In-Network Defense Against Distributed Denial-of-Service on the Internet

Date and time: 
Wed, Jun 12 2019 - 2:00pm to Thu, Jun 13 2019 - 1:45pm
220 Deschutes
Mingwei Zhang
University of Oregon
  • Jun Li (Chair)
  • Hank Childs
  • Reza Rejaie
  • Jiabin Wu, Economics

Distributed denial-of-service (DDoS) attacks continue to threaten the availability and integrity of critical Internet infrastructure upon which the society relies more heavily than ever before. The extremely high volume and distributed nature of modern DDoS attacks render traditional "edge-defense" solutions (either victim-side or attack-source-side) less effective.

This thesis studies in-network DDoS filtering, i.e. filtering traffic inside the Internet, that aims to address these problems by distributing the workload of filtering DDoS traffic at strategically chosen locations inside the Internet.

This dissertation conducts a systematic study of three different aspects of an effective and deployable in-network DDoS defense, including:
1) in-network defense incentives,
2) in-network defense strategies, and
3) in-network defense system design and implementation.

This dissertation not only shows that the majority of the Internet Service Providers (ISPs) have incentive to participate in in-network DDoS defense, but also examines in-network defense strategies, including proposing a new one, and describes the design and evaluation of an effective and deployable in-network defense system.