Abstract
We study the problem of fully mitigating the effects of denial of service by filtering the minimum necessary set of the undesirable flows. First, we model this problem and then we concentrate on a subproblem where every good flow has a bottleneck. We prove that unless \(\text {P}= \text {NP}\), this subproblem is inapproximable within factor \(2^{\log ^{1 - 1/\log \log ^c (n)}(n)}\), for \(n = \left| E \right| + \left| GF \right| \) and any \(c < 0.5\). We provide a \(b (k + 1)\)-factor polynomial approximation, where k bounds the number of the desirable flows that a desirable flow intersects, and b bounds the number of the undesirable flows that can intersect a desirable one at a given edge. Our algorithm uses the local ratio technique.
S. Trajanovski—The research was started while S.T. was with the University of Amsterdam. He is now with Philips Research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In our case, these are the incidence vectors of the bad flows that, if filtered, would allow assigning the good flows the maximum possible total value. Thus, we have \(D \subseteq \mathbb {N}^n\).
- 2.
We use the unweighted set cover, where each set has the same importance, because it has the same hardness results as the weighted version.
- 3.
Did we reduce the weighted SC, we would define it to be the weight of the respective set.
References
Agarwal, S., Kodialam, M.S., Lakshman, T.V.: Traffic engineering in software defined networks. In: INFOCOM, pp. 2211–2219. IEEE (2013)
Akyildiz, I.F., Lee, A., Wang, P., Luo, M., Chou, W.: A roadmap for traffic engineering in SDN-openflow networks. Comput. Netw. 71, 1–30 (2014)
Bar-Noy, A., Bar-Yehuda, R., Freund, A., Naor, J., Shieber, B.: A unified approach to approximating resource allocation and scheduling. J. ACM 48(5), 1069–1090 (2001)
Bar-Yehuda, R., Even, S.: A local-ratio theorem for approximating the weighted vertex cover problem. North-Holland Math. Stud. 109, 27–45 (1985)
Bar-Yehuda, R., Bendel, K., Freund, A., Rawitz, D.: Local ratio: a unified framework for approximation algorithms. In memoriam: shimon even 1935–2004. ACM Comput. Surv. 36(4), 422–463 (2004)
Bertsekas, D.P.: Gallager: Data Networks, 2nd edn. Prentice-Hall, Englewood Cliffs (1992)
Bondy, J., Murty, U.: Graph Theory with Applications. North Holland, New York (1976)
Cormen, T., Leiserson, C., Rivest, R., Stein, C.: Introduction to Algorithms, 3rd edn. MIT Press, Cambridge (2009)
Dinur, I., Safra, S.: On the hardness of approximating label-cover. Inf. Process. Lett. 89(5), 247–254 (2004)
Even, S., Itai, A., Shamir, A.: On the complexity of time table and multi-commodity flow problems. In: Proceedings of the 16th Annual Symposium on Foundations of Computer Science (SFCS 1975), pp. 184–193. IEEE Computer Society, Washington (1975)
Ferguson, P., Senie, D.: Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing (1998)
Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman & Co., New York (1979)
Italiano, G.F.: Finding paths and deleting edges in directed acyclic graphs. Inf. Process. Lett. 28(1), 5–11 (1988)
Khuller, S., Thurimella, R.: Approximation algorithms for graph augmentation. J. Algorithms 14(2), 214–225 (1993)
Kleinberg, J., Tardos, E.: Algorithm Design. Addison-Wesley Longman Publishing Co., Inc., Boston (2005)
Koning, R., de Graaff, B., de Laat, C., Meijer, R., Grosso, P.: Interactive analysis of SDN-driven defence against distributed denial of service attacks. In: 2016 IEEE NetSoft Conference and Workshops (NetSoft), pp. 483–488, June 2016
Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security). Prentice Hall PTR, Upper Saddle River (2004)
Mirkovic, J., Reiher, P.: A taxonomy of DDOS attack and DDOS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Rodrigue, J.P.: The Geography of Transport Systems, 4th edn. Routledge, New York (2017)
Vazirani, V.: Approximation Algorithms. Springer (2001)
Yannakakis, M.: Node-and edge-deletion NP-complete problems. In: Proceedings of the Tenth Annual ACM Symposium on Theory of Computing (STOC 1978), pp. 253–264. ACM, New York (1978)
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)
Acknowledgments
This research is funded by the Dutch Science Foundation project SARNET (grant no: CYBSEC.14.003/618.001.016).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Polevoy, G., Trajanovski, S., Grosso, P., de Laat, C. (2017). Filtering Undesirable Flows in Networks. In: Gao, X., Du, H., Han, M. (eds) Combinatorial Optimization and Applications. COCOA 2017. Lecture Notes in Computer Science(), vol 10627. Springer, Cham. https://doi.org/10.1007/978-3-319-71150-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-71150-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71149-2
Online ISBN: 978-3-319-71150-8
eBook Packages: Computer ScienceComputer Science (R0)