|
|
|
|
|
|
|
We take advantage of the emerging Multicore computers to design a general architecture to mitigate different network based complexity attacks. In complexity attacks an attacker carefully crafts messages such that each consumes substantially more resources than a normal average message. It then sends enough such heavy messages to bring the system to a crawl at best. In our architecture cores quickly identify messages suspicious heavy and divert them to a fraction of the cores that under attack are dedicated to handle all the heavy messages keeping the rest of the cores relatively unaffected and free to give the normal legitimate traffic the good service it is suppose to get. We demonstrate the effectiveness of our scheme in mitigating complexity attacks on Deep Packet Inspection (DPI) engines in security devices.
|
|
|
|
|
|
|
|