Mitigation of DoS attacks through QoS regulation

Author

Garg, Aman ; Narasimha Reddy, A.L.

Author_Institution

TippingPoint Technol., Austin, TX, USA

fYear

2002

fDate

6/24/1905 12:00:00 AM

Firstpage

45

Lastpage

53

Abstract

As more and more critical services are provided over the Internet, the risk to these services from malicious users is also increasing. Several networks have witnessed denial of service attacks in the past. This paper reports on our experience in building a Linux-based prototype to mitigate the effect of such attacks. Our prototype provides an efficient way to keep track of server and network resources at the network layer and allows aggregate resource regulation. Our scheme provides a general, and not attack specific, mechanism to provide graceful server degradation in the face of such an attack. We report on the rationale of our approach, the experience in building the prototype, and the results from real experiments. We show that traditional rate-based regulation combined with proposed window-based regulation of resources at the aggregate level at the network layer is a feasible vehicle for mitigating the impact of DOS attacks on end servers.

Keywords

Internet; Unix; network operating systems; network servers; quality of service; security of data; telecommunication control; telecommunication security; DoS attacks mitigation; Internet; Linux-based prototype; QoS regulation; World Wide Web; aggregate resource regulation; denial of service attacks; network layer; network resources; quality of service; rate control; rate-based regulation; server; window control; window-based regulation; Bandwidth; Broadcasting; Computer crime; Data structures; Floods; Network servers; Protection; Protocols; Prototypes; Vehicles;

fLanguage

English

Publisher

ieee

Conference_Titel

Quality of Service, 2002. Tenth IEEE International Workshop on

Print_ISBN

0-7803-7426-6

Type

conf

DOI

10.1109/IWQoS.2002.1006573

Filename

1006573