Title :
Mitigation of DoS attacks through QoS regulation
Author :
Garg, Aman ; Narasimha Reddy, A.L.
Author_Institution :
TippingPoint Technol., Austin, TX, USA
fDate :
6/24/1905 12:00:00 AM
Abstract :
As more and more critical services are provided over the Internet, the risk to these services from malicious users is also increasing. Several networks have witnessed denial of service attacks in the past. This paper reports on our experience in building a Linux-based prototype to mitigate the effect of such attacks. Our prototype provides an efficient way to keep track of server and network resources at the network layer and allows aggregate resource regulation. Our scheme provides a general, and not attack specific, mechanism to provide graceful server degradation in the face of such an attack. We report on the rationale of our approach, the experience in building the prototype, and the results from real experiments. We show that traditional rate-based regulation combined with proposed window-based regulation of resources at the aggregate level at the network layer is a feasible vehicle for mitigating the impact of DOS attacks on end servers.
Keywords :
Internet; Unix; network operating systems; network servers; quality of service; security of data; telecommunication control; telecommunication security; DoS attacks mitigation; Internet; Linux-based prototype; QoS regulation; World Wide Web; aggregate resource regulation; denial of service attacks; network layer; network resources; quality of service; rate control; rate-based regulation; server; window control; window-based regulation; Bandwidth; Broadcasting; Computer crime; Data structures; Floods; Network servers; Protection; Protocols; Prototypes; Vehicles;
Conference_Titel :
Quality of Service, 2002. Tenth IEEE International Workshop on
Print_ISBN :
0-7803-7426-6
DOI :
10.1109/IWQoS.2002.1006573
