Defence against denial of service in self-aware networks

Denial of Service (DoS) has become a prevalent threat in today’s networks. Motivated by an impressive variety of reasons and directed against an equally impressive variety of targets, DoS attacks are not as difficult to launch as one would expect. Protection against them is, however, disproportionately difficult. Despite the extensive research in recent years, DoS attacks continue to harm. In our thesis, we start with a historic timeline of DoS incidents to illustrate the variety of types, targets and motives and how DoS attacks evolved during the last 10 years. We then present an overview of the existing proposals on both detection of such attacks and defence against them. Recognising the fact that the networks of the near future will feature self-awareness and online interaction with the users, we investigate the application of existing techniques together with novel techniques that we have designed, on the DoS resilience of Self-Aware Networks (SAN). We introduce a generic framework of DoS protection based on the dropping of probable illegitimate traffic, and we present a mathematical model with which we can measure the impact that both attack and defence have on the performance of a network. The mathematical results are validated with simulation results and experimental measurements in a SAN environment. We then introduce a variation of the generic defence, by using prioritisation and rate-limiting instead of simple dropping. We describe the implementation details and present experimental results. We also present a tool based on our mathematical model, which can recommend the optimal number and distribution of tasks among the defending nodes in a network. Last, we sketch potential future