ABSTRACT
In order to research the detection and defense mechanisms of resource consumption attack better, we first model the processing of receiving packet on the host when attacked, aiming at analysis of the system behavior before implementation to determine the method of optimization. Due to resource consumption attacks sending large amounts of data packets to the attacker by using spoofed source IP address, both the server bandwidth capacity of communications link and router packet forwarding capabilities reduce ultimately, and thus could not provide normal service. Obviously, the queuing and congestion arising in the process of dealing with server packets, is all the characteristics of a random system, so queuing theory is as the theoretical tools for modeling[6]. Simulating the process of host dealing with packets to system model shown in Figure 1, this model is composed of S1 and S2 services, which indicate NIC hardware interrupt and user layer processing respectively. It is assumed that arrival of the data is the Poisson process with
1 INTRODUCTION
Internet has gradually become an indispensable tool in people’s daily life. However, with the deepening of Internet applications, network paralysis will result in huge economic losses. The Internet is a huge open system, there are many defects in the design and implementation of the agreement by self, together with the vulnerabilities in upper layer application software, the security issues of the Internet has increasingly become the focus. Compared with other network security threats such as network intrusion, viruses, etc, the network resource consumption attacks are reaching a wider, faster attack speed, more destructive. Although this type of network attacks could not control the information system, the service capabilities of information system reduced or lost completely due to the consumption of large quantities of resources, such as memory, computing, bandwidth and so on.
