Self-Determining Forwarding Scheme for Defending against Query-Flooding Based DDoS Attacks in Unstructured Peer-to-Peer Systems
Open Access
Author:
Chou, Kang-Hsien
Graduate Program:
Computer Science and Engineering
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
September 18, 2008
Committee Members:
Wang Chien Lee, Thesis Advisor/Co-Advisor
Keywords:
query flooding forwarding
Abstract:
A flooding-based search mechanism is commonly used in unstructured peer-to-peer systems, such as Gnutella. However, due to its flooding nature, this mechanism is vulnerable to query-flooding based distributed denial-of-service (DDoS) attacks. Most existing defense techniques only protect networks from network layer DDoS attacks or are unsuitable for peer-to-peer systems. Hence, this thesis proposes a DDoS defense technique aiming at the distributed and dynamic nature of peer-to-peer systems. Each peer in the system can decide to drop or forward a query according to information of the query issuer’s past behavior sent along with a received query. This information includes whether or not the query issuer has downloaded a reasonable amount of files during each of the past observation intervals. Verification of the proposed scheme uses real Internet topologies generated from BRITE to simulate query-flooding based DDoS attacks. The simulation results show the effectiveness of the proposed scheme. Moreover, the result shows that the scheme can mitigate query-flooding based DDoS attacks while malicious peers cooperate with each other to cheat defense approaches.
