Field of the Invention
The present invention relates generally to data networks, and more particularly to a data network being protected from a DNS denial of service attack.
Description of the Related Art
Data network security is an important and critical component of the Internet. In particular, the proper operation of a Domain Name System (DNS) data network is crucial to the operation of the Internet, public cloud networks, mobile broadband networks, as well as private networks. Attacks to DNS data networks are common. Often such attacks address individual websites or a number of companies. Sometimes, attacks are targeted to major infrastructure of an Internet Service Provider (ISP). Many of these DNS attacks are in the form of a denial of service (DOS) attack. If an attack is successful, one or more DNS servers will be under stress and cannot serve legitimate DNS requests from client computers. The client computers, not able to determine the application servers for the DNS requests, in turn deny services to the users, rendering Internet services, such as web services, email services, document services, or video services, offered by those application servers unavailable. Often times, the stressed DNS servers may take hours or days to recover to normal operation, causing major disruption of services, as well as financial damage to merchants and inconvenience to clients.
A typical DNS denial of service attack is presented in a form of malformed DNS requests using unknown or unanswerable domain names, and perhaps invalid network addresses. Each malformed DNS request is intended to cause a DNS server to spend computation resources to resolve an unanswerable domain name. Through sending a large number of malformed DNS requests in a short period of time, a DNS server would have to spend all of its computation resource to handle these DNS requests.
The present invention proposes a method and system to handle the massive malformed DNS requests with little or no involvement of a DNS server, and therefore protects the DNS server from these nasty DNS denial of service attacks.
It should be apparent from the foregoing that there is a need to provide a method to protect a data network from DNS denial of service attacks.
This summary is provided to introduce a selection of concepts in a simplified form that are further described in the Detailed Description below. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
The present disclosure is related to approaches for protecting a data network from a DNS denial of service attack. An exemplary method for a DNS proxy server to to protect a data network from a Domain Name Service (DNS) denial of service attack comprises receiving a DNS UDP request from a client; determining a domain name included in the DNS UDP request does not match with a plurality of domain names in a DNS entry table at the DNS proxy server; responding to the client to retry the DNS UDP request as a DNS TCP request; querying a DNS server for the domain name in the DNS TCP request; receiving a DNS response from the DNS server; and determining that the DNS UDP request from the client is a DNS denial of service attack.
A system for protecting a data network from a DNS denial of service attack is also disclosed. The system may comprise a DNS proxy server configured to receive a DNS UDP request from a client; determine a domain name included in the DNS UDP request does not match a plurality of domain names in a DNS entry table at the DNS proxy server; and respond to the client to retry the DNS UDP request as a DNS TCP request.
In further example embodiments of the present disclosure, the method steps are stored on a machine-readable medium comprising instructions, which when implemented by one or more processors, perform the recited steps. In further example embodiments, hardware systems, or devices, can be adapted to perform the recited steps. Other features, examples, and embodiments are described below.
Embodiments are illustrated by way of example and not by limitation in the figures of the accompanying drawings, in which like references indicate similar elements.
The following detailed description includes references to the accompanying drawings, which form a part of the detailed description. The drawings show illustrations in accordance with example embodiments. These example embodiments, which are also referred to herein as “examples,” are described in enough detail to enable those skilled in the art to practice the present subject matter. The embodiments can be combined, other embodiments can be utilized, or structural, logical, and electrical changes can be made without departing from the scope of what is claimed. The following detailed description is therefore not to be taken in a limiting sense, and the scope is defined by the appended claims and their equivalents.
In an exemplary embodiment illustrated in
In exemplary embodiments, DNS proxy server 115 determines that there is a match between domain name 130 and a domain name of DNS entry 140 of DNS entry table 135. DNS proxy server 115 finds a corresponding network address for the domain name from DNS entry 140, and sends a DNS UDP response 145 using DNS entry 140 to client 120.
Sometimes DNS proxy server 115 does not find a match between domain name 130 and DNS entry table 135. Subsequently, DNS proxy server 115 sends a DNS UDP response 145 indicating no result is found. DNS proxy server 115 then indicates in a DNS UDP response 145 to ask client 120 to send a DNS request using Transmission Control Protocol (TCP). In some embodiments, DNS proxy server 115 sets a truncated bit (TC bit) in the DNS UDP response 145. In another embodiment, DNS proxy server 115 sets a different indication in the DNS UDP response 145.
