Show simple item record

dc.contributor.advisorXie, Geoffrey
dc.contributor.authorVordos, Ioannis
dc.date.accessioned2012-03-14T17:43:14Z
dc.date.available2012-03-14T17:43:14Z
dc.date.issued2009-03
dc.identifier.urihttp://hdl.handle.net/10945/4817
dc.descriptionApproved for public release, distribution unlimited.en_US
dc.description.abstractA Denial of Service (DoS) occurs when legitimate users are prevented from using a service over a computer network. A Distributed Denial of Service (DDoS) attack is a more serious form of DoS in which an attacker uses the combined power of many hosts to flood and exhaust the networking or computing resources of a target server. In recent years, DDoS attacks have become a major threat to both civilian and military networks. Multi-Protocol Label Switching with Traffic Engineering (MPLS-TE) is an emerging technology that allows explicit, bandwidth-guaranteed packet forwarding paths to be established for different traffic flows. It provides a means for diverting packets of a suspected DDoS attack for analysis and cleaning before forwarding them to the actual destination. The objective of this research was to implement and evaluate the performance of an MPLS-TE based solution against DDoS attacks on a realistic test-bed network consisting of Cisco routers. The test-bed has been integrated with Snort®, an open source Intrusion Detection System (IDS), to achieve automatic detection and to mitigate DDoS attacks. The test-bed network was subject to a series of malicious traffic flows with varying degrees of intensity. The results demonstrated that MPLS-TE is very effective in mitigating such attacks. The overall system response time and the router CPU loads are comparable to those reported by two former NPS theses that examined alternative solutions based on BGP blackhole routing.en_US
dc.description.urihttp://archive.org/details/mitigatingdistri109454817
dc.format.extentxiv, 119 p. : ill. (chiefly col.) ;en_US
dc.publisherMonterey, California. Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, it may not be copyrighteden_US
dc.subject.lcshTraffic engineeringen_US
dc.subject.lcshComputer networksen_US
dc.subject.lcshDesign and constructionen_US
dc.titleMitigating distributed denial of service attacks with Multiprotocol Label Switching--Traffic Engineering (MPLS-TE)en_US
dc.typeThesisen_US
dc.contributor.secondreaderFulp, John D.
dc.contributor.corporateNaval Postgraduate School (U.S.)
dc.description.recognitionOutstanding Thesisen_US
dc.description.serviceHellenic Navy author.en_US
dc.identifier.oclc319715623
etd.thesisdegree.nameM.S.en_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US
etd.verifiednoen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record