TY - JOUR
T1 - Adaptive selective verification
T2 - An efficient adaptive countermeasure to thwart DoS attacks
AU - Khanna, Sanjeev
AU - Venkatesh, Santosh S.
AU - Fatemieh, Omid
AU - Khan, Fariba
AU - Gunter, Carl A.
N1 - Funding Information:
Manuscript received March 18, 2010; accepted August 11, 2011; approved by IEEE/ACM TRANSACTIONS ON NETWORKING Editor M. Kodialam. Date of publication October 20, 2011; date of current version June 12, 2012. This work was supported in part by the NSF CNS under Grant 05-24516 and a grant from Boeing. The views expressed are those of the authors only.
PY - 2012/6
Y1 - 2012/6
N2 - Denial-of-service (DoS) attacks are considered within the province of a shared channel model in which attack rates may be large but are bounded and client request rates vary within fixed bounds. In this setting, it is shown that clients can adapt effectively to an attack by increasing their request rate based on timeout windows to estimate attack rates. The server will be able to process client requests with high probability while pruning out most of the attack by selective random sampling. The protocol introduced here, called Adaptive Selective Verification (ASV), is shown to use bandwidth efficiently and does not require any server state or assumptions about network congestion. The main results of the paper are a formulation of optimal performance and a proof that ASV is optimal.
AB - Denial-of-service (DoS) attacks are considered within the province of a shared channel model in which attack rates may be large but are bounded and client request rates vary within fixed bounds. In this setting, it is shown that clients can adapt effectively to an attack by increasing their request rate based on timeout windows to estimate attack rates. The server will be able to process client requests with high probability while pruning out most of the attack by selective random sampling. The protocol introduced here, called Adaptive Selective Verification (ASV), is shown to use bandwidth efficiently and does not require any server state or assumptions about network congestion. The main results of the paper are a formulation of optimal performance and a proof that ASV is optimal.
KW - Bandwidth
KW - distributed denial of service (DDoS)
KW - performance analysis
KW - selective verification
KW - shared channel model
KW - theorem
UR - http://www.scopus.com/inward/record.url?scp=84862578082&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84862578082&partnerID=8YFLogxK
U2 - 10.1109/TNET.2011.2171057
DO - 10.1109/TNET.2011.2171057
M3 - Article
AN - SCOPUS:84862578082
SN - 1063-6692
VL - 20
SP - 715
EP - 728
JO - IEEE/ACM Transactions on Networking
JF - IEEE/ACM Transactions on Networking
IS - 3
M1 - 6086738
ER -