Catalogo Articoli (Spogli Riviste)

OPAC HELP

Titolo:
On the defense of the distributed denial of service attacks: An on-off feedback control approach
Autore:
Xiong, Y; Liu, S; Sun, P;
Indirizzi:
Texas A&M Univ, Dept Comp Sci, College Stn, TX 77843 USA Texas A&M Univ College Stn TX USA 77843 mp Sci, College Stn, TX 77843 USA
Titolo Testata:
IEEE TRANSACTIONS ON SYSTEMS MAN AND CYBERNETICS PART A-SYSTEMS AND HUMANS
fascicolo: 4, volume: 31, anno: 2001,
pagine: 282 - 293
SICI:
1083-4427(200107)31:4<282:OTDOTD>2.0.ZU;2-J
Fonte:
ISI
Lingua:
ENG
Soggetto:
FLOW-CONTROL; NETWORKS; CONGESTION;
Keywords:
coordinated defense; distributed denial of service (DDoS) attack; hot spots; on-off control; web server;
Tipo documento:
Article
Natura:
Periodico
Settore Disciplinare:
Engineering, Computing & Technology
Citazioni:
35
Recensione:
Indirizzi per estratti:
Indirizzo: Xiong, Y Texas A&M Univ, Dept Comp Sci, College Stn, TX 77843 USA Texas A&M Univ College Stn TX USA 77843 ollege Stn, TX 77843 USA
Citazione:
Y. Xiong et al., "On the defense of the distributed denial of service attacks: An on-off feedback control approach", IEEE SYST A, 31(4), 2001, pp. 282-293

Abstract

This paper proposes a coordinated defense scheme of distributed denial of service (DDoS) network attacks, based on the backward-propagation, on-off control strategy. When a DDoS attack is in effect, a high concentration of malicious packet streams are routed to the victim in a short time, making ita hot spot. A similar problem has been observed in multiprocessor systems,where a hot spot is formed when a large number of processors access simultaneously shared variables in the same memory module. Despite the similar terminologies used here, solutions for multiprocessor hot spot problems cannot be applied to that in the Internet, because the hot traffic in DDoS may only represent a small fraction of the Internet traffic, and the attack strategies on the Internet are far more sophisticated than that in the multiprocessor systems. The performance impact on the hot spot is related to the total hot packet rate that can be tolerated by the victim, We present a backward pressure propagation, feedback control scheme to defend DDoS attacks. We use a generic network model to analyze the dynamics of network traffic, and develop the algorithms for rate-based and queue-length-based feedback control, We show a simple design to implement our control scheme on a practical switch queue architecture.

ASDD Area Sistemi Dipartimentali e Documentali, Università di Bologna, Catalogo delle riviste ed altri periodici
Documento generato il 15/07/20 alle ore 21:29:12