MPhil Thesis Defence


"A Distributed Scheme to Detect and Defend Against Distributed Denial of
Service Attacks"

By

Mr. Chi-Pan Li


Abstract

Distributed denial of service (DDoS) attacks present a serious threat to
the Internet. They exhaust the critical resources at a target by engaging
the power of a large number of compromised Internet hosts and hence deny
services to legitimate clients. The current Internet infrastructure is
vulnerable to DDoS attacks since it has no built-in attack defense
mechanisms. This thesis investigates effective methods that can be
practically deployed in the Internet for detection and defense against
DDoS attacks. We propose a distributed scheme that can mitigate the damage
caused by DDoS through a coordinated detection and response framework.
This proposed scheme composes of a number of heterogeneous defense systems
which cooperatively protect Internet servers. To evaluate the
effectiveness of the proposed scheme, a prototype has been implemented,
and a large network testbed has been constructed for carrying out
experimental studies using real server machines and attack tools. The
performance results show that compared to three other existing schemes,
the proposed scheme greatly improves the throughput of legitimate traffic
during an attack while effectively suppressing the attack traffic to an
insignificant level. More importantly, our scheme works reasonably well
even in a partial deployment environment.


Date:			Tuesday, 19 August 2003

Time:			3:00p.m.-5:00p.m.

Venue:			Room 1505
			Lifts 25-26

Committee Members:		Prof. Samuel Chanson (Supervisor)
			Dr. Dit-Yan Yeung (Chairman)
			Dr. Shing-Chi Cheung


**** ALL are Welcome ****