ML: DDoS damage control with MPLS

Pierre Edouard Fabre; Hervé Debar; Jouni Viinikka; Gregory Blanc

doi:10.1007/978-3-319-47560-8_7

ML: DDoS damage control with MPLS

Pierre Edouard Fabre
, Hervé Debar
, Jouni Viinikka
, Gregory Blanc

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We present a DDoS mitigation mechanism dispatching suspicious and legitimate traffic into separate MultiProtocol Label Switching (MPLS) tunnels, well upstream from the target. The objective is to limit the impact a voluminous attack could otherwise have on the legitimate traffic through saturation of network resources. The separation of traffic is based on a signature identifying suspicious flows, carried in an MPLS label, and then used by a load-balancing mechanism in a router. The legitimite traffic is preserved at the expense of suspcious flows, whose resource allocations are throttled as needed to avoid congestion.

Original language	English
Title of host publication	Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings
Editors	Juha Roning, Billy Bob Brumley
Publisher	Springer Verlag
Pages	101-116
Number of pages	16
ISBN (Print)	9783319475592
DOIs	https://doi.org/10.1007/978-3-319-47560-8_7
Publication status	Published - 1 Jan 2016
Externally published	Yes
Event	21st Nordic Conference on Secure IT Systems, NordSec 2016 - Oulu, Finland Duration: 2 Nov 2016 → 4 Nov 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10014 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st Nordic Conference on Secure IT Systems, NordSec 2016
Country/Territory	Finland
City	Oulu
Period	2/11/16 → 4/11/16

Keywords

Amplification DDoS
Bloom filter
Multiprotocol Label Switching
Network resilience
Quality of service
Volumetric DDoS

Access to Document

10.1007/978-3-319-47560-8_7

Cite this

Fabre, P. E., Debar, H., Viinikka, J., & Blanc, G. (2016). ML: DDoS damage control with MPLS. In J. Roning, & B. B. Brumley (Eds.), Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings (pp. 101-116). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10014 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-47560-8_7

Fabre, Pierre Edouard ; Debar, Hervé ; Viinikka, Jouni et al. / ML : DDoS damage control with MPLS. Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings. editor / Juha Roning ; Billy Bob Brumley. Springer Verlag, 2016. pp. 101-116 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{10a3eb2fc99044d090528f6c53e0963f,

title = "ML: DDoS damage control with MPLS",

abstract = "We present a DDoS mitigation mechanism dispatching suspicious and legitimate traffic into separate MultiProtocol Label Switching (MPLS) tunnels, well upstream from the target. The objective is to limit the impact a voluminous attack could otherwise have on the legitimate traffic through saturation of network resources. The separation of traffic is based on a signature identifying suspicious flows, carried in an MPLS label, and then used by a load-balancing mechanism in a router. The legitimite traffic is preserved at the expense of suspcious flows, whose resource allocations are throttled as needed to avoid congestion.",

keywords = "Amplification DDoS, Bloom filter, Multiprotocol Label Switching, Network resilience, Quality of service, Volumetric DDoS",

author = "Fabre, \{Pierre Edouard\} and Herv{\'e} Debar and Jouni Viinikka and Gregory Blanc",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2016.; 21st Nordic Conference on Secure IT Systems, NordSec 2016 ; Conference date: 02-11-2016 Through 04-11-2016",

year = "2016",

month = jan,

day = "1",

doi = "10.1007/978-3-319-47560-8\_7",

language = "English",

isbn = "9783319475592",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "101--116",

editor = "Juha Roning and Brumley, \{Billy Bob\}",

booktitle = "Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings",

}

Fabre, PE, Debar, H, Viinikka, J & Blanc, G 2016, ML: DDoS damage control with MPLS. in J Roning & BB Brumley (eds), Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10014 LNCS, Springer Verlag, pp. 101-116, 21st Nordic Conference on Secure IT Systems, NordSec 2016, Oulu, Finland, 2/11/16. https://doi.org/10.1007/978-3-319-47560-8_7

ML: DDoS damage control with MPLS. / Fabre, Pierre Edouard; Debar, Hervé; Viinikka, Jouni et al.
Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings. ed. / Juha Roning; Billy Bob Brumley. Springer Verlag, 2016. p. 101-116 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10014 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - ML

T2 - 21st Nordic Conference on Secure IT Systems, NordSec 2016

AU - Fabre, Pierre Edouard

AU - Debar, Hervé

AU - Viinikka, Jouni

AU - Blanc, Gregory

N1 - Publisher Copyright: © Springer International Publishing AG 2016.

PY - 2016/1/1

Y1 - 2016/1/1

N2 - We present a DDoS mitigation mechanism dispatching suspicious and legitimate traffic into separate MultiProtocol Label Switching (MPLS) tunnels, well upstream from the target. The objective is to limit the impact a voluminous attack could otherwise have on the legitimate traffic through saturation of network resources. The separation of traffic is based on a signature identifying suspicious flows, carried in an MPLS label, and then used by a load-balancing mechanism in a router. The legitimite traffic is preserved at the expense of suspcious flows, whose resource allocations are throttled as needed to avoid congestion.

AB - We present a DDoS mitigation mechanism dispatching suspicious and legitimate traffic into separate MultiProtocol Label Switching (MPLS) tunnels, well upstream from the target. The objective is to limit the impact a voluminous attack could otherwise have on the legitimate traffic through saturation of network resources. The separation of traffic is based on a signature identifying suspicious flows, carried in an MPLS label, and then used by a load-balancing mechanism in a router. The legitimite traffic is preserved at the expense of suspcious flows, whose resource allocations are throttled as needed to avoid congestion.

KW - Amplification DDoS

KW - Bloom filter

KW - Multiprotocol Label Switching

KW - Network resilience

KW - Quality of service

KW - Volumetric DDoS

U2 - 10.1007/978-3-319-47560-8_7

DO - 10.1007/978-3-319-47560-8_7

M3 - Conference contribution

AN - SCOPUS:84994513756

SN - 9783319475592

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 101

EP - 116

BT - Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings

A2 - Roning, Juha

A2 - Brumley, Billy Bob

PB - Springer Verlag

Y2 - 2 November 2016 through 4 November 2016

ER -

Fabre PE, Debar H, Viinikka J, Blanc G. ML: DDoS damage control with MPLS. In Roning J, Brumley BB, editors, Secure IT Systems - 21st Nordic Conference, NordSec 2016, Proceedings. Springer Verlag. 2016. p. 101-116. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-47560-8_7

ML: DDoS damage control with MPLS

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this