Browse > Article

Protecting E-mail Server with Class-Based Rate Limiting Technique  

Yim, Kang-Bin (Dept. of Information Security Engineering, Soon chunhyang university)
Lee, Chang-Hee (LG electronics)
Kim, Jong-Su (SNETSYSTEMS INC.)
Choi, Kyung-Hee (School of Information and Computer Engineering, Ajou University)
Jung, Gi-Hyun (School of Electrical and Electronics Engineering, Ajou University)
Publication Information
Journal of the Institute of Electronics Engineers of Korea TC / v.41, no.6, 2004 , pp. 17-24 More about this Journal
Abstract
This paper proposes an efficient technique to protect e-mail server from DDoS attack using the CBQ (Class Based Queuing) algorithm The proposed method classifies incoming trafic to an e-mail server into three classes: 'more important mail traffic', 'less important traffic' and 'unknown traffic' and assigns bandwidths differently to the traffics. By differentiating the bandwidths of classes, normal mail traffic may flow even under DDoS attack in the proposed technique. The proposed technique is implemented on an embedded system which hires a switching processor with the WFHBD(Weighted Fair Hashed Bandwidth Distribution) engine that has been known as an efficient algorithm to distribute a given bandwidth to multiple sources, and it is verified that it can be an efficient way to protect e-mail server from DDoS attack.
Keywords
Bandwidth rate limiting; E-mail; Queue scheduling; WFHBD; Class; DDoS;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Jason Barlow and Woody Thrower, 'TFN2K An Analysis', AXENT Security Team, February 10, 2000
2 L. Garber, 'Denial-of-Service Attack Rip the Internet', Computer, April, 2000   DOI   ScienceOn
3 문종욱, 김종수, 임강빈, 정기현, 최경희, 'IDS의 성능 향상을 위한 패킷 폐기 방안', 정보처리학회논문지, 제9-C권 제4호, 2002.06   과학기술학회마을   DOI
4 Bonaventure, Olivie. 'Packet Level Traffic Control Mechanisms', http://enligne.infonet.fundp.ac.be/coursenligne/cours/00-01/INF02231/INF022312.big/index.htm, 2000
5 중앙일보, '미디어 리포트-인터넷', http://ad.joins.com/trend/internet-1.asp
6 Networks Associates Technology, Inc., 'Sniffer Pro Getting Started Guide', http://www.sniffer.com
7 Naval Research Laboratory, 'MGEN 3.2 User's Guide', http://manimac.itd.nrl.navy.mil/MGEN/MgenUserGuide.html
8 Bennett, J. and Zhang,H. 'Hierarchical Packet Fair Queuing Algorithms ', proc. ACM SIGCOMM'96, August 1996
9 Demers, A. Keshav, S., and Shenker, S. 'Analysis and Simulation of a Fair-queuing Algorithm.', Proc. ACM SIGCOMM'89, 1989   DOI
10 Chuck Semeria ,'Supporting Differentiated Service Classes : Queue Scheduling Disciplines', Jupiter Networks Inc, pp. 4-25, 2002
11 T.Gil and M.Poletto, 'MULTOPS: a data-structure for bandwidth attack detection', Vrije Universiteit, Amsterdam, The Netherlands and M.I.T., Cambridge, MA, USA, 2001
12 Switchcore Inc, 'CXE-1000 Data Sheet', pp.1-5, May 3, 2002
13 Switchcore Inc, 'Bandwidth Distribution in the CXE Switch', January, pp.10-25 , 2002
14 Hyun-Suk Lee, Soojuong Lee, Huisug Jung, Kyunghee Choi, Gihyun Jung, Joongsoon Jang, 'Protecting Mail Server using the CBT algorithm', SSGRR Computer & Internet Conference, pp.1-2, July, 2002
15 김주영, 윤상인, 이용학, 이정훈, 전현철, 정현우 공역, '해커스 비웨어', 사이텍 미디어, pp. 208 212, 2002
16 Huitema, Christian, 'Routing in the Internet', Prentice Hall PTR, January, 2000
17 Kleinrock L., 'Queuing Systems', John Wiley & Sons, 1975