To Filter or to Authorize: Network-Layer DoS Defense Against Multimillion-node Botnets
Xiaowei Yang
Duke University
This talk presents a comparison study on the effectiveness of filter-based and capability-based DoS defense systems. We describe the design and implementation of TVA, a capability-based DoS defense system, and StopIt, a filter-based one. We then compare them under simulated DoS attacks of various types and scales. Our results suggest that both filters and capabilities are highly effective DoS defense mechanisms, but neither is more effective than the other in all types of DoS attacks.
