Title :
A feedback control defense strategy for denial of service computer attacks
Author :
Wu, Xiaoyi ; Cassandras, Christos G.
Author_Institution :
Dept. of Manuf. Eng., Boston Univ., Brookline, MA, USA
Abstract :
Denial of service (DoS) attacks pose one of the most challenging security issues in computer networks. We propose a defense strategy against DoS attacks, which is based on a local detection component and a feedback control component. The former uses queue content information to detect potential attacks, and the latter controls the sending rate of upstream nodes. We include simulation results to illustrate the behavior of a network when using this strategy under both single-source and distributed DoS attacks, and to show its effectiveness in detecting "potential" attacks at an early stage, identifying attacking flows, and reducing the damage caused by such attacks. Finally, we identify performance metrics appropriate for optimizing the defense mechanism.
Keywords :
computer networks; feedback; quality of service; security of data; denial of service computer attack; feedback control defense strategy; local detection component; performance metrics; potential attack detection; Computational modeling; Computer crime; Computer network management; Computer networks; Computer security; Computer viruses; Feedback control; Information security; Internet; Measurement;
Conference_Titel :
Decision and Control, 2004. CDC. 43rd IEEE Conference on
Print_ISBN :
0-7803-8682-5
DOI :
10.1109/CDC.2004.1428614
