Random early detection gateways for congestion avoidance
IEEE/ACM Transactions on Networking (TON)
TCP and explicit congestion notification
ACM SIGCOMM Computer Communication Review
Efficient network QoS provisioning based on per node traffic shaping
IEEE/ACM Transactions on Networking (TON)
Explicit allocation of best-effort packet delivery service
IEEE/ACM Transactions on Networking (TON)
Promoting the use of end-to-end congestion control in the Internet
IEEE/ACM Transactions on Networking (TON)
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Traffic Shaping at a Network Node: Theory, Optimum Design, Admission Control
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice
ACM Transactions on Computer Systems (TOCS)
Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
An immunological model of distributed detection and its application to computer security
An immunological model of distributed detection and its application to computer security
Proceedings of the 2004 ACM workshop on Rapid malcode
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A survey of congestion control schemes for multicast video applications
IEEE Communications Surveys & Tutorials
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Overview of security issues of VOIP
IMSA'07 IASTED European Conference on Proceedings of the IASTED European Conference: internet and multimedia systems and applications
NetADHICT: a tool for understanding network traffic
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
TrackBack spam: abuse and prevention
Proceedings of the 2009 ACM workshop on Cloud computing security
Overview of security issues of VoIP
EurolMSA '07 Proceedings of the Third IASTED European Conference on Internet and Multimedia Systems and Applications
Pushback for overlay networks: protecting against malicious insiders
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Reclaiming the blogosphere, talkback: a secure linkback protocol for weblogs
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Hi-index | 0.00 |
In this paper we explore the feasibility of mitigating network denial-of-service (NDoS) attacks (attacks that consume network bandwidth) by dynamically regulating learned classes of network traffic. Our classification technique clusters packets based on the similarity of their contents – both headers and payloads – using a variation of n-grams which we call (p,n)-grams. We then allocate shares of bandwidth to each of these clusters using an adaptive traffic management technique. Our design intent is that excessive bandwidth consumers (e.g. UDP worms, flash crowds) are segregated so that they cannot consume bandwidth to the exclusion of other network traffic. Because this strategy, under congestion conditions, increases the packet drop rate experienced by sets of similar flows and thus reduces the relative drop rate of other, dissimilar flows, we characterize this strategy as diversity-based traffic management. We explain the approach at a high level and report on preliminary results that indicate that network traffic can be quickly and concisely learned, and that this classification can be used to regulate the bandwidth allocated to both constant packet and polymorphic flash UDP worms.