To Filter or to Authorize: Network-Layer DoS Defense Against Multimillion-node Botnets

Xiaowei Yang
Duke University

This talk presents a comparison study on the effectiveness of filter-based and capability-based DoS defense systems. We describe the design and implementation of TVA, a capability-based DoS defense system, and StopIt, a filter-based one. We then compare them under simulated DoS attacks of various types and scales. Our results suggest that both filters and capabilities are highly effective DoS defense mechanisms, but neither is more effective than the other in all types of DoS attacks.

Presentation (PDF File)

Back to Workshop II: Applications of Internet MRA to Cyber-Security