Zhongwen Li

An Analytical Model for DDoS Attacks and Defense

Distributed denial of service (DDoS) attack has been identified as one of the most serious problems on the Internet. While much of the current research focus on DDoS countermeasures, little attention has been paid on DDoS modeling, which is one of the important aspects that can help provide better solutions against DDoS attacks. This paper proposes an analytical model for the interactions between DDoS attack party and defense party, which allows us to have a deep insight of the interactions between the attack and defense parties. Many refinements of the basic analytical model such as reinforcement of the defense party and loss in defense party are given in the paper, which suit for many real DDoS scenarios. Moreover, the applications of this model demonstrate that the model can precisely estimate the effectiveness of a DDoS defense system before it encounters different attacks and quantitatively estimate the optimal level of investment on DDoS defense system. Additionally, it can also be applied to model some other network security problems such as virus and spam defense

On the Effectiveness of Flexible Deterministic Packet Marking for DDoS Defense

IP traceback is one of the defense mechanisms for distributed denial of service (DDoS) attacks. However, most traceback schemes consume extensive resources such as CPU, memory, disk storage and bandwidth and require a large amount of IP packets to reconstruct sources, which makes them impractical and ineffective. In this paper, we present a new flexible IP traceback scheme called flexible deterministic packet marking (FDPM). The flexibilities of FDPM are in two ways, one is that it can adjust the length of marking field according to the network protocols deployed, thus it can work well even in an environment with different network protocols; the other is that it can adjust the marking rate according to the load of participating router, while it still can maintain the marking function. In order to verify the effectiveness of FDPM for DDoS defense in terms of marking efficiency, maximum forwarding rate, and number of packets for reconstruction, we tested FDPM by both simulation and Linux router implementation with an emphasis on the latter. The experiments demonstrate that the built-in overload prevention mechanism, flow-based marking, can isolate and mark the most possible DDoS attack packets, while keeping the load of the participating router in a reasonably low degree. The real hardware implementation confirms that this flexible capability is important when traceback mechanisms are used in a real DDoS defense scenario.

Optimizing Adaptive Checkpointing Schemes for Grid Workflow Systems

One of the major challenges in wide use of grid workflow systems is fault tolerance and avoidance. Checkpointing schemes provide a way of fault detection and recovery. In our research, we focus on performance optimization of checkpointing schemes for grid workflow systems. We propose a set of adaptive checkpointing schemes that dynamically adjust the checkpointing intervals online by using store-checkpoints (SCPs) and compare-checkpoints (CCPs). These schemes can efficiently utilize comparison and storage operations and significantly improve the performance. Further, these schemes can calculate the optimal numbers of checkpoints by which minimize the mean execution time. We also expand the schemes from single-task execution scenarios to multitask execution scenarios. Simulation results show these schemes outstandingly increase the likelihood of timely task completion when faults occur

A Cross-Authentication Model for Heterogeneous Domains in Active Networks

Active network has been applied widely recently. The current status is that there is coexistence of multi-PKI in heterogeneous domains. We have noticed there are little work has been done in cross-certification for heterogeneous domains. In this paper, we propose a cross-authentication model for the raised issue. Our system implements mutual entity authentication among heterogeneous domains based on Cert-PKI and ID-PKI. The theoretical analysis and the preliminary experiments demonstrate that the proposed system possesses the properties of high security and stability.

Simulation and Analysis of DDoS in Active Defense Environment

Currently there is very few data that can describe the whole profile of a DDoS attack. In this paper, the active DDoS defense system deploys a number of sub-systems, such as Flexible Deterministic Packet Marking (FDPM) and Mark-Aided Distributed Filtering (MADF). In addition, two DDoS tools, TFN2K and Trinoo, are adopted and integrated into SSFNet to create virtual DDoS networks to simulate the attacks. Then, simulation experiments are used to evaluate the performance of the active DDoS defense system. At last, we set up a model to describe the interactions between DDoS attack and defense party, which allows us to have a deep insight of the interactions between the attack and defense parties. Experiment results shows that the model can precisely estimate the defense effectiveness of the system when it encounters attacks.

Mathematical Analysis of Active DDoS Defense Systems

Based on the idea of active DDoS defense system, we discuss designing aims and characteristics of DDoS analytical model. Then we set up a model to describe the combat between attackers and defenders, which quantitatively give the strengths and the relationships. At last, experiments have proved the validity of the proposed model. We can extend this basic analytical model to estimate the effectiveness of a DDoS defense system before it encounters different

Performance Optimization of Checkpointing Schemes with Task Duplication

Using store-checkpoints (SCPs) and compare-checkpoints (CCPs), we present an adaptive checkpointing scheme that dynamically adjusts the checkpointing interval on line in this paper. With additional SCPs and CCPs, we can use both the comparison and storage operations in an efficient way and improve the performance of checkpointing schemes. Further, we obtain methods to calculate the optimal numbers of checkpoints by which minimize the mean execution times. Simulation results show that compared to previous methods, the proposed approach significantly increases the likelihood of timely task completion in the present of faults