Client 120 may receive a DNS UDP response 145 indicating a need to use TCP protocol. In an exemplary embodiment illustrated in
In some embodiments, DNS proxy server 115 finds a match of domain name 130 with DNS entry 170 of DNS entry table 135. DNS proxy server 115 sends a DNS TCP response 155 to DNS TCP request 150 to client 120. DNS proxy server 115 includes DNS entry 170 in DNS TCP response 155. In various embodiments, DNS proxy server 115 does not find a match of domain name 130 with DNS entry table 135.
In an exemplary embodiment illustrated in
In an embodiment of data network 105, DNS proxy server 115 responds positively to DNS UDP request 125 of client 120 when there is a match for domain name 130 within DNS entry table 135. When DNS proxy server 115 does not find a match for domain name 130, DNS proxy server 115 does not query DNS server 110 for domain name 130, but suggests client 120 to retry using DNS TCP request 150. This way, DNS proxy server 115 prevents forwarding to DNS server 110 unanswerable DNS UDP requests of bogus or made-up domain names by clients typically arising in a DNS denial of server attack. In a typical DNS denial of service attack embodiment, DNS UDP requests include a domain name not known to DNS servers and an unknown network address. In this typical embodiment, the DNS UDP responses the DNS proxy server 115 sends using the unknown network addresses of corresponding DNS UDP requests will be discarded by data network 105. The DNS server is thus protected from these bogus DNS UDP requests.
In another embodiment using TCP protocol, DNS proxy server 115 responds positively to DNS TCP request 150 of client 120 when there is a match for domain name 130 within DNS entry table 135. When DNS proxy server 115 does not find a match for domain name 130, DNS proxy server 115 does not query DNS server 110 for domain name 130, but suggests client 120 to retry using DNS UDP request 125. Thus, DNS proxy server 115 prevents forwarding to DNS server 110 unanswerable DNS TCP requests. Additionally, other network protocols may be used.
In some embodiments, DNS proxy server 115 or another network device (not shown) of data network 105 includes additional capabilities for protecting against TCP denial of service attack. Such TCP denial of service attack protection capabilities also protect DNS server from DNS denial of service attack using DNS TCP requests. TCP denial of service attack protection capabilities can be implemented into a network device of data network 105 or DNS proxy server 115.
In various embodiments, DNS proxy server 115 employs the current invention after detecting a pre-determined number of unanswerable DNS UDP requests, a burst of unanswerable DNS UDP requests within a short period of time, or a number of unanswerable DNS UDP requests from suspected clients or network address sources. DNS proxy server 115 may employ the current invention after being informed by DNS server 110, or by another network device in data network 105. In another embodiment, DNS server 110 detects a suspicion of DNS denial of service attack and informs DNS proxy server 115.
Upon receipt of the TC bit set, client 120A retries the DNS request for “domain.com” using TCP port 53. While a TC bit set is used in this exemplary embodiment, the DNS proxy server 115 may also respond with any other type of response to signal to client 120A to retry the DNS request using a different network protocol, such as TCP, or to retry the DNS request at a different port. Returning to the exemplary embodiment of
In step 270, DNS server 110 resolves the query and responds to the DNS proxy server 115 with the DNS response. In step 280, the DNS proxy server adds this DNS response to its cache, and forwards the response to client 120A in step 290. In this way, the DNS cache of the DNS proxy server 115 maintains the DNS response for the DNS request, regardless of whether the request arrives at the DNS proxy server via the UDP protocol or TCP protocol. As will be understood by persons of ordinary skill in the art, other network protocols besides TCP and UDP may also be used in a similar scheme. Also, the steps depicted in
In the exemplary embodiment of
At a later time, client 120B may send a query to UDP port 53 for “domain.com”, DNS proxy server 115 checks the cache and finds the entry for “domain.com” and can thus respond to client 120B with the cache entry. In this way, DNS proxy server 115 can now respond to a DNS UDP request at UDP port 53 for “domain.com”. By allowing DNS proxy server 115 to share a cache for DNS UDP requests and DNS TCP requests, the cache of DNS proxy server 115 itself may essentially serve as a white list to mitigate denial of service attacks. Additionally, in various embodiments, DNS proxy server 115 may rate limit its DNS response to a client based on other factors, including, but not limited to, non-white list caching.
