Design and Validation of PATRICIA for the Mitigation of Network Flooding Attacks

Author

Wang, Lan ; Wu, Qishi ; Liu, Yaoqing

Author_Institution

Dept. of Comput. Sci., Univ. of Memphis, Memphis, TN, USA

Volume

2

fYear

2009

fDate

29-31 Aug. 2009

Firstpage

651

Lastpage

658

Abstract

A recent trend in Internet denial-of-service attacks is to distribute the attack sources among a large number of compromised computers. To effectively control such attacks, the attack traffic must be stopped at an early stage, which means those edge networks that host the attack sources must be given proper incentives and mechanisms to stop undesirable traffic. We previously proposed an architecture called PATRICIA, where edge networks cooperate to prevent misbehaving sources from flooding traffic in both control and data channels. In this paper, we flesh out the details of the control protocols in PATRICIA and propose an important revision to the previous design to make it more robust against collusion attacks. Furthermore, we present the results from extensive simulation experiments to validate our design.

Keywords

Internet; telecommunication security; Internet; PATRICIA; collusion attack; denial-of-service attack; network flooding attack; Communication system traffic control; Computer crime; Floods; Information filtering; Information filters; Internet; Large-scale systems; Protocols; Telecommunication traffic; Traffic control; Denial-of-Service attack mitigation; capability; collusion attack; control traffic flooding; packet filtering;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Science and Engineering, 2009. CSE '09. International Conference on

Conference_Location

Vancouver, BC

Print_ISBN

978-1-4244-5334-4

Electronic_ISBN

978-0-7695-3823-5

Type

conf

DOI

10.1109/CSE.2009.141

Filename

5283821