Selective dropping of rate limiting against denial of service attacks
Date of Award
2016
Degree Name
M.S. in Computer Science
Department
Department of Computer Science
Advisor/Chair
Advisor: Zhongmei Yao
Abstract
In a Denial of Service (DoS) attack, attackers attempt to prevent legitimate users from accessing services on the Internet. As the Internet was designed to keep its core simple (i.e., routers simply perform routing and forwarding, rather than deep packet inspection), DoS attacks are still an open issue. In this thesis, we propose a router-based system and shed light on the design of intelligent rate-limiting mechanisms for protecting the Internet against DoS attacks. Unlike blind dropping (tail dropping or random dropping) used in traditional Active Queue Management (AQM) mechanisms that have been employed by routers on the Internet, our rate-limiting system maintains a grey list and a black list and performs selective packet dropping. The grey list contains information regarding flows that exceed the low-rate threshold but have not hit the high-rate threshold, while the black list monitors the high-rate flows. Each list is implemented using a table/map with fixed size and hence can be easily employed in routers. We show via simulations that our algorithm significantly outperforms blind dropping mechanisms.
Keywords
Denial of service attacks, Internet Security measures, Routers (Computer networks), Internetworking (Telecommunication), Computer Science, rate limiting, denial of service, DoS, selective dropping, attack
Rights Statement
Copyright © 2016, author
Recommended Citation
Xia, Yu, "Selective dropping of rate limiting against denial of service attacks" (2016). Graduate Theses and Dissertations. 1158.
https://ecommons.udayton.edu/graduate_theses/1158
