Browsing by Author "Augustat, David"

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemOpen Access
    Design and implementation of a DDoS defense mechanism based on network QoS models
    (2024) Augustat, David
    Distributed denial-of-service (DDoS) attacks have become increasingly prevalent and disruptive to online services, negatively impacting their availability. Many existing DDoS mitigation methods rely on endpoint defense, leaving network-level interventions at routers underexplored. This work proposes the DPTB DDoS Defense (DDD) mechanism, a novel network-level DDoS defense based on the Dynamic Priority Token Bucket (DPTB) Quality of Service model developed at the University of Stuttgart. DDD mitigates DDoS attacks inside the routers of a network by categorizing hosts into non-attackers, potential attackers, and definitive attackers, with responses that range from de-prioritization to blocking. The mechanism features a TCP SYN flooding protection along with two strategies, Bidirectional DDD and Downstream Reporting, to address downstream-intensive DDoS attacks such as HTTP flooding. To evaluate DDD, we implement it with the OMNeT++ network simulation framework and assess its performance against UDP flooding, TCP SYN flooding, and HTTP flooding attacks. Our findings indicate that DDD outperforms traditional Rate Limiting in all three attack types, effectively mitigating malicious traffic while allowing legitimate packets. The TCP SYN flooding protection proves to be highly effective, leading to nearly perfect discrimination between legitimate and malicious traffic. DDD achieves lower average response times than Rate Limiting for legitimate HTTP requests during an HTTP flooding attack. This work contributes a novel QoS-based DDoS defense mechanism, an implementation of this mechanism in OMNeT++, and a comprehensive analysis, positioning DDD as a viable improvement over existing QoS-based DDoS defenses for mitigating network and transport layer DDoS attacks.
  • Thumbnail Image
    ItemOpen Access
    Design and implementation of a framework to evaluate scheduling algorithms using physical networked control systems
    (2023) Augustat, David
    Networked Control Systems (NCS) are commonly used in industrial applications like telerobotics, smart energy grids, and autonomous vehicles. In many cases, NCS share their network with other participants competing for the available bandwidth. This necessitates scheduling algorithms respecting the time-critical nature of control systems. Scientific evaluations under reproducible conditions are required to assess the performance of a given scheduling algorithm in the context of networked control systems. In this thesis, a framework to evaluate the performance of scheduling algorithms using a physical networked control system is designed and implemented. The framework comprises an inverted pendulum connected to an IEEE 802.3 Ethernet network featuring a software switch. The software switch can be programmed to execute arbitrary scheduling algorithms, significantly simplifying the evaluation process. This thesis explains the framework's design, implementation, and usage in detail. We use the proposed framework to evaluate the Multi-priority Token Bucket scheduling approach (MPTB) designed at the Institute for Parallel and Distributed Systems (IPVS) of University of Stuttgart. This scheduling algorithm dynamically assigns priorities to data streams according to their contract compliance. It is found that MPTB can provide better stability to the inverted pendulum at a lower average data rate than traditional FIFO scheduling. However, we also find that the selection of parameters for MPTB severely impacts the scheduling algorithm's performance. Further, we find that using real cross-traffic to stress the network yields non-deterministic latencies, while simulated delays at the software switch are better suited for reproducible evaluations.