MF (minority first) scheme for defeating distributed denial of service attacks

Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003 Pub Date : 2003-09-23 DOI:10.1109/ISCC.2003.1214283

Gaeil An, Kiyoung Kim, Jong-Su Jang

{"title":"MF (minority first) scheme for defeating distributed denial of service attacks","authors":"Gaeil An, Kiyoung Kim, Jong-Su Jang","doi":"10.1109/ISCC.2003.1214283","DOIUrl":null,"url":null,"abstract":"The one of the biggest barrier that hinders Internet development is security problem caused by malicious user. In this paper, we deal with distributed denial of service (DDoS) attacks that monopolize network resource, thus result in network or system congestion. Under DDoS attack, its very difficult to provide legitimate users with their fair share of available network resource. This paper proposes MF (minority first) as a traffic metering and control scheme that can provide quick weakness of DDoS attack, while protecting legitimate user's traffic. The key idea of MF scheme is to provide good quality of service (QoS) to sources that use the network resource properly and poor QoS to sources that use network resource so excessively as to result in network congestion. MF scheme is composed of both source-traffic-trunk based metering and queue mapping mechanism for controlling malicious DDoS traffic and legitimate traffic. To show our scheme's excellence, its performance is measured and compared with that of the existing queuing services and static rate-limit through simulation.","PeriodicalId":356589,"journal":{"name":"Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2003.1214283","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

The one of the biggest barrier that hinders Internet development is security problem caused by malicious user. In this paper, we deal with distributed denial of service (DDoS) attacks that monopolize network resource, thus result in network or system congestion. Under DDoS attack, its very difficult to provide legitimate users with their fair share of available network resource. This paper proposes MF (minority first) as a traffic metering and control scheme that can provide quick weakness of DDoS attack, while protecting legitimate user's traffic. The key idea of MF scheme is to provide good quality of service (QoS) to sources that use the network resource properly and poor QoS to sources that use network resource so excessively as to result in network congestion. MF scheme is composed of both source-traffic-trunk based metering and queue mapping mechanism for controlling malicious DDoS traffic and legitimate traffic. To show our scheme's excellence, its performance is measured and compared with that of the existing queuing services and static rate-limit through simulation.

查看原文本刊更多论文

MF(少数优先)方案，用于击败分布式拒绝服务攻击

阻碍互联网发展的最大障碍之一是恶意用户带来的安全问题。本文主要研究分布式拒绝服务(DDoS)攻击，这种攻击会垄断网络资源，导致网络或系统拥塞。在DDoS攻击下，很难为合法用户提供公平的可用网络资源。本文提出了一种能够在保护合法用户流量的同时，快速抵御DDoS攻击的流量计量和控制方案。MF方案的关键思想是为合理使用网络资源的源提供良好的服务质量(QoS)，而对过度使用网络资源导致网络拥塞的源提供较差的服务质量(QoS)。MF方案由基于源-流量-中继的计量和队列映射机制组成，用于控制恶意DDoS流量和合法DDoS流量。为了证明该方案的优越性，通过仿真对其性能进行了测量，并与现有的排队服务和静态速率限制进行了比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003

自引率

0.00%

发文量