Analysis and design of an intrusion tolerance node for application in traffic shaping

Author

Baik, Nam-Kyun ; Kang, Nam-hi ; Pak, Hyeon-Mee ; Sim, Won-Tae

Author_Institution

IT Security Evaluation Div., KISA, Seoul

fYear

2008

Firstpage

857

Lastpage

862

Abstract

This study analyzes performance enhancement by proposing an intrusion tolerance technique for application to traffic shaping, which is implemented by token buckets or leaky buckets, in order to design a security node that can maintain a service by tolerating network-based denial of service attacks. As a result of the analysis, the transmission ratio of the normal traffic was increased significantly by preventing system down through input traffic adjustment and by reducing the loss ratio of the harmful traffic to a great extent, in order to sustain service availability. Consequently, the outcome of the study is expected to contribute to the design of an efficient security network structure that can resist network-based service denial attacks.

Keywords

computer networks; telecommunication security; telecommunication traffic; intrusion tolerance node; network-based denial of service attacks; security network structure; traffic shaping; Application software; Bandwidth; Computer crime; Computer security; IP networks; Information analysis; Information security; Performance analysis; Telecommunication traffic; Traffic control; denial of service(DoS); intrusion tolerance; leaky bucket; token bucket; traffic shaping;

fLanguage

English

Publisher

ieee

Conference_Titel

Control, Automation and Systems, 2008. ICCAS 2008. International Conference on

Conference_Location

Seoul

Print_ISBN

978-89-950038-9-3

Electronic_ISBN

978-89-93215-01-4

Type

conf

DOI

10.1109/ICCAS.2008.4694647

Filename

4694647