University of Illinois Urbana-Champaign

Inter-middlepolice coordination framework and co-bottleneck detection

Li, Yifei

Permalink

https://hdl.handle.net/2142/105060

Description

Title
Inter-middlepolice coordination framework and co-bottleneck detection
Author(s)
Li, Yifei
Issue Date
2019-04-19
Director of Research (if dissertation) or Advisor (if thesis)
Hu, Yih-Chun
Department of Study
Electrical & Computer Eng
Discipline
Electrical & Computer Engr
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Keyword(s)
DDoS Mitigation, Computer Network, Distributed System, Cloud Computing
Abstract
Over the decades, with the prevalence of advanced computer networks, the problem of denial of service (DDoS) attack has become more serious. In the past years, many approaches have been proposed to mitigate DDoS attacks, but only a few have really tackled the challenge. The prior work of MiddlePolice presents a practical solution to enforce end-to-end policy in the middle of the Internet. It detects the capability of the downstream link by constantly observing flow congestion. Rate limiting can be further applied to flows that exceed the given capability. The MiddlePolice requires lightweight deployment at network devices but is capable of thwarting thousands of attack flows. The major defensive mechanism of MiddlePolice could easily suppress attacking traffic at a network router, thus enforcing sender fairness at the endpoint. However, to enforce global per-sender fairness, MiddlePolice shares congestion observations when it shares the downstream bottleneck with peers, which can potentially pollute the statistics collected. This thesis is a continuation of the original MiddlePolice project to complete the design. We propose a framework and a methodology to perform inter-middlepolice coordination on a cloud scale. We demonstrate the effectiveness of the inter-middlepolice coordination mechanism through detailed implementation and thorough evaluation. Further, we show that the proposed improvements preserve all principles of original MiddlePolice design and offer a more complete yet equally effective solution to modern computer networks and security applications.
Graduation Semester
2019-05
Type of Resource
text
Permalink
http://hdl.handle.net/2142/105060
Copyright and License Information
Copyright 2019 Yifei Li

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois
Dissertations and Theses - Electrical and Computer Engineering
Dissertations and Theses in Electrical and Computer Engineering