Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
A router-based technique to mitigate reduction of quality (RoQ) attacks
 

Summary: A router-based technique to mitigate reduction
of quality (RoQ) attacks
Amey Shevtekar, Nirwan Ansari *
Advanced Networking Laboratory, Department of Electrical and Computer Engineering,
New Jersey Institute of Technology, Newark, NJ 07102, United States
Received 21 February 2007; received in revised form 3 November 2007; accepted 22 November 2007
Available online 4 December 2007
Abstract
We propose a router-based technique to mitigate the stealthy reduction of quality (RoQ) attacks at the routers in the
Internet. The RoQ attacks have been shown to impair the QoS sensitive VoIP and the TCP traffic in the Internet. It is
difficult to detect these attacks because of their low average rates. We also show that our generalized approach can detect
these attacks even if they employ the source IP address spoofing, the destination IP address spoofing, and undefined peri-
odicity to evade several router-based detection systems. The detection system operates in two phases: in phase 1, the pres-
ence of the RoQ attack is detected from the readily available per flow information at the routers, and in phase 2, the attack
filtering algorithm drops the RoQ attack packets. Assuming that the attacker uses the source IP address and the destina-
tion IP address spoofing, we propose to detect the sudden increase in the traffic load of all the expired flows within a short
period. In a network without RoQ attacks, we show that the traffic load of all the expired flows is less than certain thresh-
olds, which are derived from real Internet traffic analysis. We further propose a simple filtering solution to drop the attack
packets. The filtering scheme treats the long-lived flows in the Internet preferentially, and drops the attack traffic by mon-
itoring the queue length if the queue length exceeds a threshold percent of the queue limit. Our results show that we can

  

Source: Ansari, Nirwan - Department of Electrical and Computer Engineering, New Jersey Institute of Technology

 

Collections: Engineering