The New Jersey Institute of Technology's
Electronic Theses & Dissertations Project

Title:	Flow-oriented anomaly-based detection of denial of service attacks with flow-control-assisted mitigation
Author:	Song, Sui
View Online:	njit-etd2006-036 (xv, 170 pages ~ 8.6 MB pdf)
Department:	Department of Electrical and Computer Engineering
Degree:	Doctor of Philosophy
Program:	Electrical Engineering
Document Type:	Dissertation
Advisory Committee:	Manikopoulos, Constantine N. (Committee chair) Zhou, MengChu (Committee member) Rojas-Cessa, Roberto (Committee member) Hu, Jie (Committee member) Chen, Zhixiong (Committee member) Statica, Robert (Committee member)
Date:	2006-01
Keywords:	IDS Flow control QoS Firewall
Availability:	Unrestricted
Abstract:	Flooding-based distributed denial-of-service (DDoS) attacks present a serious and major threat to the targeted enterprises and hosts. Current protection technologies are still largely inadequate in mitigating such attacks, especially if they are large-scale. In this doctoral dissertation, the Computer Network Management and Control System (CNMCS) is proposed and investigated; it consists of the Flow-based Network Intrusion Detection System (FNIDS), the Flow-based Congestion Control (FCC) System, and the Server Bandwidth Management System (SBMS). These components form a composite defense system intended to protect against DDoS flooding attacks. The system as a whole adopts a flow-oriented and anomaly-based approach to the detection of these attacks, as well as a control-theoretic approach to adjust the flow rate of every link to sustain the high priority flow-rates at their desired level. The results showed that the misclassification rates of FNIDS are low, less than 0.1%, for the investigated DDOS attacks, while the fine-grained service differentiation and resource isolation provided within the FCC comprise a novel and powerful built-in protection mechanism that helps mitigate DDoS attacks.