Results 1 - 10 of 116

LIPS: Lightweight Internet Permit System for Stopping Unwanted Packets

by Changho Choi, Yingfei Dong
"... Abstract. In this paper, we propose a Lightweight Internet Permit System (LIPS) that provides a lightweight, scalable packet authentication mechanism for ensuring traffic-origin accountability. LIPS is a simple extension of IP, in which each packet carries an access permit issued by its destination ..."
Abstract - Add to MetaCart
protected critical servers and links from being flooded by unwanted packets with negligible overheads. We propose LIPS as an domain-to-domain approach to stop unwanted attacks, without requiring broad changes in backbone networks as other approaches. Therefore, LIPS is incrementally deployable in a large

The BSD Packet Filter: A New Architecture for User-level Packet Capture

by Steven Mccanne, Van Jacobson , 1992
"... Many versions of Unix provide facilities for user-level packet capture, making possible the use of general purpose workstations for network monitoring. Because network monitors run as user-level processes, packets must be copied across the kernel/user-space protection boundary. This copying can be m ..."
Abstract - Cited by 568 (2 self) - Add to MetaCart
be minimized by deploying a kernel agent called a packet filter, which discards unwanted packets as early as possible. The original Unix packet filter was designed around a stack-based filter evaluator that performs sub-optimally on current RISC CPUs. The BSD Packet Filter (BPF) uses a new, registerbased

Stopping Unwanted Traffic using Lightweight Permits ⋆

by Yingfei Dong A, Changho Choi, Zhi-li Zhang B
"... One of key security issues on the current Internet is unwanted traffic, the forerunner of unauthorized accesses, intrusions, Denial of Service (DoS) attacks, port scanning, and other attacks. Since stopping unwanted traffic is vitally important but extremely challenging, we need a series of defensiv ..."
Abstract - Add to MetaCart
of defensive schemes to identify unwanted packets, filter them out, and further defeat their associated attacks. In this paper, we propose a lightweight, scalable packet authentication mechanism, named Lightweight Internet Permit System (LIPS), as a first line of defense to stop unwanted traffic. LIPS is a

Packets with Provenance

by Anirudh Ramachandran, Kaushik Bhandankar, Mukarram Bin Tariq, Nick Feamster
"... Traffic classification and distinction allows network operators to provision resources, enforce trust, control unwanted traffic, and traceback unwanted traffic to its source. Today’s classification mechanisms rely primarily on IP addresses and port numbers; unfortunately, these fields are often too ..."
Abstract - Cited by 15 (1 self) - Add to MetaCart
Traffic classification and distinction allows network operators to provision resources, enforce trust, control unwanted traffic, and traceback unwanted traffic to its source. Today’s classification mechanisms rely primarily on IP addresses and port numbers; unfortunately, these fields are often too

The BSD Packet Filter: A New Architecture for User-level Packet Capture

by Steven Mccanney, Van Jacobsony , 1992
"... Many versions of Unix provide facilities for user-level packet capture, making possible the use of general purpose work-stations for network monitoring. Because network monitors run as user-level processes, packets must be copied across the kernel/user-space protection boundary. This copying can be ..."
Abstract - Add to MetaCart
be minimized by deploying a kernel agent called a packet filter, which discards unwanted packets as early as possible. The original Unix packet filter was designed around a stack-based filter evaluator that performs sub-optimally on current RISC CPUs. The BSD Packet Filter (BPF) uses a new, register

Peerrush: mining for unwanted p2p traffic

by Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, Kang Li - in Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA
"... Abstract. In this paper we present PeerRush, a novel system for the identification of unwanted P2P traffic. Unlike most previous work, Peer-Rush goes beyond P2P traffic detection, and can accurately categorize the detected P2P traffic and attribute it to specific P2P applications, including maliciou ..."
Abstract - Cited by 6 (0 self) - Add to MetaCart
Abstract. In this paper we present PeerRush, a novel system for the identification of unwanted P2P traffic. Unlike most previous work, Peer-Rush goes beyond P2P traffic detection, and can accurately categorize the detected P2P traffic and attribute it to specific P2P applications, including

Correlation among piecewise unwanted traffic time series

by Kensuke Fukuda, Toshio Hirotsu, Osamu Akashi, Toshiharu Sugawara - in Proceeding of the IEEE Global Telecommunications Conference, 2008
"... Abstract—In this paper, we investigate temporal and spatial correlations of time series of unwanted traffic (i.e., darknet or network telescope traffic) in order to estimate statistical behavior of unwanted activities from a small size of darknet address block. First, from the analysis of long-range ..."
Abstract - Cited by 1 (0 self) - Add to MetaCart
Abstract—In this paper, we investigate temporal and spatial correlations of time series of unwanted traffic (i.e., darknet or network telescope traffic) in order to estimate statistical behavior of unwanted activities from a small size of darknet address block. First, from the analysis of long

Abstract The BSD Packet Filter: A New Architecture for User-level Packet Capture 3

by unknown authors
"... Many versions of Unix provide facilities for user-level packet capture, making possible the use of general purpose workstations for network monitoring. Because network monitors run as user-level processes, packets must be copied across the kernel/user-space protection boundary. This copying can be m ..."
Abstract - Add to MetaCart
be minimized by deploying a kernel agent called a packet filter, which discards unwanted packets as early as possible. The original Unix packet filter was designed around a stack-based filter evaluator that performs sub-optimally on current RISC CPUs. The BSD Packet Filter (BPF) uses a new, registerbased

Abstract The BSD Packet Filter: A New Architecture for User-level Packet Capture

by unknown authors
"... Many versions of Unix provide facilities for user-level packet capture, making possible the use of general purpose workstations for network monitoring. Because network monitors run as user-level processes, packets must be copied across the kernel/user-space protection boundary. This copying can be m ..."
Abstract - Add to MetaCart
be minimized by deploying a kernel agent called a packet filter, which discards unwanted packets as early as possible. The original Unix packet filter was designed around a stack-based filter evaluator that performs sub-optimally on current RISC CPUs. The BSD Packet Filter (BPF) uses a new, registerbased

Effectively Fighting Common Spoofed and Unsolicited Packets via Lightweight Permits ⋆

by Yingfei Dong A, Changho Choi, Zhi-li Zhang B
"... One of key security issues on the current Internet is unwanted traffic, the forerunner of unauthorized accesses, scans, and attacks. It is vitally important but extremely challenging to fight such unwanted traffic. We need a series of defensive mechanisms to identify unwanted packets, filter them ou ..."
Abstract - Add to MetaCart
One of key security issues on the current Internet is unwanted traffic, the forerunner of unauthorized accesses, scans, and attacks. It is vitally important but extremely challenging to fight such unwanted traffic. We need a series of defensive mechanisms to identify unwanted packets, filter them
Results 1 - 10 of 116