04L12/66;G06F13/00;G06F15/00;G06F15/173;H04L9/00;H04L9/32;H04L12/56;H04L29/06;H04L29/08 |
主分类号 |
G06F21/20 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|