A Destination-based filtering mechanism for preventing DoS attacks.


Arnold Suvatne
Wayland Yu
Matt Caesar

Project Proposal

We will design and implement a simulation of a protocol to limit DoS attacks. This simulation will use Berkeley Sockets and run on an isolated network. We will measure the QoS to two different types of nodes (1) nodes under attack, (2) nodes not under attack. We expect the overall QoS can potentially improve under this system, and we will attempt to quantify these differences via experiments.

Variants in our experiment include:

  1. Network topology (we'll try (a) a tree and (b) a regular network)
  2. Threshold (we'll vary the threshold that the filtering kicks in)
  3. Layering (we should have filtering on several different levels -- maybe filter first on subnet id, then on host id; perhaps have different thresholds at different levels).
We'll also look at assumptions and trust models (there must be a certain amount of cooperation among entities -- what environments would this be useful, perhaps large networks like Exodus or AOL, or maybe at the ISP / School / corporate intranet level)

We will also provide a rudimentary analytical model based on Queuing theory. Each node in our network will be modelled as an M/M/1 queue and we will derive a formula for end-to-end bandwidth for legitimate traffic.


  1. BPF+ Exploiting Global Data-flow Optimization in a Generalized Packet Filter Architecture. Begel, et al.
  2. On Computing Per-session Performance Bounds in High-Speed Multi-Hop Computer Networks. Kurose.
  3. Security on Computer Networks. Costello.

Page last modified on 4/20/2000