Quality-of-protection (QoP)-an online monitoring and self-protection mechanism

Quality-of-protection (QoP)-an online monitoring and self-protection mechanism

With increasing faults and attacks on the Internet infrastructure, there is an impending need to provide automatic techniques to detect and mitigate the impact of attacks on network services. Denial-of-service attacks have been successful in denying legitimate traffic access to its required resource...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE journal on selected areas in communications 2005-10, Vol.23 (10), p.1983-1993
Hauptverfasser: Hariri, S., Guangzhi Qu, Modukuri, R., Huoping Chen, Yousif, M.
Format: Artikel
Sprache:eng
Schlagworte:
Abnormalities
Abnormality distance (AD)
Computer crime
Diffserv networks
Internet
IP networks
Monitoring
network attack
Network servers
Networks
Priorities
proactive defense
Protection
Protocol (computers)
Protocols
Quality of service
quality-of-protection (QoP)
Telecommunication traffic
Traffic engineering
Traffic flow
Web and internet services
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1993
container_issue 10
container_start_page 1983
container_title IEEE journal on selected areas in communications
container_volume 23
creator Hariri, S.
Guangzhi Qu
Modukuri, R.
Huoping Chen
Yousif, M.
description With increasing faults and attacks on the Internet infrastructure, there is an impending need to provide automatic techniques to detect and mitigate the impact of attacks on network services. Denial-of-service attacks have been successful in denying legitimate traffic access to its required resources because existing routing protocols treat the attacking traffic equally as any normal traffic. This paper presents a proactive network defense framework that can be integrated with existing quality-of-service (QoS) protocols to provide differentiated services to network traffic flows based on their distance from the normal behavior. We introduce a new metric that we refer to as abnormality distance (AD) metric that can be used to classify traffic into normal, probable normal, probable abnormal (suspicious traffic), and abnormal (attacking traffic). The AD metric can then be used in conjunction with any QoS protocol to give high priority to normal traffic and lower priority to abnormal traffic. We demonstrate through several examples, how our approach can dynamically detect attacks, quantify their impact, and how to reduce the impacts and recover from them.
doi_str_mv 10.1109/JSAC.2005.854122
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_1514527</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1514527</ieee_id><sourcerecordid>896200271</sourcerecordid><originalsourceid>FETCH-LOGICAL-c353t-fefc05ab7525a6b39134f2cfdbf8f852a61788d8849051d9798e9c2b86521f3f3</originalsourceid><addsrcrecordid>eNp9kTtPwzAURi0EEqWwI7FEDDwGFz_i5GasKp6qgAqYLSe1wVVilzgZ-u9xFSQEA9Ndznd173cQOqZkQikprh5eprMJI0RMQKSUsR00okIAJoTALhqRnHMMOc320UEIK0JomgIbocdFr2rbbbA3eN36Tled9S65WPjnS6xc4l1tnU4a72znW-veE-WWSdD1L7zR1YdyNjSHaM-oOuij7zlGbzfXr7M7PH-6vZ9N57jignfYaFMRocpcMKGykheUp4ZVZlkaMCCYymgOsARICyLossgL0EXFSsgEo4YbPkbnw954xGevQycbGypd18pp3wcJRRa7YDmN5Nm_JAMCaZaRCJ7-AVe-b138QkJWUBZrzSNEBqhqfQitNnLd2ka1G0mJ3HqQWw9y60EOHmLkZIhYrfUPLmgqWM6_ADrAgt8</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>869128547</pqid></control><display><type>article</type><title>Quality-of-protection (QoP)-an online monitoring and self-protection mechanism</title><source>IEEE Electronic Library (IEL)</source><creator>Hariri, S. ; Guangzhi Qu ; Modukuri, R. ; Huoping Chen ; Yousif, M.</creator><creatorcontrib>Hariri, S. ; Guangzhi Qu ; Modukuri, R. ; Huoping Chen ; Yousif, M.</creatorcontrib><description>With increasing faults and attacks on the Internet infrastructure, there is an impending need to provide automatic techniques to detect and mitigate the impact of attacks on network services. Denial-of-service attacks have been successful in denying legitimate traffic access to its required resources because existing routing protocols treat the attacking traffic equally as any normal traffic. This paper presents a proactive network defense framework that can be integrated with existing quality-of-service (QoS) protocols to provide differentiated services to network traffic flows based on their distance from the normal behavior. We introduce a new metric that we refer to as abnormality distance (AD) metric that can be used to classify traffic into normal, probable normal, probable abnormal (suspicious traffic), and abnormal (attacking traffic). The AD metric can then be used in conjunction with any QoS protocol to give high priority to normal traffic and lower priority to abnormal traffic. We demonstrate through several examples, how our approach can dynamically detect attacks, quantify their impact, and how to reduce the impacts and recover from them.