In exemplary embodiments, network module 315 comprises a network interface such as Ethernet, optical network interface, a wireless network interface, T1/T3 interface, a WAN or LAN interface. Furthermore, network module 315 can include a network processor. Computer storage module 320 comprises RAM, DRAM, SRAM, SDRAM, or any other memory utilized by processor module 310 or network module 315. Computer storage module 320 stores data utilized by processor module 310. Computer storage module 320 can include a hard disk drive, a solid state drive, an external disk, a DVD, a CD, or a readable external disk. Additionally, computer storage module 320 stores one or more computer programming instructions which when executed by processor module 310 or network module 315 implement one or more of the functionality of the present invention. Network device 305 can also include an input/output (I/O) module 325, which may include a keyboard, a keypad, a mouse, a gesture-based input sensor, a microphone, a physical or sensory input peripheral, a display, a speaker, or a physical or sensory output peripheral, or any other input/output module.
Returning to
Client device 120 may be a network device connected to data network 105 using a network module of the client device. The client device can be a personal computer, a laptop computer, a tablet, a smartphone, a mobile phone, an Internet phone, a netbook, a home gateway, a broadband gateway, a network appliance, a set-top box, a media server, a personal media play, a personal digital assistant, an access gateway, a networking switch, a server computer, a network storage computer, or any computing device comprising a network module and a processor module.
Domain name 130 may include a domain name of a network device, a domain name associated to an IP address, or a string of characters such as “abcdefg.com”, “www.123456.com”, “bogus.name.org”, “98X45IE.01924.ty”, “server189.mail.yahoo.com”, or “nonexisting.domain”.
In some embodiments, DNS entry 140 includes a domain name and a network address such as IP address. Furthermore, DNS entry 140 may include other information associated to the domain name of DNS entry 140 that is useful for client 120.
In various embodiments, DNS proxy server 115 is a network device as illustrated in
DNS proxy server 115 can create DNS entry 405 from information received from DNS server 110 as illustrated in
In some embodiments, DNS proxy server 115 creates DNS entry table 135 by downloading a plurality of DNS entry information from DNS server 110. This information may be updated on a fixed periodic basis, upon certain trigger events, or as directed by a network administrator. In another embodiment, DNS proxy server 115 creates DNS entry table 135 prior to responding to DNS request from a client device. DNS proxy server 115 may also create DNS entry table 135 after DNS proxy server 115 receives a DNS request from a client device. From time to time, DNS server 110 may send a plurality of DNS entry information to DNS proxy server 115. In one embodiment, DNS proxy server 115 receives the plurality of DNS entry information, creates a plurality of DNS entries, and creates DNS entry table 135, or replaces a plurality of existing DNS entries in DNS entry table 135 with the created DNS entries.
DNS proxy server 115 may receive the plurality of DNS entry information from a network controller 420 instead of DNS server 110. In some embodiments, DNS proxy server 115 receives DNS entry table 135 from network controller 420 or DNS server 110.
Thus, methods and systems for protecting a data network from DNS denial of service attacks are disclosed. Although embodiments have been described with reference to specific example embodiments, it will be evident that various modifications and changes can be made to these example embodiments without departing from the broader spirit and scope of the present application. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.
