Network Traffic Filtering: Using Stamps, Bitmaps, and Host Diversities
Date Issued
2007
Date
2007
Author(s)
Huang, Chun-Ying
DOI
en-US
Abstract
As the maturity of Internet infrastructures, more and more hosts can be reached through the Internet. People now can enjoy high-speed network easily in their own places. Also the evolving of modern telecommunication technologies makes it possible for hand-held and mobile devices to access the Internet everywhere. However, these changes also bring several new problems. Since there are always bugs in softwares and most users are unaware of security flaws, Internet-connected personal computers or even enterprise servers are possible to be used to construct playgrounds for virus, worms, and hackers. The popularity of peer-to-peer file sharing and multimedia streaming softwares also brings new challenges to the network. The load of peer-to-peer traffic has now dominated the whole traffic and is even harmful to traditional Internet applications.
In this thesis, we endeavored to solve problems brought by modern network applications in the matured networks, especially focused on network system security and heavy-loaded peer-to-peer traffic problems. Our methodologies to solve these problems can be explained briefly in three stages. First, we collect several different traces including publicly available Internet traces and privately header or full-payload packet traces in our campus. Based on these traces, we then design algorithms to detect, mitigate, and filter those unwanted or harmful network traffic. Finally, these algorithms are evaluated by running simulation using the collected real traffic.
Our main contributions are three-fold. First, we propose a solution to detect and mitigate distributed denial-of-service between trusted network domains. The solution requires cooperations of the two trusted network domains. Therefore, we then propose another efficient algorithms to mitigate network attacks against general client networks, which is mostly composed of client hosts. The proposed algorithm, which is based on the observed traffic in our campus, does not need any cooperations and have only constant complexities on both computations and storage spaces. Although the algorithm is designed based on observations from campus network, we believe that the traffic we collected can be representative of general network because it is unfiltered. With a little bit of modifications, the algorithm can be also used to bound the upload peer-to-peer traffic in client networks. However, it has some probabilities of dropping non-attack or non-peer-to-peer traffic. For this reason, a more accurate co-algorithm is proposed to reduce the false positives induced by the main algorithm. With these solutions, we have successfully built network traffic filters to handle network attacks and upload peer-to-peer traffic.
Subjects
位元映像(位元陣列)
分散式服務阻斷 (DDoS) 攻擊
主機連線多樣性
同儕式計算
戳記
流量過濾
bitmap
distributed denial of service (DDoS) attack
host diversity
peer-to-peer computing
stamp
traffic filtering
Type
thesis