</description><identifier>ISSN: 0733-8716</identifier><identifier>EISSN: 1558-0008</identifier><identifier>DOI: 10.1109/JSAC.2005.854122</identifier><identifier>CODEN: ISACEM</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Abnormalities ; Abnormality distance (AD) ; Computer crime ; Diffserv networks ; Internet ; IP networks ; Monitoring ; network attack ; Network servers ; Networks ; Priorities ; proactive defense ; Protection ; Protocol (computers) ; Protocols ; Quality of service ; quality-of-protection (QoP) ; Telecommunication traffic ; Traffic engineering ; Traffic flow ; Web and internet services</subject><ispartof>IEEE journal on selected areas in communications, 2005-10, Vol.23 (10), p.1983-1993</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2005</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c353t-fefc05ab7525a6b39134f2cfdbf8f852a61788d8849051d9798e9c2b86521f3f3</citedby><cites>FETCH-LOGICAL-c353t-fefc05ab7525a6b39134f2cfdbf8f852a61788d8849051d9798e9c2b86521f3f3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1514527$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1514527$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Hariri, S.</creatorcontrib><creatorcontrib>Guangzhi Qu</creatorcontrib><creatorcontrib>Modukuri, R.</creatorcontrib><creatorcontrib>Huoping Chen</creatorcontrib><creatorcontrib>Yousif, M.</creatorcontrib><title>Quality-of-protection (QoP)-an online monitoring and self-protection mechanism</title><title>IEEE journal on selected areas in communications</title><addtitle>J-SAC</addtitle><description>With increasing faults and attacks on the Internet infrastructure, there is an impending need to provide automatic techniques to detect and mitigate the impact of attacks on network services. Denial-of-service attacks have been successful in denying legitimate traffic access to its required resources because existing routing protocols treat the attacking traffic equally as any normal traffic. This paper presents a proactive network defense framework that can be integrated with existing quality-of-service (QoS) protocols to provide differentiated services to network traffic flows based on their distance from the normal behavior. We introduce a new metric that we refer to as abnormality distance (AD) metric that can be used to classify traffic into normal, probable normal, probable abnormal (suspicious traffic), and abnormal (attacking traffic). The AD metric can then be used in conjunction with any QoS protocol to give high priority to normal traffic and lower priority to abnormal traffic. We demonstrate through several examples, how our approach can dynamically detect attacks, quantify their impact, and how to reduce the impacts and recover from them.</description><subject>Abnormalities</subject><subject>Abnormality distance (AD)</subject><subject>Computer crime</subject><subject>Diffserv networks</subject><subject>Internet</subject><subject>IP networks</subject><subject>Monitoring</subject><subject>network attack</subject><subject>Network servers</subject><subject>Networks</subject><subject>Priorities</subject><subject>proactive defense</subject><subject>Protection</subject><subject>Protocol (computers)</subject><subject>Protocols</subject><subject>Quality of service</subject><subject>quality-of-protection (QoP)</subject><subject>Telecommunication traffic</subject><subject>Traffic engineering</subject><subject>Traffic flow</subject><subject>Web and internet services</subject><issn>0733-8716</issn><issn>1558-0008</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2005</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNp9kTtPwzAURi0EEqWwI7FEDDwGFz_i5GasKp6qgAqYLSe1wVVilzgZ-u9xFSQEA9Ndznd173cQOqZkQikprh5eprMJI0RMQKSUsR00okIAJoTALhqRnHMMOc320UEIK0JomgIbocdFr2rbbbA3eN36Tled9S65WPjnS6xc4l1tnU4a72znW-veE-WWSdD1L7zR1YdyNjSHaM-oOuij7zlGbzfXr7M7PH-6vZ9N57jignfYaFMRocpcMKGykheUp4ZVZlkaMCCYymgOsARICyLossgL0EXFSsgEo4YbPkbnw954xGevQycbGypd18pp3wcJRRa7YDmN5Nm_JAMCaZaRCJ7-AVe-b138QkJWUBZrzSNEBqhqfQitNnLd2ka1G0mJ3HqQWw9y60EOHmLkZIhYrfUPLmgqWM6_ADrAgt8</recordid><startdate>20051001</startdate><enddate>20051001</enddate><creator>Hariri, S.</creator><creator>Guangzhi Qu</creator><creator>Modukuri, R.</creator><creator>Huoping Chen</creator><creator>Yousif, M.