Mitigation of DHCP starvation attack

Husameldin Mukhtar; Khaled Salah; Youssef Iraqi

doi:10.1016/j.compeleceng.2012.06.005

Mitigation of DHCP starvation attack

Husameldin Mukhtar
, Khaled Salah
, Youssef Iraqi

Research output: Contribution to journal › Article › peer-review

24 Scopus citations

Abstract

DHCP starvation attack is an attack that targets DHCP servers whereby forged DHCP requests are crafted by an attacker with the intent of exhausting all available IP addresses that can be allocated by the DHCP server. Under this attack, legitimate network users can be denied service. In this paper, we describe the seriousness of the attack and survey and evaluate existing solutions designed to mitigate such an attack. In addition, we propose a novel mitigation solution. Our solution overcomes the limitations of existing solutions in terms of performance, effectiveness, and flexibility. Our solution is based on dynamic fair allocation of IP addresses and is suitable for unshared and shared (wireless) access networks. We study and analyze the proposed mitigation technique through numerical examples and simulations. Furthermore, simulation results show that our proposed solution is far superior in mitigating DHCP starvation attack when compared to other existing techniques such as fixed allocation and DHCP request rate detection.

Original language	British English
Pages (from-to)	1115-1128
Number of pages	14
Journal	Computers and Electrical Engineering
Volume	38
Issue number	5
DOIs	https://doi.org/10.1016/j.compeleceng.2012.06.005
State	Published - Sep 2012

Access to Document

10.1016/j.compeleceng.2012.06.005

Cite this

@article{fc0ad7413ade42faaa5bfb4782809c31,

title = "Mitigation of DHCP starvation attack",

abstract = "DHCP starvation attack is an attack that targets DHCP servers whereby forged DHCP requests are crafted by an attacker with the intent of exhausting all available IP addresses that can be allocated by the DHCP server. Under this attack, legitimate network users can be denied service. In this paper, we describe the seriousness of the attack and survey and evaluate existing solutions designed to mitigate such an attack. In addition, we propose a novel mitigation solution. Our solution overcomes the limitations of existing solutions in terms of performance, effectiveness, and flexibility. Our solution is based on dynamic fair allocation of IP addresses and is suitable for unshared and shared (wireless) access networks. We study and analyze the proposed mitigation technique through numerical examples and simulations. Furthermore, simulation results show that our proposed solution is far superior in mitigating DHCP starvation attack when compared to other existing techniques such as fixed allocation and DHCP request rate detection.",

author = "Husameldin Mukhtar and Khaled Salah and Youssef Iraqi",

year = "2012",

month = sep,

doi = "10.1016/j.compeleceng.2012.06.005",

language = "British English",

volume = "38",

pages = "1115--1128",

journal = "Computers and Electrical Engineering",

issn = "0045-7906",

publisher = "Elsevier Ltd",

number = "5",

}

TY - JOUR

T1 - Mitigation of DHCP starvation attack

AU - Mukhtar, Husameldin

AU - Salah, Khaled

AU - Iraqi, Youssef

PY - 2012/9

Y1 - 2012/9

N2 - DHCP starvation attack is an attack that targets DHCP servers whereby forged DHCP requests are crafted by an attacker with the intent of exhausting all available IP addresses that can be allocated by the DHCP server. Under this attack, legitimate network users can be denied service. In this paper, we describe the seriousness of the attack and survey and evaluate existing solutions designed to mitigate such an attack. In addition, we propose a novel mitigation solution. Our solution overcomes the limitations of existing solutions in terms of performance, effectiveness, and flexibility. Our solution is based on dynamic fair allocation of IP addresses and is suitable for unshared and shared (wireless) access networks. We study and analyze the proposed mitigation technique through numerical examples and simulations. Furthermore, simulation results show that our proposed solution is far superior in mitigating DHCP starvation attack when compared to other existing techniques such as fixed allocation and DHCP request rate detection.

AB - DHCP starvation attack is an attack that targets DHCP servers whereby forged DHCP requests are crafted by an attacker with the intent of exhausting all available IP addresses that can be allocated by the DHCP server. Under this attack, legitimate network users can be denied service. In this paper, we describe the seriousness of the attack and survey and evaluate existing solutions designed to mitigate such an attack. In addition, we propose a novel mitigation solution. Our solution overcomes the limitations of existing solutions in terms of performance, effectiveness, and flexibility. Our solution is based on dynamic fair allocation of IP addresses and is suitable for unshared and shared (wireless) access networks. We study and analyze the proposed mitigation technique through numerical examples and simulations. Furthermore, simulation results show that our proposed solution is far superior in mitigating DHCP starvation attack when compared to other existing techniques such as fixed allocation and DHCP request rate detection.

UR - https://www.scopus.com/pages/publications/84866361846

U2 - 10.1016/j.compeleceng.2012.06.005

DO - 10.1016/j.compeleceng.2012.06.005

M3 - Article

AN - SCOPUS:84866361846

SN - 0045-7906

VL - 38

SP - 1115

EP - 1128

JO - Computers and Electrical Engineering

JF - Computers and Electrical Engineering

IS - 5

ER -

Mitigation of DHCP starvation attack

Abstract

Access to Document

Other files and links

Fingerprint

Cite this