Application-level distributed denial of service prevention in a replicated system

Author(s)
Vandiver, Alexander M
Thumbnail
DownloadFull printable version (2.143Mb)
Alternative title
Application-level DDoS prevention in a replicated system
Other Contributors
Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
Advisor
Hari Balakrishnan.
Terms of use
M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582
Metadata
Show full item record
Abstract
This paper presents the design and implementation of DFQ (Distributed Fair Queueing), a distributed system for defending a replicated set of HTTP servers against application-level distributed denial of service (DDoS) attacks. By using a modification of weighted fair queueing, all clients are guaranteed a fair share of the servers. no matter how many or which servers they connect to. DFQ continues to provide fair service even against malicious clients who are able to spoof additional IP addresses. It is also capable of accommodating HTTP proxies, which regularly provide many times more traffic than a single host. Such properties are desirable for package management servers and the like, whose responsiveness in the presence of flash crowds and malicious attackers is paramount to the security of the overall system.
Description
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.
 
Includes bibliographical references (p. 35-38).
 
Date issued
2007
URI
http://hdl.handle.net/1721.1/46463
Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Publisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.
Collections