Title :
Adaptive Selective Verification: An Efficient Adaptive Countermeasure to Thwart DoS Attacks
Author :
Khanna, Sanjeev ; Venkatesh, Santosh S. ; Fatemieh, Omid ; Khan, Fariba ; Gunter, Carl A.
Author_Institution :
Univ. of Pennsylvania, Philadelphia, PA, USA
fDate :
6/1/2012 12:00:00 AM
Abstract :
Denial-of-service (DoS) attacks are considered within the province of a shared channel model in which attack rates may be large but are bounded and client request rates vary within fixed bounds. In this setting, it is shown that clients can adapt effectively to an attack by increasing their request rate based on timeout windows to estimate attack rates. The server will be able to process client requests with high probability while pruning out most of the attack by selective random sampling. The protocol introduced here, called Adaptive Selective Verification (ASV), is shown to use bandwidth efficiently and does not require any server state or assumptions about network congestion. The main results of the paper are a formulation of optimal performance and a proof that ASV is optimal.
Keywords :
protocols; ASV protocol; adaptive selective verification protocol; client request rates; denial-of-service attack; network congestion; selective random sampling; thwart DoS attacks; Adaptive systems; Bandwidth; Computer crime; Reservoirs; Routing protocols; Servers; Bandwidth; distributed denial of service (DDoS); performance analysis; selective verification; shared channel model; theorem;
Journal_Title :
Networking, IEEE/ACM Transactions on
DOI :
10.1109/TNET.2011.2171057
