TY - GEN
T1 - Filter Assignment Policy Against Distributed Denial-of-Service Attack
AU - Biswas, Rajorshi
AU - Wu, Jie
N1 - Funding Information:
This research was supported in part by NSF grants CNS 1757533, CNS1629746, CNS 1564128, CNS 1449860, CNS 1461932, CNS1460971, and IIP 1439672.
Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - A denial-of-service (DoS) attack is a cyber-attack in which the attacker sends out a huge number of requests to exhaust the capacity of a server, so that it can no longer serve incoming requests and DoS occurs. The most devastating distributed DoS attack is performed by malicious programs called bots. With the help of a special type of router called filter router, the victim can protect itself and reduce useless congestion in the network. A server can send out filters to filter routers for blocking attack traffic. The victim needs to select a subset of filter routers wisely to minimize attack traffic and blockage of legitimate users (LUs). In this paper, we formulate two problems for selecting filter routers given a constraint on the number of filters. The first problem considers the source-based filter and we provide greedy approximation solutions. The second problem considers the destination-based filter and how to minimize total amount of attack traffic and blocked LUs. We propose a dynamic programming solution for the second problem. We present simulation results comparing the proposed solutions with a naive approach. Our simulation results strengthen support for our solutions.
AB - A denial-of-service (DoS) attack is a cyber-attack in which the attacker sends out a huge number of requests to exhaust the capacity of a server, so that it can no longer serve incoming requests and DoS occurs. The most devastating distributed DoS attack is performed by malicious programs called bots. With the help of a special type of router called filter router, the victim can protect itself and reduce useless congestion in the network. A server can send out filters to filter routers for blocking attack traffic. The victim needs to select a subset of filter routers wisely to minimize attack traffic and blockage of legitimate users (LUs). In this paper, we formulate two problems for selecting filter routers given a constraint on the number of filters. The first problem considers the source-based filter and we provide greedy approximation solutions. The second problem considers the destination-based filter and how to minimize total amount of attack traffic and blocked LUs. We propose a dynamic programming solution for the second problem. We present simulation results comparing the proposed solutions with a naive approach. Our simulation results strengthen support for our solutions.
UR - http://www.scopus.com/inward/record.url?scp=85063341550&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063341550&partnerID=8YFLogxK
U2 - 10.1109/PADSW.2018.8644584
DO - 10.1109/PADSW.2018.8644584
M3 - Conference contribution
AN - SCOPUS:85063341550
T3 - Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS
SP - 537
EP - 544
BT - Proceedings - 2018 IEEE 24th International Conference on Parallel and Distributed Systems, ICPADS 2018
PB - IEEE Computer Society
T2 - 24th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2018
Y2 - 11 December 2018 through 13 December 2018
ER -