Security '01 Abstract
MULTOPS: a data-structure for bandwidth attack detection
Thomer M. Gil and Massimiliano Poletto, Vrije Universiteit, Amsterdam, The Netherlands
M.I.T., Cambridge, MA, USA
A denial-of-service bandwidth attack is an attempt to
disrupt an online service by generating a traffic over-load
that clogs links or causes routers near the victim to
crash. We propose a heuristic and a data-structure that
network devices (such as routers) can use to detect (and
eliminate) such attacks. With our method, each network
device maintains a data-structure, MULTOPS, that mon-itors
certain traffic characteristics. MULTOPS (MUlti-Level
Tree for Online Packet Statistics) is a tree of nodes
that contains packet rate statistics for subnet prefixes at
different aggregation levels. The tree expands and con-tracts
within a fixed memory budget.
A network device using MULTOPS detects ongoing
bandwidth attacks by the significant, disproportional dif-ference
between packet rates going to and coming from
the victim or the attacker. MULTOPS-equipped routing
software running on an off-the-shelf 700 Mhz Pentium
III PC can process up to 340,000 packets per second.
- View the full text of this paper in
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.