In-Network Defense Against Distributed Denial-of-Service on the Internet
Loading...
Date
2020-02-27
Authors
Zhang, Mingwei
Journal Title
Journal ISSN
Volume Title
Publisher
University of Oregon
Abstract
Distributed denial-of-service (DDoS) attacks continue to threaten the availability and integrity of critical Internet infrastructure upon which the society relies more heavily than ever before. The extremely high volume and distributed nature of modern DDoS attacks render traditional “edge-defense” solutions (either victim-side or attack-source-side) less effective. This thesis studies in-network DDoS filtering, i.e. filtering traffic inside the Internet, that aims to address these problems by distributing the workload of filtering DDoS traffic at strategically chosen locations inside the Internet. This dissertation conducts a systematic study of three different aspects of an effective and deployable in-network DDoS defense, including: 1) in-network defense incentives, 2) in-network defense filter placement strategies, and 3) in-network defense filter placement algorithm design and evaluation. This dissertation not only shows that the majority of the Internet Service Providers (ISPs) have incentive to participate in in-network DDoS defense, but also examines in-network defense strategies, including proposing a new one, and describes the design and evaluation of an effective in-network filter placement algorithm.
Description
Keywords
cyber-security, distributed denial-of-service, in-network filtering, network security