TY - GEN
T1 - Optimal filter assignment policy against transit-link distributed denial-of-service attack
AU - Biswas, Rajorshi
AU - Wu, Jie
AU - Chang, Wei
AU - Ostovari, Pouya
N1 - Funding Information:
This research was supported in part by NSF grants CNS 1824440, CNS 1828363, CNS 1757533, CNS 1618398, CNS 1651947, and CNS 1564128.
Publisher Copyright:
© 2019 IEEE.
PY - 2019/12
Y1 - 2019/12
N2 - A transit-link distributed denial-of- service (DDoS) attack is a special attack in which the attacker sends out a huge number of requests to exhaust the capacity of a link on the path the traffic comes to a server. As a result, denial-of- service and degradation of Quality-of-Service (QoS) occurs. Because the attack traffic does not go to the victim, protecting the legitimate traffic alone is hard for the victim. With the help of a special type of router called filter router (FR), the victim can protect the legitimate traffic. A FR can receive filter from servers and apply the filter to block a link incident to it. By analyzing traffic rates and paths, the victim can identify some links that may be congested. The victim needs to select some of these possible congested links and send a filter to the corresponding FR so that the legitimate traffic follows non-congested paths. In this paper, we formulate an optimization problem for selecting the minimum number of possible congested links so that the legitimate traffic goes through a non-congested path. We consider the scenario where every user has at least one non- congested shortest path. We transform the problem to the vertex separation problem to find the links to block. We build our own Java multi-threaded simulator and conduct extensive simulations.
AB - A transit-link distributed denial-of- service (DDoS) attack is a special attack in which the attacker sends out a huge number of requests to exhaust the capacity of a link on the path the traffic comes to a server. As a result, denial-of- service and degradation of Quality-of-Service (QoS) occurs. Because the attack traffic does not go to the victim, protecting the legitimate traffic alone is hard for the victim. With the help of a special type of router called filter router (FR), the victim can protect the legitimate traffic. A FR can receive filter from servers and apply the filter to block a link incident to it. By analyzing traffic rates and paths, the victim can identify some links that may be congested. The victim needs to select some of these possible congested links and send a filter to the corresponding FR so that the legitimate traffic follows non-congested paths. In this paper, we formulate an optimization problem for selecting the minimum number of possible congested links so that the legitimate traffic goes through a non-congested path. We consider the scenario where every user has at least one non- congested shortest path. We transform the problem to the vertex separation problem to find the links to block. We build our own Java multi-threaded simulator and conduct extensive simulations.
UR - http://www.scopus.com/inward/record.url?scp=85079940184&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85079940184&partnerID=8YFLogxK
U2 - 10.1109/GLOBECOM38437.2019.9013985
DO - 10.1109/GLOBECOM38437.2019.9013985
M3 - Conference contribution
AN - SCOPUS:85079940184
T3 - 2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings
BT - 2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2019 IEEE Global Communications Conference, GLOBECOM 2019
Y2 - 9 December 2019 through 13 December 2019
ER -