Adaptive selective verification: An efficient adaptive countermeasure to thwart DoS attacks

Sanjeev Khanna, Santosh S. Venkatesh, Omid Fatemieh, Fariba Khan, Carl A. Gunter

Research output: Contribution to journalArticlepeer-review

Abstract

Denial-of-service (DoS) attacks are considered within the province of a shared channel model in which attack rates may be large but are bounded and client request rates vary within fixed bounds. In this setting, it is shown that clients can adapt effectively to an attack by increasing their request rate based on timeout windows to estimate attack rates. The server will be able to process client requests with high probability while pruning out most of the attack by selective random sampling. The protocol introduced here, called Adaptive Selective Verification (ASV), is shown to use bandwidth efficiently and does not require any server state or assumptions about network congestion. The main results of the paper are a formulation of optimal performance and a proof that ASV is optimal.

Original languageEnglish (US)
Article number6086738
Pages (from-to)715-728
Number of pages14
JournalIEEE/ACM Transactions on Networking
Volume20
Issue number3
DOIs
StatePublished - Jun 1 2012

Keywords

  • Bandwidth
  • distributed denial of service (DDoS)
  • performance analysis
  • selective verification
  • shared channel model
  • theorem

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Adaptive selective verification: An efficient adaptive countermeasure to thwart DoS attacks'. Together they form a unique fingerprint.

Cite this