Autonomic networking is one of the hot research topics in the research area of future network architectures.In this paper, we introduce context-aware and autonomic attributes into DiffServ QoS framework, and propose a...Autonomic networking is one of the hot research topics in the research area of future network architectures.In this paper, we introduce context-aware and autonomic attributes into DiffServ QoS framework, and propose a novel autonomic packet marking(APM) algorithm.In the proposed autonomic QoS framework, APM is capable of collecting various QoS related contexts, and adaptively adjusting its behavior to provide better QoS guarantee according to users' requirements and network conditions.Simulation results show that APM provides better performance than traditional packet marker, and significantly improves user's quality of experience.展开更多
A novel deterministic packet marking (DPM) for IP traceback against denial of service (DOS) and distributed denial of service (DDoS) attacks is presented, which features good scalability and high accuracy. In th...A novel deterministic packet marking (DPM) for IP traceback against denial of service (DOS) and distributed denial of service (DDoS) attacks is presented, which features good scalability and high accuracy. In this scheme, an ingress router pre-calculates a Hash of its IP address and splits the Hash into several fragments. When marking a packet, the router randomly selects a fragment to mark into the packet. In the traceback stage the victim identifies the marked router with the help of the map of its upstream routers. Based on the map, the victim can identify a candidate ingress router after receiving only several marked packets. The scheme overcomes defects in previous deterministic packet marking schemes, where too much packets are required to recover a router and high false positive rate occurs in case of large-scale DDoS. Theoretical analysis, the pseudo code and experimental results are provided. The scheme is proved to be accurate and efficient and can handle large-scale DDoS attacks.展开更多
The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and t...The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and traceback mechanism is proposed, which features rapid response and high accuracy. In this scheme, routers apply packet marking scheme and send traceback messages, which enables the victim to design the path tree in peace time. During attack times the victim can trace attackers back within the path tree and perform rapid packet filtering using the marking in each packet. Traceback messages overcome Pi's limitation, wherein too much path information is lost in path identifiers; whereas path identifiers can be used to expedite the design of the path-tree, which reduces the high overhead in iTrace. Therefore, our scheme not only synthesizes the advantages but also compromises the disadvantages of the above two methods. Simulation results with NS-2 show the validity of our scheme.展开更多
基金Supported by the National Grand Fundamental Research 973 Program of China under Grant No. 2009CB320504the National High Technology Development 863 Program of China under Grant No.2007AA01Z206 and No.2009AA01Z210the EU FP7 Project EFIPSANS (INFSO-ICT-215549)
文摘Autonomic networking is one of the hot research topics in the research area of future network architectures.In this paper, we introduce context-aware and autonomic attributes into DiffServ QoS framework, and propose a novel autonomic packet marking(APM) algorithm.In the proposed autonomic QoS framework, APM is capable of collecting various QoS related contexts, and adaptively adjusting its behavior to provide better QoS guarantee according to users' requirements and network conditions.Simulation results show that APM provides better performance than traditional packet marker, and significantly improves user's quality of experience.
基金supported by the Hi-Tech Research and Development Program of China (2009AA01Z433)
文摘A novel deterministic packet marking (DPM) for IP traceback against denial of service (DOS) and distributed denial of service (DDoS) attacks is presented, which features good scalability and high accuracy. In this scheme, an ingress router pre-calculates a Hash of its IP address and splits the Hash into several fragments. When marking a packet, the router randomly selects a fragment to mark into the packet. In the traceback stage the victim identifies the marked router with the help of the map of its upstream routers. Based on the map, the victim can identify a candidate ingress router after receiving only several marked packets. The scheme overcomes defects in previous deterministic packet marking schemes, where too much packets are required to recover a router and high false positive rate occurs in case of large-scale DDoS. Theoretical analysis, the pseudo code and experimental results are provided. The scheme is proved to be accurate and efficient and can handle large-scale DDoS attacks.
基金the National Natural Science Foundation of China (60273091)Blue Project in Nanjing University of Posts and Telecommunications (NY207118)
文摘The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and traceback mechanism is proposed, which features rapid response and high accuracy. In this scheme, routers apply packet marking scheme and send traceback messages, which enables the victim to design the path tree in peace time. During attack times the victim can trace attackers back within the path tree and perform rapid packet filtering using the marking in each packet. Traceback messages overcome Pi's limitation, wherein too much path information is lost in path identifiers; whereas path identifiers can be used to expedite the design of the path-tree, which reduces the high overhead in iTrace. Therefore, our scheme not only synthesizes the advantages but also compromises the disadvantages of the above two methods. Simulation results with NS-2 show the validity of our scheme.
