Title

Network denial-of-service: Classification, detection, protection

Date of Award

2001

Degree Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Electrical Engineering and Computer Science

Advisor(s)

Kamal Jabbour

Keywords

Network, Denial-of-service, Flow control, Internet protocols

Subject Categories

Computer Engineering | Computer Sciences | Engineering | Physical Sciences and Mathematics

Abstract

Denial-of-service (DoS) is one of the major network security threats. While network-DoS (N-DoS) incidents appear in different forms, a large portion of the cases target the vulnerabilities inside Internet protocols and the Internet infrastructure, except for those exploiting flaws in specific applications. The lack of security and reliability in the TCP/IP suite and the Internet infrastructure are the two major factors contributing to the lack of network resource availability--network-DoS. This dissertation analyzes the features and vulnerabilities in the TCP/IP suite, examines insufficiencies of flow control in the Internet infrastructure, and explores defense strategies against N-DoS in Internet-protocol-based networks. First, network DoS is classified into several categories based on protocol types, N-DoS symptom, and senders' intent. Then, for non-flooding type N-DoS attacks, signature-based detection and defense strategies are presented. Protocol vulnerabilities are analyzed. Next, for flooding N-DoS attacks, besides vulnerabilities in Internet protocols, inadequacies in the existing Internet infrastructure are also exposed. Furthermore, a flow-control-based model AFFC (Anti-Flooding Flow-Control) is developed, the main components of which include traffic classification, dynamic buffer management, packet scheduling, and early-traffic-regulation (ETR). The primary traffic regulation policy in the AFFC model is to penalize unresponsive elastic traffic and aggressive best-effort traffic in times of potential N-DoS congestion collapse. The purpose of the ETR is to regulate harmful flows prior to bottleneck nodes in early stages. Finally, Distributed DoS (DDoS) is addressed combining techniques used against classical N-DoS attacks.

Access

Surface provides description only. Full text is available to ProQuest subscribers. Ask your Librarian for assistance.

http://libezproxy.syr.edu/login?url=http://proquest.umi.com/pqdweb?did=726038671&sid=1&Fmt=2&clientId=3739&RQT=309&VName=PQD