Optimal Source-Based Filtering of Malicious Traffic
In this paper, the authors consider the problem of blocking malicious traffic on the Internet, via source-based filtering. In particular, they consider filtering via Access Control Lists (ACLs): these are already available at the routers today but are a scarce resource because they are stored in the expensive Ternary Content Addressable Memory (TCAM). Aggregation (by filtering source prefixes instead of individual IP addresses) helps reduce the number of filters, but comes also at the cost of blocking legitimate traffic originating from the filtered prefixes. They show how to optimally choose which source prefixes to filter, for a variety of realistic attack scenarios and operators' policies. In each scenario, they design optimal, yet computationally efficient, algorithms.