Show simple item record

dc.contributor.authorYou, Yonghua
dc.contributor.otherQueen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))en
dc.date2007-08-22 23:01:20.581en
dc.date.accessioned2007-08-29T18:13:06Z
dc.date.available2007-08-29T18:13:06Z
dc.date.issued2007-08-29T18:13:06Z
dc.identifier.urihttp://hdl.handle.net/1974/653
dc.descriptionThesis (Master, Computing) -- Queen's University, 2007-08-22 23:01:20.581en
dc.description.abstractDistributed denial of service (DDoS) attacks are widely regarded as a major threat to the Internet. A flooding-based DDoS attack is a very common way to attack a victim machine by sending a large number of malicious traffic. In this thesis, we propose a distance-based distributed DDoS defense framework which defends against attacks by coordinating between the distance-based DDoS defense systems of the source ends and the victim end. The proposed defense system has three major components: detection, traceback, and response. In the detection component, two distance-based detection techniques are employed. First, a distance-based technique is used to detect attacks based on a distance statistical model. Second, a statistical traffic rate forecasting technique is applied to identify attack traffic within the traffic, that are separated based on distance to the victim-end network. For the traceback component, the existing Fast Internet Traceback (FIT) technique is employed to find remote edge routers which forward attack traffic to the victim. In the response component, the distance-based rate limit mechanism quickly lowers attack traffic by setting up rate limits on these routers. We evaluate the distance-based DDoS defense system on a network simulation platform called NS2. The results demonstrate that both detection techniques are capable of detecting flooding-based DDoS attacks, and the defense system can effectively control attack traffic to sustain quality of service for legitimate users. Moreover, the system shows better performance in defeating flooding-based DDoS attacks compared to the pushback technique which uses a local aggregate congestion control mechanism.en
dc.format.extent2126570 bytes
dc.format.mimetypeapplication/pdf
dc.languageenen
dc.language.isoenen
dc.relation.ispartofseriesCanadian thesesen
dc.rightsThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.en
dc.subjectNetwork securityen
dc.subjectDDoSen
dc.titleA defense framework for flooding-based DDoS attacksen
dc.typeThesisen
dc.description.degreeMasteren
dc.contributor.supervisorZulkernine, Mohammaden
dc.contributor.departmentComputingen


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record