Quality-of-protection (QoP)-an online monitoring and self-protection mechanism

With increasing faults and attacks on the Internet infrastructure, there is an impending need to provide automatic techniques to detect and mitigate the impact of attacks on network services. Denial-of-service attacks have been successful in denying legitimate traffic access to its required resource...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE journal on selected areas in communications 2005-10, Vol.23 (10), p.1983-1993
Hauptverfasser: Hariri, S., Guangzhi Qu, Modukuri, R., Huoping Chen, Yousif, M.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:With increasing faults and attacks on the Internet infrastructure, there is an impending need to provide automatic techniques to detect and mitigate the impact of attacks on network services. Denial-of-service attacks have been successful in denying legitimate traffic access to its required resources because existing routing protocols treat the attacking traffic equally as any normal traffic. This paper presents a proactive network defense framework that can be integrated with existing quality-of-service (QoS) protocols to provide differentiated services to network traffic flows based on their distance from the normal behavior. We introduce a new metric that we refer to as abnormality distance (AD) metric that can be used to classify traffic into normal, probable normal, probable abnormal (suspicious traffic), and abnormal (attacking traffic). The AD metric can then be used in conjunction with any QoS protocol to give high priority to normal traffic and lower priority to abnormal traffic. We demonstrate through several examples, how our approach can dynamically detect attacks, quantify their impact, and how to reduce the impacts and recover from them.
ISSN:0733-8716
1558-0008
DOI:10.1109/JSAC.2005.854122