Abstract
In this paper, we considera queueing model of computer network under DoS attacks. The arrival of SYN packets contains two types: the regular request packets and the attack packets that request for connections. We assume that the connection requests arrive according to a Poisson processes and the service times are general but different for the two types of requests. A maximum number of connections can be served at the same time. Each half-open connection is held for at most a deterministic or random period of time (timeout). We obtain the steady-state probability distribution of the stochastic process describing the evolution of such a system. Next, we show how to compute some security metrics such as the loss-probability or the buffer occupancy percentage of half-open connections for attack packets.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Proceedings of the 2001 USENIX Security Symposium, pp. 9–22. IEEE Press, New York (2001)
Long, M., Wu, C.-H., Hung, Y.: Denial of Service Attacks on Network-Based Control Systems: Impact and Mitigation. IEEE Transactions on Industrial Informatics 1(2), 85–96 (2005)
Khan, S., Traore, I.: Queue-based Analysis of DoS Attacks. In: Proceedings IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, pp. 266–273. IEEE Press, New York (2005)
Wang, Y., Lin, C., Li, Q.-L., Fang, Y.: A Queueing Analysis for the Denial of Service (DoS) Attacks. Computer Networks 51, 3564–3573 (2007)
Boteanu, D., Fernandez, J.M., McHugh, J., Mullins, J.: Queue Management as a DoS counter-measure? In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 263–280. Springer, Heidelberg (2007)
Gnedenko, B.V., Kovalenko, I.N.: Introduction to Queueing Theory, Nauka, Moscow (1967)
Chang, R.K.C.: Defending Against Flooding-Based Distributed Denial-of-Service Attacks: A tutorial. IEEE Communications Magazine 40(10), 42–51 (2002)
Xenakis, C., Laoutaris, N., Merakos, L., Stavrakis, L.: A Generic Characterization of the Overheads Imposed by IPsec and Associated Cryptographic Algorithms. Computer Networks 5(17), 3225–3241 (2006)
Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Defence Mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Sevastianov, B.A.: An Ergodic Theorem for Markov Processes and its Application to Telephone Systems with Refusals. Theory of Probability and it’s applications, Tom II 1, 106–116 (1957)
Foster, L., Cao, J., Cleveland, W., Lin, D., Sun, D.: Internet traffic tends toward Poisson and independent as the load increases. In: Denison, D., Hansen, M., Holmes, C., Mallick, B., Yu, B. (eds.) Nonlinear estimation and Classification. LNCS, vol. 171, pp. 83–110. Springer, Heidelberg (2003)
Borovkov, A.A.: Ergodicity and Stability of Stochastic Processes. Wiley Series in Prob. & Stat. J. Wiley & Sons, Chichester (1998)
Sengupta, D., Deshpande, J.V.: Some Results on the Relative Ageing of Two Life Distributions. J.Appl. Prob. 31, 991–1003 (1994)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aissani, A. (2008). Queueing Analysis for Networks Under DoS Attack. In: Gervasi, O., Murgante, B., Laganà, A., Taniar, D., Mun, Y., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2008. ICCSA 2008. Lecture Notes in Computer Science, vol 5073. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69848-7_41
Download citation
DOI: https://doi.org/10.1007/978-3-540-69848-7_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69840-1
Online ISBN: 978-3-540-69848-7
eBook Packages: Computer ScienceComputer Science (R0)