MULTOPS: A Data-Structure for Bandwidth Attack Detection

Abstract

A denial-of-service bandwidth attack is an attempt to disrupt an online service by generating a traffic overload that clogs links or causes routers near the victim to crash. We propose a heuristic and a data-structure that network devices (such as routers) can use to detect (and eliminate) such attacks. With our method, each network device maintains a data-structure, MULTOPS, that monitors certain traffic characteristics. MULTOPS (MUlti-Level Tree for Online Packet Statistics) is a tree of nodes that contains packet rate statistics for subnet prefixes at different aggregation levels. The tree expands and contracts within a fixed memory budget. A network device using MULTOPS detects ongoing bandwidth attacks by the significant, disproportional difference between packet rates going to and coming from the victim or the attacker. MULTOPS-equipped routing software running on an off-the-shelf 700 Mhz Pentium III PC can process up to 340,000 packets per second.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 27, 2001
Accession Number
ADA401819

Entities

People

  • Massimiliano Poletto
  • Thomer M. Gil

Organizations

  • Vrije Universiteit Amsterdam

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Bandwidth
  • Computer Networks
  • Computer Science
  • Contracts
  • Cyberattacks
  • Data Centers
  • Denial Of Service Attack
  • Detection
  • Information Operations
  • Internet
  • Intrusion Detection
  • Lists (Data Structures)
  • Network Protocols
  • Networks
  • Standards
  • Statistics
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Combustion and Flow Dynamics.
  • Computer Networking