采用自适应带宽分配方法防御DDoS攻击

2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008) Pub Date : 2008-04-24 DOI:10.1109/MUE.2008.23

Chu-Hsing Lin, Jung-Chun Liu, Hsun-Chi Huang, Tsung-Che Yang

{"title":"采用自适应带宽分配方法防御DDoS攻击","authors":"Chu-Hsing Lin, Jung-Chun Liu, Hsun-Chi Huang, Tsung-Che Yang","doi":"10.1109/MUE.2008.23","DOIUrl":null,"url":null,"abstract":"Denial of service attacks occur when the attacks are from a single host, whereas distributed denial of service attacks occur when multiple affected systems flood the bandwidth or resources of a targeted system. Although it is not possible to exempt entirely from denial of service or distributed denial of service attacks, we can limit the malicious user by controlling the traffic flow. In the paper, we propose to monitor the traffic pattern in order to alleviate distributed denial of service attacks. A bandwidth allocation policy will be adopted to assign normal users to a high priority queue and suspected attackers to a low priority queue. Simulations conducted in network simulator of our proposed priority queue-based scheme shows its effectiveness in blocking attack traffic while maintaining constant flows for legitimate traffic.","PeriodicalId":203066,"journal":{"name":"2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":"{\"title\":\"Using Adaptive Bandwidth Allocation Approach to Defend DDoS Attacks\",\"authors\":\"Chu-Hsing Lin, Jung-Chun Liu, Hsun-Chi Huang, Tsung-Che Yang\",\"doi\":\"10.1109/MUE.2008.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Denial of service attacks occur when the attacks are from a single host, whereas distributed denial of service attacks occur when multiple affected systems flood the bandwidth or resources of a targeted system. Although it is not possible to exempt entirely from denial of service or distributed denial of service attacks, we can limit the malicious user by controlling the traffic flow. In the paper, we propose to monitor the traffic pattern in order to alleviate distributed denial of service attacks. A bandwidth allocation policy will be adopted to assign normal users to a high priority queue and suspected attackers to a low priority queue. Simulations conducted in network simulator of our proposed priority queue-based scheme shows its effectiveness in blocking attack traffic while maintaining constant flows for legitimate traffic.\",\"PeriodicalId\":203066,\"journal\":{\"name\":\"2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008)\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"34\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MUE.2008.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MUE.2008.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 34

摘要

拒绝服务攻击发生在单个主机上，而分布式拒绝服务攻击发生在多个受影响的系统占用目标系统的带宽或资源时。虽然不可能完全免除拒绝服务攻击或分布式拒绝服务攻击，但我们可以通过控制流量来限制恶意用户。在本文中，我们提出了监控流量模式，以减轻分布式拒绝服务攻击。采用带宽分配策略，将正常用户分配到高优先级队列，将嫌疑攻击者分配到低优先级队列。在网络模拟器上对我们提出的基于优先级队列的方案进行了仿真，结果表明该方案在阻止攻击流量的同时保持合法流量不变。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Using Adaptive Bandwidth Allocation Approach to Defend DDoS Attacks

Denial of service attacks occur when the attacks are from a single host, whereas distributed denial of service attacks occur when multiple affected systems flood the bandwidth or resources of a targeted system. Although it is not possible to exempt entirely from denial of service or distributed denial of service attacks, we can limit the malicious user by controlling the traffic flow. In the paper, we propose to monitor the traffic pattern in order to alleviate distributed denial of service attacks. A bandwidth allocation policy will be adopted to assign normal users to a high priority queue and suspected attackers to a low priority queue. Simulations conducted in network simulator of our proposed priority queue-based scheme shows its effectiveness in blocking attack traffic while maintaining constant flows for legitimate traffic.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008)

自引率

0.00%

发文量