Manikopoulos, Constantine N. (Committee chair)
Zhou, MengChu (Committee member)
Rojas-Cessa, Roberto (Committee member)
Hu, Jie (Committee member)
Chen, Zhixiong (Committee member)
Statica, Robert (Committee member)
Date:
2006-01
Keywords:
IDS
Flow control
QoS
Firewall
Availability:
Unrestricted
Abstract:
Flooding-based distributed denial-of-service (DDoS) attacks present a serious and major threat to the targeted enterprises and hosts. Current protection technologies are still largely inadequate in mitigating such attacks, especially if they are large-scale. In this doctoral dissertation, the Computer Network Management and Control System (CNMCS) is proposed and investigated; it consists of the Flow-based Network Intrusion Detection System (FNIDS), the Flow-based Congestion Control (FCC) System, and the Server Bandwidth Management System (SBMS). These components form a composite defense system intended to protect against DDoS flooding attacks. The system as a whole adopts a flow-oriented and anomaly-based approach to the detection of these attacks, as well as a control-theoretic approach to adjust the flow rate of every link to sustain the high priority flow-rates at their desired level. The results showed that the misclassification rates of FNIDS are low, less than 0.1%, for the investigated DDOS attacks, while the fine-grained service differentiation and resource isolation provided within the FCC comprise a novel and powerful built-in protection mechanism that helps mitigate DDoS attacks.
If you have any questions please contact the ETD Team, libetd@njit.edu.