NJIT: Electrical and Computer Engineering: NJIT - Department of Electrical & Computer Engineering: Management and Control of a Computer Under Denial of Service Attacks

About Admissions Academics Student Life Research Continuing Ed Career Services Athletics News Giving

ECE Home About ECE

Chair's Welcome Advisory Board Student Advisory Board Industry Partners

Industry Advisory Board Opportunities with Industry

ECE Committees

Why Study Electrical & Computer Engineering at NJIT? Our People

Administration Faculty Opportunities

Academics Research

Highlights

Learning Beyond the Classroom

Student Success and News

Careers in ECE & Industry Partners News & Events

Archived News Seminars Newsletters

Info for Students Contact Us

Electrical and Computer Engineering

Management and Control of a Computer Under Denial of Service Attacks

PhD Defense

By: Sui Song
Advisor: Constantine Manikopoulos
Department of Electrical and Computer Engineering

Time: 1:30pm, Thursday, Dec. 15th, 2005.
Place: Meeting Room 300,York building, NJIT. Directions

Abstract

Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. On the defense side, current technologies are still unable to withstand large-scale attacks.

In this dissertation, a Computer Network Management and Control System (CNMCS) is proposed, which consists of Flow-based Network Intrusion Detection System (FNIDS), Flow-based Congestion Control (FCC) System and Server Bandwidth Management System (SBMS) to form a multi-lined defense system to protect the private network from DDoS flooding. As the first line of defense system, Flow-based Network Intrusion Detection System is responsible for detecting attacks and controls a firewall to block malicious clients. Based on Multi-stage Flow Aggregation Architecture, an Adaptive Packet Aggregation Approach (APAA) is developed to address the problem that a huge amount of flooding packets or flows exhausts memories and CPU resources. Since current detection of the attack reported in literature is unreliable and may have high false-positives, a Flow-based Congestion Control (FCC) is developed for a second defense line, which consists of a Fine-grained QoS regulator and PID controller. The whole system adopts a control-theoretic approach to adjust the flow rate of every link to maintain the high priority flow-rates at their desired level. In the last line of defense system, a Server Bandwidth Defense System (SBMS) utilizes the DynaTraX™ switch to create a critical and meaningful solution to stop hackers from intruding into networks.

Committee Members:

Constantine Manikopoulos, Advisor, Associate Professor, ECE Dept., NJIT
Mengchu Zhou, Professor, ECE Dept., NJIT
Roberto Rojas-Cessa, Assistant Professor, ECE Dept., NJIT
Jie Hu, Assistant Professor, ECE Dept., NJIT
Zhixiong Chen, Associate Professor, Division of Math and CIS, Mercy College

Copyright 2009 New Jersey Institute of Technology University Heights, Newark, New Jersey 07102 (973) 596-3000 Maintained by Department of Electrical & Computer Engineering.
Date of last update: 05/08/2009 12:27:03