When quoting this document, please refer to the following
DOI: 10.4230/DagSemProc.06371.4
URN: urn:nbn:de:0030-drops-8492
Go to the corresponding Portal

Badishi, Gal ; Keidar, Idit ; Herzberg, Amir ; Romanov, Oleg ; Yachin, Avital

Denial of Service Protection with Beaver

06371.KeidarIdit.Paper.849.pdf (0.4 MB)


We present Beaver, a method and architecture to ``build dams'' to
protect servers from Denial of Service (DoS) attacks. Beaver allows
efficient filtering of DoS traffic using low-cost, high-performance,
readily-available packet filtering mechanisms. Beaver improves on
previous solutions by not requiring cryptographic processing of
messages, allowing the use of efficient routing (avoiding
overlays), and establishing keys and state as needed. We present two
prototype implementations of Beaver, one as part of IPSec in a Linux
kernel, and a second as an NDIS hook driver on a Windows machine.
Preliminary measurements illustrate that Beaver withstands severe
DoS attacks without hampering the client-server communication.
Moreover, Beaver is simple and easy to deploy.

BibTeX - Entry

  author =	{Badishi, Gal and Keidar, Idit and Herzberg, Amir and Romanov, Oleg and Yachin, Avital},
  title =	{{Denial of Service Protection with Beaver}},
  booktitle =	{From Security to Dependability},
  pages =	{1--6},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2007},
  volume =	{6371},
  editor =	{Christian Cachin and Felix C. Freiling and Jaap-Henk Hoepman},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{},
  URN =		{urn:nbn:de:0030-drops-8492},
  doi =		{10.4230/DagSemProc.06371.4},
  annote =	{Keywords: Denial of Service}

Keywords: Denial of Service
Collection: 06371 - From Security to Dependability
Issue Date: 2007
Date of publication: 10.01.2007

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI