Countering distributed denial of service attacks.
dc.contributor.author | Wang, Haining | |
dc.contributor.advisor | Shin, Kang G. | |
dc.date.accessioned | 2016-08-30T15:28:32Z | |
dc.date.available | 2016-08-30T15:28:32Z | |
dc.date.issued | 2003 | |
dc.identifier.uri | http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqm&rft_dat=xri:pqdiss:3106181 | |
dc.identifier.uri | https://hdl.handle.net/2027.42/123973 | |
dc.description.abstract | The growing number of Distributed Denial of Service (DDoS) attacks impose a significant threat to the availability of Internet services. This dissertation examines the working mechanism of DDoS attacks and develops a number of methodologies and prototypes to counter DDoS attacks. These mechanisms defend against DDoS attacks in different ways: throttling DDoS traffic at IP routers (core or edge), sniffing flooding sources at edge routers, filtering out DDoS traffic at victim severs or their nearby firewalls, and protecting reserved network resources at edge routers. Based on the concept of layer-4 service differentiation and resource isolation, we propose a transport-aware IP router architecture, in which the flooding traffic is significantly throttled and most of the traffic is dropped in a close proximity to their sources. To sniff SYN flooding attacks, we propose a simple and robust mechanism, called <italic>SYN-dog</italic>. The core of SYN-dog is based on the distinct protocol behavior of TCP connection establishment and teardown, and is an instance of the Sequential Change Point Detection [13]. A non-parametric Cumulative Sum (CUSUM) method [19] is applied, thus making the SYN-dog insensitive to site and access pattern. We develop a novel hop-count-based filter to weed out spoofed IP packets at victim sites. <italic>Hop-Count Filtering</italic> (HCF) builds an accurate IP-to-hop-count (IP2HC) mapping table, while using a moderate amount of storage, by clustering address prefixes based on hop-count. To capture hop-count changes under dynamic network conditions, we also devise a safe update procedure for the IP2HC mapping table that prevents pollution by HCF-aware attackers. Finally, to protect reserved network resources at edge devices from DQoS (Denial of Quality of Service) attacks, we propose a fast and light-weighted IP network-edge resource access control mechanism, called <italic>IP Easy pass</italic>, we demonstrate the vulnerability of the reserved network resources to flooding attacks. Then, we attach a unique <italic>pass</italic> to each legitimate real-time packet so that an ISP edge router can validate the legitimacy of an incoming IP packet very quickly and simply by checking its pass. Thus, <italic> Easy-pass</italic> shields the reserved network resources from spoofed packets. | |
dc.format.extent | 164 p. | |
dc.language | English | |
dc.language.iso | EN | |
dc.subject | Attacks | |
dc.subject | Computer Networks | |
dc.subject | Countering | |
dc.subject | Distributed Denial-of-service | |
dc.subject | Network Security | |
dc.subject | Quality Of Service | |
dc.title | Countering distributed denial of service attacks. | |
dc.type | Thesis | |
dc.description.thesisdegreename | PhD | en_US |
dc.description.thesisdegreediscipline | Applied Sciences | |
dc.description.thesisdegreediscipline | Computer science | |
dc.description.thesisdegreegrantor | University of Michigan, Horace H. Rackham School of Graduate Studies | |
dc.description.bitstreamurl | http://deepblue.lib.umich.edu/bitstream/2027.42/123973/2/3106181.pdf | |
dc.owningcollname | Dissertations and Theses (Ph.D. and Master's) |
Files in this item
Remediation of Harmful Language
The University of Michigan Library aims to describe library materials in a way that respects the people and communities who create, use, and are represented in our collections. Report harmful or offensive language in catalog records, finding aids, or elsewhere in our collections anonymously through our metadata feedback form. More information at Remediation of Harmful Language.
Accessibility
If you are unable to use this file in its current format, please select the Contact Us link and we can modify it to make it more accessible to you.