Use this URL to cite or link to this record in EThOS:
Title: Detecting, tracing and mitigating against denial of service in IP networks
Author: Alenezi, Mohammed N. M.
ISNI:       0000 0004 5359 5570
Awarding Body: University of Essex
Current Institution: University of Essex
Date of Award: 2014
Availability of Full Text:
Access from EThOS:
Denial of service (DoS) has become one of the most significant security threats in the Internet. The existing limitations of the Internet protocols and the available tools make DoS attack easy to launch and effective in causing damage. There are many different forms of DoS attack in terms of the attack types, attack architecture, involved machines, and attack volume. For example, the number of the machines involved in a DoS attack could vary from a single attacker machine to distributed, compromised and non-compromised machines forming what is known as distributed denial of service (DDoS). This thesis investigates DoS attacks and proposes several defending techniques, which cover detection, traceback, and mitigation. Firstly, the proposed detection technique, namely the Congestion Window Detection Technique (CWDT), provides a fast detection time and low false positive rate compared with existing techniques. The CWDT monitors the congestion window of the target in a defined time interval during the attack and uses the cumulative sum (CUSUM) statistic to detect the attack. Secondly, two different traceback techniques to identify the origin of the attack are proposed. The first traceback technique, namely the Selective Record Route Technique (SRRT), uses the Record ROute option of the IP header to selectively record the IP addresses of certain routers. The SRRT reduces the convergence time of the traceback significantly. The second technique, Uniform Probabilistic Packet Marking (UPPM), injects the IP address of the router inside the packet based on a predefined marking probability. UPPM can generalise the analysis of other marking techniques and improves the convergence time. Finally, a mitigation technique, Selective Windowed Rate Limiting (SWiRL), is presented to lessen the damage caused by the attack traffic. It significantly reduces the damage to legitimate traffic compared with other existing mitigation techniques.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available