Number | Name | Date | Kind |
---|---|---|---|
4001819 | Wise | Jan 1977 | A |
4780905 | Cruts et al. | Oct 1988 | A |
5101402 | Chiu et al. | Mar 1992 | A |
5163088 | LoCascio | Nov 1992 | A |
5359659 | Rosenthal | Oct 1994 | A |
5414833 | Hershey et al. | May 1995 | A |
5511122 | Atkinson | Apr 1996 | A |
5584023 | Hsu | Dec 1996 | A |
5684875 | Ellenberger | Nov 1997 | A |
5757908 | Cooper et al. | May 1998 | A |
5805801 | Holloway et al. | Sep 1998 | A |
5835727 | Wong et al. | Nov 1998 | A |
5892903 | Klaus | Apr 1999 | A |
5905859 | Holloway et al. | May 1999 | A |
5940002 | Finn et al. | Aug 1999 | A |
5960177 | Tanno | Sep 1999 | A |
6006272 | Aravamudan et al. | Dec 1999 | A |
6170061 | Beser | Jan 2001 | B1 |
6185681 | Zizzi | Feb 2001 | B1 |
6205115 | Ikebe et al. | Mar 2001 | B1 |
6219706 | Fan et al. | Apr 2001 | B1 |
6237036 | Ueno et al. | May 2001 | B1 |
6249866 | Brundrett et al. | Jun 2001 | B1 |
6259789 | Paone | Jul 2001 | B1 |
6347376 | Attwood et al. | Feb 2002 | B1 |
6363486 | Knapton, III | Mar 2002 | B1 |
6449651 | Dorfman et al. | Sep 2002 | B1 |
6505192 | Godwin et al. | Jan 2003 | B1 |
6539435 | Bolmarcich et al. | Mar 2003 | B2 |
6553005 | Skirmont et al. | Apr 2003 | B1 |
6578147 | Shanklin et al. | Jun 2003 | B1 |
6594780 | Shen et al. | Jul 2003 | B1 |
6715081 | Attwood et al. | Mar 2004 | B1 |
6732279 | Hoffman | May 2004 | B2 |
6735702 | Yavatkar et al. | May 2004 | B1 |
6754832 | Godwin et al. | Jun 2004 | B1 |
6757822 | Feiertag et al. | Jun 2004 | B1 |
6779117 | Wells | Aug 2004 | B1 |
6973040 | Ricciulli | Dec 2005 | B1 |
6988106 | Enderwick et al. | Jan 2006 | B2 |
7092357 | Ye | Aug 2006 | B1 |
7194766 | Noehring et al. | Mar 2007 | B2 |
7200760 | Riebe et al. | Apr 2007 | B2 |
7221757 | Alao | May 2007 | B2 |
7234161 | Maufer et al. | Jun 2007 | B1 |
7277963 | Dolson et al. | Oct 2007 | B2 |
7372809 | Chen | May 2008 | B2 |
7392241 | Lin et al. | Jun 2008 | B2 |
7409712 | Brooks et al. | Aug 2008 | B1 |
7418733 | Connary et al. | Aug 2008 | B2 |
7478429 | Lyon | Jan 2009 | B2 |
7533409 | Keane et al. | May 2009 | B2 |
7543052 | Cesa Klein | Jun 2009 | B1 |
7577833 | Lai | Aug 2009 | B2 |
7596695 | Liao et al. | Sep 2009 | B2 |
7620733 | Tzakikario | Nov 2009 | B1 |
7665138 | Song et al. | Feb 2010 | B2 |
7739494 | McCorkendale et al. | Jun 2010 | B1 |
7823194 | Shay | Oct 2010 | B2 |
7845004 | Bardsley et al. | Nov 2010 | B2 |
7925766 | Jayawardena et al. | Apr 2011 | B2 |
7953855 | Jayawardena et al. | May 2011 | B2 |
8010469 | Kapoor et al. | Aug 2011 | B2 |
8089871 | Iloglu et al. | Jan 2012 | B2 |
8220056 | Owens, Jr. | Jul 2012 | B2 |
8239670 | Kaufman et al. | Aug 2012 | B1 |
8276203 | Nakhre et al. | Sep 2012 | B2 |
8286227 | Zheng | Oct 2012 | B1 |
8301802 | Wei et al. | Oct 2012 | B2 |
8375453 | Jackson et al. | Feb 2013 | B2 |
8448245 | Banerjee et al. | May 2013 | B2 |
8478708 | Larcom | Jul 2013 | B1 |
8595845 | Basavapatna et al. | Nov 2013 | B2 |
