Research Article
A Double Horizon Defense Design for Robust Regulation of Malicious Traffic
@INPROCEEDINGS{10.1109/SECCOMW.2006.359585, author={Ying Xu and Roch Guerin}, title={A Double Horizon Defense Design for Robust Regulation of Malicious Traffic}, proceedings={2nd International ICST Conference on Security and Privacy in Comunication Networks}, publisher={IEEE}, proceedings_a={SECURECOMM}, year={2007}, month={5}, keywords={}, doi={10.1109/SECCOMW.2006.359585} }
- Ying Xu
Roch Guerin
Year: 2007
A Double Horizon Defense Design for Robust Regulation of Malicious Traffic
SECURECOMM
IEEE
DOI: 10.1109/SECCOMW.2006.359585
Abstract
Deploying defense mechanisms in routers holds promises for protecting infrastructure resources such as link bandwidth or router buffers against network denial-of-service (DoS) attacks. However, in spite of their efficacy against brute-force flooding attacks, existing router-based defenses often perform poorly when confronted to more sophisticated attack strategies. This paper presents the design and evaluation of a system aimed at identifying and containing a broad range of malicious traffic patterns. Its main feature is a double time horizon architecture, designed for effective regulation of attacking traffic at both short and long time scales. The short horizon component responds quickly to transient traffic surges that deviate significantly from regular (TCP) traffic, i.e., attackers that generate sporadic short bursts. Conversely, the long horizon mechanism enforces strict conformance with normal TCP behavior, but does so by considering traffic over longer time periods, and is therefore aimed at attackers that attempt to capture a significant amount of link bandwidth. The performance of the proposed system was tested extensively. Our findings suggest that the implementation cost of the system is reasonable, and that it is indeed efficient against various types of attacks while remaining transparent to normal TCP users