发明名称 |
METHOD AND APPARATUS FOR IMPROVING THE RESILIENCE OF CONTENTDISTRIBUTION NETWORKS TO DISTRIBUTED DENIAL OF SERVICE ATTACKS |
摘要 |
Several deterrence mechanisms suitable for content distribution networks (CD N) (120) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism , an attacker is required to generate O(n2) amount of traffic to victimize a C DN- hosted site (120) when the site content is served from n CDN caches. Without these modifications, the attacker must generate only 0(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation amon g CDN-hosted Web sites (120) to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site tha t disables its assigned servers, does not also bring down other Web sites host ed by the CDN (120).
|
申请公布号 |
CA2493350(A1) |
申请公布日期 |
2004.02.05 |
申请号 |
CA20032493350 |
申请日期 |
2003.06.24 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
CHENG, PAU-CHEN;CHARI, SURESH N.;LEE, KANG-WON;SHAIKH, ANEES A.;SAHU, SAMBIT |
分类号 |
G06F21/20;G06F13/00;G06F15/00;G06F15/173;H04L9/00;H04L9/32;H04L12/56;H04L29/06;H04L29/08;(IPC1-7):G06F13/00 |
主分类号 |
G06F21/20 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|