TY - JOUR
T1 - Quality-of-protection (QoP) - An online monitoring and self-protection mechanism
AU - Hariri, Salim
AU - Qu, Guangzhi
AU - Modukuri, Ramkishore
AU - Chen, Huoping
AU - Yousif, Mazin
N1 - Funding Information:
Manuscript received May 1, 2004, revised December 3, 2004. This work was supported in part by a grant from Intel Corporation IT R&D Council. S. Hariri, G. Qu, and H Chen are with the Internet Technology Laboratory, University of Arizona, Tucson, AZ 85721 USA (e-mail: hariri@ece. arizona.edu; [email protected]; [email protected]). R. Modukuri was with the Department of Electrical and Computer Engineering Department, University of Arizona, Tucson, AZ 85721 USA. M. Yousif is with Intel Corporation, Hillsboro, OR 97124 USA (e-mail: [email protected]). Digital Object Identifier 10.1109/JSAC.2005.854122
PY - 2005/10
Y1 - 2005/10
N2 - With increasing faults and attacks on the Internet infrastructure, there is an impending need to provide automatic techniques to detect and mitigate the impact of attacks on network services. Denial-of-service attacks have been successful in denying legitimate traffic access to its required resources because existing routing protocols treat the attacking traffic equally as any normal traffic. This paper presents a proactive network defense frame-work that can be integrated with existing quality-of-service (QoS) protocols to provide differentiated services to network traffic flows based on their distance from the normal behavior. We introduce a new metric that we refer to as abnormality distance (AD) metric that can be used to classify traffic into normal, probable normal, probable abnormal (suspicious traffic), and abnormal (attacking traffic). The AD metric can then be used in conjunction with any QoS protocol to give high priority to normal traffic and lower priority to abnormal traffic. We demonstrate through several examples, how our approach can dynamically detect attacks, quantify their impact, and how to reduce the impacts and recover from them.
AB - With increasing faults and attacks on the Internet infrastructure, there is an impending need to provide automatic techniques to detect and mitigate the impact of attacks on network services. Denial-of-service attacks have been successful in denying legitimate traffic access to its required resources because existing routing protocols treat the attacking traffic equally as any normal traffic. This paper presents a proactive network defense frame-work that can be integrated with existing quality-of-service (QoS) protocols to provide differentiated services to network traffic flows based on their distance from the normal behavior. We introduce a new metric that we refer to as abnormality distance (AD) metric that can be used to classify traffic into normal, probable normal, probable abnormal (suspicious traffic), and abnormal (attacking traffic). The AD metric can then be used in conjunction with any QoS protocol to give high priority to normal traffic and lower priority to abnormal traffic. We demonstrate through several examples, how our approach can dynamically detect attacks, quantify their impact, and how to reduce the impacts and recover from them.
KW - Abnormality distance (AD)
KW - Network attack
KW - Proactive defense
KW - Quality-of-protection (QoP)
UR - http://www.scopus.com/inward/record.url?scp=27644564187&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=27644564187&partnerID=8YFLogxK
U2 - 10.1109/JSAC.2005.854122
DO - 10.1109/JSAC.2005.854122
M3 - Article
AN - SCOPUS:27644564187
SN - 0733-8716
VL - 23
SP - 1983
EP - 1993
JO - IEEE Journal on Selected Areas in Communications
JF - IEEE Journal on Selected Areas in Communications
IS - 10
ER -