8719446 | Spatscheck et al. | May 2014 | B2 |
8800034 | McHugh et al. | Aug 2014 | B2 |
8813228 | Magee et al. | Aug 2014 | B2 |
8832832 | Visbal | Sep 2014 | B1 |
8881284 | Gabriel | Nov 2014 | B1 |
8948380 | Goto | Feb 2015 | B2 |
9129116 | Wiltzius | Sep 2015 | B1 |
9130996 | Martini | Sep 2015 | B1 |
9215208 | Fraize et al. | Dec 2015 | B2 |
9245121 | Luo | Jan 2016 | B1 |
9246926 | Erlingsson et al. | Jan 2016 | B2 |
9294503 | Thompson et al. | Mar 2016 | B2 |
9300623 | Earl | Mar 2016 | B1 |
9571465 | Sharifi Mehr et al. | Feb 2017 | B1 |
9584318 | Yang et al. | Feb 2017 | B1 |
20010042204 | Blaker et al. | Nov 2001 | A1 |
20020087708 | Low et al. | Jul 2002 | A1 |
20020108059 | Canion et al. | Aug 2002 | A1 |
20020165912 | Wenocur et al. | Nov 2002 | A1 |
20020188839 | Noehring et al. | Dec 2002 | A1 |
20030023846 | Krishna et al. | Jan 2003 | A1 |
20030023876 | Bardsley et al. | Jan 2003 | A1 |
20030028585 | Yeager et al. | Feb 2003 | A1 |
20030035547 | Newton | Feb 2003 | A1 |
20030061507 | Xiong et al. | Mar 2003 | A1 |
20030069973 | Ganesan et al. | Apr 2003 | A1 |
20030123667 | Weber et al. | Jul 2003 | A1 |
20030196081 | Savarda et al. | Oct 2003 | A1 |
20030200456 | Cyr et al. | Oct 2003 | A1 |
20040008711 | Lahti et al. | Jan 2004 | A1 |
20040054807 | Harvey et al. | Mar 2004 | A1 |
20040057579 | Fahrny | Mar 2004 | A1 |
20040059951 | Pinkas et al. | Mar 2004 | A1 |
20040059952 | Newport et al. | Mar 2004 | A1 |
20040091114 | Carter et al. | May 2004 | A1 |
20040093524 | Sakai | May 2004 | A1 |
20040111635 | Boivie et al. | Jun 2004 | A1 |
20040148520 | Talpade et al. | Jul 2004 | A1 |
20040172538 | Satoh et al. | Sep 2004 | A1 |
20040187032 | Gels et al. | Sep 2004 | A1 |
20050021999 | Touitou et al. | Jan 2005 | A1 |
20050041584 | Lau et al. | Feb 2005 | A1 |
20050044068 | Lin et al. | Feb 2005 | A1 |
20050044352 | Pazi | Feb 2005 | A1 |
20050125684 | Schmidt | Jun 2005 | A1 |
20050180416 | Jayawardena et al. | Aug 2005 | A1 |
20050193199 | Asokan et al. | Sep 2005 | A1 |
20050198099 | Motsinger | Sep 2005 | A1 |
20050235145 | Slick et al. | Oct 2005 | A1 |
20050257093 | Johnson et al. | Nov 2005 | A1 |
20050278527 | Liao et al. | Dec 2005 | A1 |
20060056297 | Bryson et al. | Mar 2006 | A1 |
20060061507 | Mohamadi | Mar 2006 | A1 |
20060143707 | Song et al. | Jun 2006 | A1 |
20060179319 | Krawczyk | Aug 2006 | A1 |
20060185014 | Spatscheck et al. | Aug 2006 | A1 |
20060230444 | Iloglu et al. | Oct 2006 | A1 |
20060265585 | Lai | Nov 2006 | A1 |
20070143769 | Bu et al. | Jun 2007 | A1 |
20070169194 | Church et al. | Jul 2007 | A1 |
20070186282 | Jenkins | Aug 2007 | A1 |
20070214088 | Graham et al. | Sep 2007 | A1 |
20070280114 | Chao et al. | Dec 2007 | A1 |
20070283429 | Chen et al. | Dec 2007 | A1 |
20080183885 | Durrey et al. | Jul 2008 | A1 |
20080256623 | Worley et al. | Oct 2008 | A1 |
20090077663 | Sun et al. | Mar 2009 | A1 |
20090083537 | Larsen et al. | Mar 2009 | A1 |
20090168995 | Banga et al. | Jul 2009 | A1 |