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>L7M</scope><scope>F28</scope><scope>FR3</scope></search><sort><creationdate>20051001</creationdate><title>Quality-of-protection (QoP)-an online monitoring and self-protection mechanism</title><author>Hariri, S. ; Guangzhi Qu ; Modukuri, R. ; Huoping Chen ; Yousif, M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c353t-fefc05ab7525a6b39134f2cfdbf8f852a61788d8849051d9798e9c2b86521f3f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2005</creationdate><topic>Abnormalities</topic><topic>Abnormality distance (AD)</topic><topic>Computer crime</topic><topic>Diffserv networks</topic><topic>Internet</topic><topic>IP networks</topic><topic>Monitoring</topic><topic>network attack</topic><topic>Network servers</topic><topic>Networks</topic><topic>Priorities</topic><topic>proactive defense</topic><topic>Protection</topic><topic>Protocol (computers)</topic><topic>Protocols</topic><topic>Quality of service</topic><topic>quality-of-protection (QoP)</topic><topic>Telecommunication traffic</topic><topic>Traffic engineering</topic><topic>Traffic flow</topic><topic>Web and internet services</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Hariri, S.</creatorcontrib><creatorcontrib>Guangzhi Qu</creatorcontrib><creatorcontrib>Modukuri, R.</creatorcontrib><creatorcontrib>Huoping Chen</creatorcontrib><creatorcontrib>Yousif, M.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>ANTE: Abstracts in New Technology &amp; Engineering</collection><collection>Engineering Research Database</collection><jtitle>IEEE journal on selected areas in communications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Hariri, S.</au><au>Guangzhi Qu</au><au>Modukuri, R.</au><au>Huoping Chen</au><au>Yousif, M.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Quality-of-protection (QoP)-an online monitoring and self-protection mechanism</atitle><jtitle>IEEE journal on selected areas in communications</jtitle><stitle>J-SAC</stitle><date>2005-10-01</date><risdate>2005</risdate><volume>23</volume><issue>10</issue><spage>1983</spage><epage>1993</epage><pages>1983-1993</pages><issn>0733-8716</issn><eissn>1558-0008</eissn><coden>ISACEM</coden><abstract>With increasing faults and attacks on the Internet infrastructure, there is an impending need to provide automatic techniques to detect and mitigate the impact of attacks on network services. Denial-of-service attacks have been successful in denying legitimate traffic access to its required resources because existing routing protocols treat the attacking traffic equally as any normal traffic. This paper presents a proactive network defense framework that can be integrated with existing quality-of-service (QoS) protocols to provide differentiated services to network traffic flows based on their distance from the normal behavior. We introduce a new metric that we refer to as abnormality distance (AD) metric that can be used to classify traffic into normal, probable normal, probable abnormal (suspicious traffic), and abnormal (attacking traffic). The AD metric can then be used in conjunction with any QoS protocol to give high priority to normal traffic and lower priority to abnormal traffic. We demonstrate through several examples, how our approach can dynamically detect attacks, quantify their impact, and how to reduce the impacts and recover from them.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/JSAC.2005.854122</doi><tpages>11</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0733-8716
ispartof IEEE journal on selected areas in communications, 2005-10, Vol.23 (10), p.1983-1993
issn 0733-8716
1558-0008
language eng
recordid cdi_ieee_primary_1514527
source IEEE Electronic Library (IEL)
subjects Abnormalities
Abnormality distance (AD)
Computer crime
Diffserv networks
Internet
IP networks
Monitoring
network attack
Network servers
Networks
Priorities
proactive defense
Protection
Protocol (computers)
Protocols
Quality of service
quality-of-protection (QoP)
Telecommunication traffic
Traffic engineering
Traffic flow
Web and internet services
title Quality-of-protection (QoP)-an online monitoring and self-protection mechanism
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T21%3A12%3A13IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Quality-of-protection%20(QoP)-an%20online%20monitoring%20and%20self-protection%20mechanism&rft.jtitle=IEEE%20journal%20on%20selected%20areas%20in%20communications&rft.au=Hariri,%20S.&rft.date=2005-10-01&rft.volume=23&rft.issue=10&rft.spage=1983&rft.epage=1993&rft.pages=1983-1993&rft.issn=0733-8716&rft.eissn=1558-0008&rft.coden=ISACEM&rft_id=info:doi/10.1109/JSAC.2005.854122&rft_dat=%3Cproquest_RIE%3E896200271%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=869128547&rft_id=info:pmid/&rft_ieee_id=1514527&rfr_iscdi=true