Random early detection gateways for congestion avoidance
IEEE/ACM Transactions on Networking (TON)
Efficient fair queueing using deficit round-robin
IEEE/ACM Transactions on Networking (TON)
Tracing Network Attacks to Their Sources
IEEE Internet Computing
Edge-to-edge measurement-based distributed network monitoring
Computer Networks: The International Journal of Computer and Telecommunications Networking
Monitoring and controlling QoS network domains
International Journal of Network Management
You Can Run, But You Can't Hide: An Effective Statistical Methodology to Trace Back DDoS Attackers
IEEE Transactions on Parallel and Distributed Systems
Analysis of traceback techniques
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
LRED: A Robust and Responsive AQM Algorithm Using Packet Loss Ratio Measurement
IEEE Transactions on Parallel and Distributed Systems
Accurate and efficient SLA compliance monitoring
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Probabilistic packet marking for large-scale IP traceback
IEEE/ACM Transactions on Networking (TON)
Definition and Evaluation of Penalty Functions in SLA Management Framework
ICNS '08 Proceedings of the Fourth International Conference on Networking and Services
A Fractional-Step DDoS Attack Source Traceback Algorithm Based on Autonomous System
IIH-MSP '08 Proceedings of the 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing
CDM-based design and performance evaluation of a robust AQM method for dynamic TCP/AQM networks
Computer Communications
Effective RED: An algorithm to improve RED's performance by reducing packet loss rate
Journal of Network and Computer Applications
One-way queuing delay measurement and its application on detecting DDoS attack
Journal of Network and Computer Applications
Network Topology Inference Based on Delay Variation
ICACC '09 Proceedings of the 2009 International Conference on Advanced Computer Control
Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks
IEEE Transactions on Parallel and Distributed Systems
Assured end-to-end QoS through adaptive marking in multi-domain differentiated services networks
Computer Communications
Botnet: classification, attacks, detection, tracing, and preventive measures
ICICIC '09 Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control
Network-based real-time connection traceback system (NRCTS) with packet marking technology
ICCSA'03 Proceedings of the 2003 international conference on Computational science and its applications: PartII
Traceback of DDoS Attacks Using Entropy Variations
IEEE Transactions on Parallel and Distributed Systems
SLA-based complementary approach for network intrusion detection
Computer Communications
Modified Deterministic Packet Marking for DDoS Attack Traceback in IPv6 Network
CIT '11 Proceedings of the 2011 IEEE 11th International Conference on Computer and Information Technology
A novel architecture for detecting and defending against flooding-based DDoS attacks
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
On detecting service violations and bandwidth theft in QoS network domains
Computer Communications
Evaluation and characterization of available bandwidth probing techniques
IEEE Journal on Selected Areas in Communications
IEEE Network: The Magazine of Global Internetworking
IEEE Network: The Magazine of Global Internetworking
Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics
IEEE Transactions on Information Forensics and Security
Hi-index | 0.00 |
Bandwidth abuse is a critical Internet service violation. However, its origins are difficult to detect and trace given similarities between abusive and normal traffic. So far, there is no capable and scalable mechanism to deal with bandwidth abuse. This paper proposes a distributed edge-to-edge model for monitoring service level agreement (SLA) violations and tracing abusive traffic to its origins. The mechanism of policing misbehaving user traffic at a single random early detection (RED) gateway is used in the distributed monitoring of SLA violations, including violations carried out through several gateways. Each RED gateway reports misbehaving users who have been sent notifications of traffic policing to an SLA monitoring unit. Misbehaving users are considered suspicious users and their consumed bandwidth shares are aggregated at every gateway to be compared with SLA-specified ratios. Bandwidth is abused when SLA-specified ratios are exceeded. By reporting bandwidth abuse, illegitimate users can be isolated from legitimate ones and source hosts of abusive traffic may be traced. Approximate simulation results show that the proposed model can detect any SLA violation and identify abusive users. In addition, the proposed model can trace user violations back to their source machines in real time.