Revised NeTS—FIND Enabling Defense and Deterrence through Private Attribution英文精品课件.pdf

Revised NeTS—FIND: Enabling Defense and Deterrence through Private Attribution † Alex C. Snoeren, Yoshi Kohno , Stefan Savage, and Amin Vahdat Department of Computer Science and Engineering University of California, San Diego La Jolla, CA 92093-0404 †Department of Computer Science and Engineering University of Washington Seattle, WA 98192-2350 October 2007–September 2008 1 1 Project description The Internet’s any-to-any, best-effort communication model is widely heralded as one of the main reasons for its success. The absence of strong architectural restrictions has allowed Internet protocols to support a tremendous variety of applications on the same network substrate. Yet these same “architectural freedoms” have also emerged as ripe vulnerabilities for adversaries trying to exploit the network to their ends. For example, best-effort delivery and global addressing—both bullwarks of the modern Internet—are also the features that enable distributed denial-of-service (DDoS) attacks to overwhelm remote sites on demand. Indeed, today’s Internet infrastructure is extremely vulnerable to motivated and well-equipped attackers. A testament to this reality is the plethora of tools readily available, from covertly exchanged exploit programs to publicly released vulnerability assessment software, to degrade performance or even disable vital network services. The consequences of these attacks are serious and, increasingly, financially disastrous. Thus, it is clear that any future network architecture must learn from these lessons and bring network security issues to the fore. However, while most research in network security focuses largely on def