Over the decades, with the prevalence of advanced computer networks, the problem of denial of service (DDoS) attack has become more serious. In the past years, many approaches have been proposed to mitigate DDoS attacks, but only a few have really tackled the challenge. The prior work of MiddlePolice presents a practical solution to enforce end-to-end policy in the middle of the Internet. It detects the capability of the downstream link by constantly observing flow congestion. Rate limiting can be further applied to flows that exceed the given capability. The MiddlePolice requires lightweight deployment at network devices but is capable of thwarting thousands of attack flows. The major defensive mechanism of MiddlePolice could easily suppress attacking traffic at a network router, thus enforcing sender fairness at the endpoint. However, to enforce global per-sender fairness, MiddlePolice shares congestion observations when it shares the downstream bottleneck with peers, which can potentially pollute the statistics collected.
This thesis is a continuation of the original MiddlePolice project to complete the design. We propose a framework and a methodology to perform inter-middlepolice coordination on a cloud scale. We demonstrate the effectiveness of the inter-middlepolice coordination mechanism through detailed implementation and thorough evaluation. Further, we show that the proposed improvements preserve all principles of original MiddlePolice design and offer a more complete yet equally effective solution to modern computer networks and security applications.
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
LI-THESIS-2019.pdf
