A feedback control defense strategy for denial of service computer attacks

Author

Wu, Xiaoyi ; Cassandras, Christos G.

Author_Institution

Dept. of Manuf. Eng., Boston Univ., Brookline, MA, USA

Volume

1

fYear

2004

fDate

14-17 Dec. 2004

Firstpage

105

Abstract

Denial of service (DoS) attacks pose one of the most challenging security issues in computer networks. We propose a defense strategy against DoS attacks, which is based on a local detection component and a feedback control component. The former uses queue content information to detect potential attacks, and the latter controls the sending rate of upstream nodes. We include simulation results to illustrate the behavior of a network when using this strategy under both single-source and distributed DoS attacks, and to show its effectiveness in detecting "potential" attacks at an early stage, identifying attacking flows, and reducing the damage caused by such attacks. Finally, we identify performance metrics appropriate for optimizing the defense mechanism.

Keywords

computer networks; feedback; quality of service; security of data; denial of service computer attack; feedback control defense strategy; local detection component; performance metrics; potential attack detection; Computational modeling; Computer crime; Computer network management; Computer networks; Computer security; Computer viruses; Feedback control; Information security; Internet; Measurement;

fLanguage

English

Publisher

ieee

Conference_Titel

Decision and Control, 2004. CDC. 43rd IEEE Conference on

ISSN

0191-2216

Print_ISBN

0-7803-8682-5

Type

conf

DOI

10.1109/CDC.2004.1428614

Filename

1428614