Adaptive Selective Verification: An Efficient Adaptive Countermeasure to Thwart DoS Attacks

Adaptive Selective Verification: An Efficient Adaptive Countermeasure to Thwart DoS Attacks

Denial-of-service (DoS) attacks are considered within the province of a shared channel model in which attack rates may be large but are bounded and client request rates vary within fixed bounds. In this setting, it is shown that clients can adapt effectively to an attack by increasing their request...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE/ACM transactions on networking 2012-06, Vol.20 (3), p.715-728
Hauptverfasser: Khanna, S., Venkatesh, S. S., Fatemieh, O., Khan, F., Gunter, C. A.
Format: Artikel
Sprache:eng
Schlagworte:
Adaptive systems
Bandwidth
Channels
Computer crime
Denial of service attacks
distributed denial of service (DDoS)
Networks
Optimization
performance analysis
Pruning
Random sampling
Reservoirs
Routing protocols
selective verification
Servers
Servers (computers)
shared channel model
theorem
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Denial-of-service (DoS) attacks are considered within the province of a shared channel model in which attack rates may be large but are bounded and client request rates vary within fixed bounds. In this setting, it is shown that clients can adapt effectively to an attack by increasing their request rate based on timeout windows to estimate attack rates. The server will be able to process client requests with high probability while pruning out most of the attack by selective random sampling. The protocol introduced here, called Adaptive Selective Verification (ASV), is shown to use bandwidth efficiently and does not require any server state or assumptions about network congestion. The main results of the paper are a formulation of optimal performance and a proof that ASV is optimal.
ISSN:1063-6692
1558-2566
DOI:10.1109/TNET.2011.2171057