完整後設資料紀錄
DC 欄位語言
dc.contributor.authorChen, Hsia-Hsiangen_US
dc.contributor.authorLee, Chien-Huaen_US
dc.contributor.authorHuang, Shih-Kunen_US
dc.date.accessioned2017-04-21T06:55:56Z-
dc.date.available2017-04-21T06:55:56Z-
dc.date.issued2016-11en_US
dc.identifier.issn1016-2364en_US
dc.identifier.urihttp://hdl.handle.net/11536/132850-
dc.description.abstractAnomalous traffic volume can be used for identifying network threats and faults. Denial of service (DoS) and quality of service (QoS) are two contrasting problems of anomalous network traffic. DoS exploits malicious traffic to hinder service availability to normal users, whereas QoS determines if the service provision quality has reached the preset agreement. This paper proposes a unified ant agent framework for identifying the source of these problems: IP traceback for DoS attacks and fault localization for QoS violations. Numerous studies have investigated IP traceback techniques for identifying spoofed IP addresses of attackers. These techniques can identify the attack path from the victim to the attacker. Metaheuristic algorithms that consider slight increments in traffic volume (SITV) are rarely studied for solving the IP traceback problem of DoS attacks. We investigated the malicious and nonmalicious situations for the QoS attack and QoS fault localization problem. This paper proposes a novel ant colony optimization (AGO) method for fast filtering, DoS threat source identification, and QoS fault localization (unified threat identification and fault localization by using ACO, UTFACO). The UTFACO framework was compared with the probabilistic packet marking approach and conventional ant system algorithms. We compared the efficiency of UTFACO with and without a bloom filter (BF). The framework was verified in the QoS attack and QoS fault experiment environments. This study showed that attack or fault detection and identification procedures can be designed and implemented practically. The tests used the dataset of the network topology from the DARPA repository with two cases: one is a general experiment, and the other has various levels of SITV. Perfect accuracy can be achieved for the general experiment, and more than 90% accuracy can be obtained for various levels of SITV. The datasets of the QoS attack and QoS fault were obtained from a real network. Precise fault localization is achieved due to the high detection rate obtained. The results show that UTFACO is an efficient and accurate framework. Moreover, the computation time is considerably reduced by using UTFACO with the BF, and the time is less than five seconds in the framework. Our proposed framework is robust and can solve the problem of identifying the IP address of an attacker and detecting the fault location.en_US
dc.language.isoen_USen_US
dc.subjectIP tracebacken_US
dc.subjectmetaheuristic algorithmen_US
dc.subjectdenial of service (DoS)en_US
dc.subjectquality of service (QoS)en_US
dc.subjectprobabilistic packet marking (PPM)en_US
dc.subjectant system (AS)en_US
dc.subjectbloom filter (BF)en_US
dc.titleA Unified Ant Agent Framework for Solving DoS and QoS Problemsen_US
dc.identifier.journalJOURNAL OF INFORMATION SCIENCE AND ENGINEERINGen_US
dc.citation.volume32en_US
dc.citation.issue6en_US
dc.citation.spage1397en_US
dc.citation.epage1434en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.department資訊技術服務中心zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.contributor.departmentInformation Technology Services Centeren_US
dc.identifier.wosnumberWOS:000388542900001en_US
顯示於類別:期刊論文