20100131646 | Drako | May 2010 | A1 |
20100138921 | Na et al. | Jun 2010 | A1 |
20100284300 | Deshpande et al. | Nov 2010 | A1 |
20110082947 | Szeto et al. | Apr 2011 | A1 |
20110093785 | Lee et al. | Apr 2011 | A1 |
20110131646 | Park et al. | Jun 2011 | A1 |
20110138177 | Qiu et al. | Jun 2011 | A1 |
20110153744 | Brown | Jun 2011 | A1 |
20110188452 | Borleske et al. | Aug 2011 | A1 |
20110249572 | Singhal et al. | Oct 2011 | A1 |
20110282997 | Prince | Nov 2011 | A1 |
20120036272 | El Zur | Feb 2012 | A1 |
20120042060 | Jackowski et al. | Feb 2012 | A1 |
20120096546 | Dilley et al. | Apr 2012 | A1 |
20120110472 | Amrhein et al. | May 2012 | A1 |
20120144461 | Rathbun | Jun 2012 | A1 |
20120155274 | Wang et al. | Jun 2012 | A1 |
20120159623 | Choi | Jun 2012 | A1 |
20120163186 | Wei et al. | Jun 2012 | A1 |
20120170753 | Pandrangi et al. | Jul 2012 | A1 |
20120173684 | Courtney | Jul 2012 | A1 |
20120174196 | Bhogavilli et al. | Jul 2012 | A1 |
20120227109 | Dimuro | Sep 2012 | A1 |
20120250866 | Matsuo | Oct 2012 | A1 |
20120260329 | Suffling | Oct 2012 | A1 |
20120266242 | Yang et al. | Oct 2012 | A1 |
20130019025 | Chaturvedi et al. | Jan 2013 | A1 |
20130103834 | Dzerve et al. | Apr 2013 | A1 |
20130139245 | Thomas | May 2013 | A1 |
20130198845 | Anvari | Aug 2013 | A1 |
20130212265 | Rubio Vidales et al. | Aug 2013 | A1 |
20130227646 | Haggerty et al. | Aug 2013 | A1 |
20130243194 | Hawkes et al. | Sep 2013 | A1 |
20130263256 | Dickinson et al. | Oct 2013 | A1 |
20140137190 | Carey et al. | May 2014 | A1 |
20140258536 | Chiong | Sep 2014 | A1 |
20140269308 | Oshiba | Sep 2014 | A1 |
20140280832 | Oshiba | Sep 2014 | A1 |
20140325588 | Jalan et al. | Oct 2014 | A1 |
20140325648 | Liu et al. | Oct 2014 | A1 |
20140344925 | Muthiah | Nov 2014 | A1 |
20150033341 | Schmidtler et al. | Jan 2015 | A1 |
20150058977 | Thompson et al. | Feb 2015 | A1 |
20150143118 | Sheller et al. | May 2015 | A1 |
20150220745 | Nellitheertha et al. | Aug 2015 | A1 |
20150281177 | Sun | Oct 2015 | A1 |
20160036651 | Sureshchandra et al. | Feb 2016 | A1 |
20160134655 | Thompson et al. | May 2016 | A1 |
20160182509 | Kantecki et al. | Jun 2016 | A1 |
20160226896 | Bhogavilli et al. | Aug 2016 | A1 |
Number | Date | Country |
---|---|---|
477140 | Feb 2002 | TW |
574655 | Feb 2004 | TW |
NI197237 | Feb 2004 | TW |
I225999 | Jan 2005 | TW |
I241818 | Oct 2005 | TW |
I252976 | Apr 2006 | TW |
WO9842108 | Sep 1998 | WO |
WO9948303 | Sep 1999 | WO |
WO0062167 | Oct 2000 | WO |
WO2006039529 | Apr 2006 | WO |
WO2014150617 | Sep 2014 | WO |
WO2014151072 | Sep 2014 | WO |
WO2014176461 | Oct 2014 | WO |
WO2015030977 | Mar 2015 | WO |
Entry |
---|
Oracle Corporation. Oracle Intelligent Agent User's Guide, Release 9.2.0, Part No. A96676-01. Mar. 2002. |
SOL11243. iRules containing the RULE—NIT iRule event do not re-initialize when a syntax error is corrected. f5.support.com. May 24, 2010. |
