Application - Level Distributed Denial of Service Prevention in a Replicated System

نویسنده

  • Hari Balakrishnan
چکیده

This paper presents the design and implementation of DFQ (Distributed Fair Queueing), a distributed system for defending a replicated set of HTTP servers against application-level distributed denial of service (DDoS) attacks. By using a modification of weighted fair queueing, all clients are guaranteed a fair share of the servers, no matter how many or which servers they connect to. DFQ continues to provide fair service even against malicious clients who are able to spoof additional IP addresses. It is also capable of accommodating HTTP proxies, which regularly provide many times more traffic than a single host. Such properties are desirable for package management servers and the like, whose responsiveness in the presence of flash crowds and malicious attackers is paramount to the security of the overall system. Thesis Supervisor: Hari Balakrishnan Title: Professor

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets

Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...

متن کامل

Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks

Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...

متن کامل

An Integrated Approach to Defence Against Degrading Application-Layer DDoS Attacks

Application layer Distributed Denial of Service (DDoS) attacks are recognized as one of the most damaging attacks on the Internet security today. In our recent work [1], we have shown that unsupervised machine learning can be effectively utilized in the process of distinguishing between regular (human) and automated (web/botnet crawler) visitors to a web site. We have also shown that with a sli...

متن کامل

RESCUE: Reputation based Service for Cloud User Environment

Exceptional characteristics of Cloud computing has replaced all traditional computing. With reduced resource management and without in-advance investment, it has been victorious in making the IT world to migrate towards it. Microsoft announced its office package as Cloud, which can prevent people moving from Windows to Linux. As this drift is escalating in an exponential rate, the cloud environ...

متن کامل

Distributed Denial of Service Attacks: A Review

A wireless sensor network (WSN) is a wireless network consisting of spatially distributed autonomous devices using sensors to monitor physical or environmental conditions.WSN is a fluorishing network that has numerous applications and could be used in diverse scenarios. DDoS (Distributed Denial of Service) is an attack where a number of compromised systems attack a single target, thereby causin...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014