On network footprint of traffic inspection and filtering at global scrubbing centers

Polina Zilberman, Rami Puzis, Yuval Elovici

IEEE Transactions on Dependable and Secure Computing 14 (5), 521-534, 2015

Traffic diversion through powerful cloud-based scrubbing centers provides a solution for protecting against various DDoS attacks. In one respect, such a solution enables sanitizing attack traffic close to its source and saves precious resources for the network service provider. Contrarily, the diversion of the inspected traffic toward the scrubbing centers may increase its footprint in the network. The location of the scrubbing centers greatly affects the network resource utilization and, therefore, should be carefully considered in the design of the security service. In this paper, we investigate four deployment strategies and compare their performance on a network of Points-of-Presence and on several router level topologies obtained from the RocketFuel project. The deployment quality was measured using the following criteria: the footprint of the inspected traffic, the redistribution of load on the links, and the increase in …