Abstract: A device and method of routing traffic in a network by receiving the network, assigning a maximum temperature value to gateway nodes, calculating temperature values for router nodes, determining self-utilization values for nodes, determining neighborhood-utilization values for router nodes, determining pressure values for gateway nodes, determining pressure values for router nodes, identifying router node sent traffic, identifying neighboring nodes having higher temperatures than router node, identifying neighboring node with lowest pressure value, sending traffic to neighboring node with lowest pressure value, and stopping if the neighboring node is a gateway node, otherwise identifying the node as a router node and returning to the step of finding neighboring nodes.

Abstract: A denial-of-service network attack detection system is deployable in single-homed and multi-homed stub networks. The detection system maintains state information of flows entering and leaving the stub domain to determine if exiting traffic exceeds traffic entering the system. Monitors perform simple processing tasks on sampled packets at individual routers in the network at line speed and perform more intensive processing at the routers periodically. The monitors at the routers form an overlay network and communicate pertinent traffic state information between nodes. The state information is collected and analyzed to determine the presence of an attack.

Abstract: An estimate of a portion of network traffic that is nonconforming to a communication transmission control protocol is used to signal that a distributed denial of service attack may be occurring. Traffic flows are aggregated and packets are intentionally dropped from the flow aggregate in accordance with an assigned perturbation signature. The flow aggregates are observed to determine if the rate of arrival of packets that have a one-to-one transmission correspondence with the dropped packets are similarly responsive to the perturbation signature. By assigning orthogonal perturbation signatures to different routers, multiple routers may perform the test on the aggregate and the results of the test will be correctly ascertained at each router. Nonconforming aggregates may be redefined to finer granularity to determine the node on the network that is under attack, which may then take mitigating action.

Abstract: In a communication network, the responsiveness of the transmission rate of data packets to packet drops is quantified for an aggregate of flows as opposed to on a per-flow basis. In an Aggregate Perturbation Method (APM), a small number of data packets is intentionally dropped from the aggregate at a switching node and a response thereto is measured. Traffic not conforming to the predetermined transmission control protocol may be discovered as a decrement in the reduction in traffic rate compared to that anticipated based on the rate of dropped packets. To prevent interference from the simultaneous application of APM at multiple switching nodes, an orthogonal drop rate signature defining the instantaneous drop rate is assigned thereto. The orthogonal drop rate signature is based on the code division multiple access (CDMA) coding of data, and for that reason, APM with the application of orthogonal drop rate signatures is termed CDMA-based APM, or CAPM.

Abstract: A denial-of-service network attack detection system is deployable in single-homed and multi-homed stub networks. The detection system maintains state information of flows entering and leaving the stub domain to determine if exiting traffic exceeds traffic entering the system. Monitors perform simple processing tasks on sampled packets at individual routers in the network at line speed and perform more intensive processing at the routers periodically. The monitors at the routers form an overlay network and communicate pertinent traffic state information between nodes. The state information is collected and analyzed to determine the presence of an attack.

Abstract: Multiple paths in a communication network are provided between at least one source node and at least one destination node. The network arrangement may thus support either unicast transmission of data or multicast transmission. Measurements are made at nodes of the network to determine a partial network cost for data traversing the links in the multiple paths. An optimization procedure determines a distribution of the network traffic over the links between the at least one source node and the at least one destination node that incurs the minimum network cost.

Abstract: An estimate of a portion of network traffic that is nonconforming to a communication transmission control protocol is used to signal that a distributed denial of service attack may be occurring. Traffic flows are aggregated and packets are intentionally dropped from the flow aggregate in accordance with an assigned perturbation signature. The flow aggregates are observed to determine if the rate of arrival of packets that have a one-to-one transmission correspondence with the dropped packets are similarly responsive to the perturbation signature. By assigning orthogonal perturbation signatures to different routers, multiple routers may perform the test on the aggregate and the results of the test will be correctly ascertained at each router. Nonconforming aggregates may be redefined to finer granularity to determine the node on the network that is under attack, which may then take mitigating action.

Abstract: In a communication network, the responsiveness of the transmission rate of data packets to packet drops is quantified for an aggregate of flows as opposed to on a per-flow basis. In an Aggregate Perturbation Method (APM), a small number of data packets is intentionally dropped from the aggregate at a switching node and a response thereto is measured. Traffic not conforming to the predetermined transmission control protocol may be discovered as a decrement in the reduction in traffic rate compared to that anticipated based on the rate of dropped packets. To prevent interference from the simultaneous application of APM at multiple switching nodes, an orthogonal drop rate signature defining the instantaneous drop rate is assigned thereto. The orthogonal drop rate signature is based on the code division multiple access (CDMA) coding of data, and for that reason, APM with the application of orthogonal drop rate signatures is termed CDMA-based APM, or CAPM.