Files in this item

FilesDescriptionFormat

application/pdf

application/pdfLI-THESIS-2019.pdf (1MB)Restricted to U of Illinois
(no description provided)PDF

Description

Title:Inter-middlepolice coordination framework and co-bottleneck detection
Author(s):Li, Yifei
Advisor(s):Hu, Yih-Chun
Department / Program:Electrical & Computer Eng
Discipline:Electrical & Computer Engr
Degree Granting Institution:University of Illinois at Urbana-Champaign
Degree:M.S.
Genre:Thesis
Subject(s):DDoS Mitigation, Computer Network, Distributed System, Cloud Computing
Abstract:Over the decades, with the prevalence of advanced computer networks, the problem of denial of service (DDoS) attack has become more serious. In the past years, many approaches have been proposed to mitigate DDoS attacks, but only a few have really tackled the challenge. The prior work of MiddlePolice presents a practical solution to enforce end-to-end policy in the middle of the Internet. It detects the capability of the downstream link by constantly observing flow congestion. Rate limiting can be further applied to flows that exceed the given capability. The MiddlePolice requires lightweight deployment at network devices but is capable of thwarting thousands of attack flows. The major defensive mechanism of MiddlePolice could easily suppress attacking traffic at a network router, thus enforcing sender fairness at the endpoint. However, to enforce global per-sender fairness, MiddlePolice shares congestion observations when it shares the downstream bottleneck with peers, which can potentially pollute the statistics collected. This thesis is a continuation of the original MiddlePolice project to complete the design. We propose a framework and a methodology to perform inter-middlepolice coordination on a cloud scale. We demonstrate the effectiveness of the inter-middlepolice coordination mechanism through detailed implementation and thorough evaluation. Further, we show that the proposed improvements preserve all principles of original MiddlePolice design and offer a more complete yet equally effective solution to modern computer networks and security applications.
Issue Date:2019-04-19
Type:Text
URI:http://hdl.handle.net/2142/105060
Rights Information:Copyright 2019 Yifei Li
Date Available in IDEALS:2019-08-23
Date Deposited:2019-05


This item appears in the following Collection(s)

Item Statistics