Mutz, “Linux Encryption How To,” available at http://encryptionhowto.sourceforge.net/Encryption-HOWTO-1.html, Oct. 4, 2000. |
Ganesan et al., “YAPPERS: a peer-to-peer lookup service over arbitrary topology,” IEEE, pp. 1250-1260, Mar. 30-Apr. 3, 2003. |
Annexstein et al., “Indexing Techniques for File Sharing in Scalable Peer-to-Peer Networks,” IEEE, pp. 10-15, Oct. 14-16, 2002. |
Ling et al., “A Content-Based Resource Location Mechanism in PeerlS,” IEEE, pp. 279-288, Dec. 12-14, 2002. |
Obimo et al., “A parallel algorithm for determining the inverse of a matrix for use in blockcipher encryption/decryption,” Journal of Supercomputing, vol. 39, No. 2, pp. 113-130, Feb. 2007. |
Long et al., “ID-based threshold decryption secure against adaptive chosen-ciphertext attack,” Computers and Electrical Engineering, vol. 33, No. 3, pp. 166-176, May 2007. |
Popek, Gerald J., “Encryption and Secure Computer Networks,” Computing Surveys, vol. 11, No. 4, pp. 1-26, Dec. 1979. |
Dainotti, Albert et al. TIE: A Community-Oriented Traffic Classification Platform. May 11, 2009. Springer-Verlag, Traffic Monitoring and Analysis: Proceedings First International Workshop, TMA 2009. pp. 64-74. Retrieved from: Inspec. Accession No. 11061142. |
Dainotti, Albert et al., “Early Classification of Network Traffic through Multi-Classification,” Apr. 27, 2011, Springer Verlag, Traffic Monitoring and Analysis, Proceedings of the Third International Workshop, TMA 2011. pp. 122-135. Retrieved from INSPEC. Accession No. 12232145. |
Liebergeld, Steffen et al., “Cellpot: A Concept for Next Generation Cellular Network Honeypots,” Internet Society, Feb. 23, 2014, pp. 1-6. |
Kaufman, Charlie et al., “DoS Protection for UDP-Based Protocols,” CCS 2003, Oct. 27-31, 2003, pp. 2-7. |
Castelluccia, Claude et al., “Improving Secure Server Performance by Re-balancing SSL/TLS Handshakes,” ASIACCS 2006, Mar. 21-24, 2006, pp. 26-34. |
“Network- vs. Host-based Intrusion Detection, a Guide to Intrusion Detection Technology”, Oct. 2, 1998, Internet Security Systems [online], Retreived from the Internet: <URL:http://documents.iss.net/whitepapers/nvh-ids.pdf>, 10 pages. |
Hunt, Guemey D. H. et al., “Network Dispatcher: a connection router for scalable Internet services”, 1998, Proceedings of the 7th International World Wide Web Conference (WWW7), Retreived from the Internet: <URL:http://www.unizh.ch/home/mazzo/reports/www7conf/fullpapers/1899/com1899.htm>, 14 pages. |
Spatscheck et al., “Optimizing TCP Forwarder Performance”, IEEE/ACM Transactions on Networking, vol. 8, No. 2, Apr. 2000, pp. 146-157. |
Lee, Patrick P. C. et al., “On the Detection of Signaling DoS Attacks on 3G Wireless Networks,” IEEE INFOCOM 2007—26th IEEE International Conference on Computer Communications processings, May 6-12, 2007, pp. 1289-1297. |
Thanasegaran et al., “Simultaneous Analysis of Time and Space for Conflict Detection in Time-Based Firewall Policies,” Jul. 2010, IEEE 10th International Conference on Computer and Information Technology, pp. 1015-1021. |