Date of Award


Document Type


Degree Name

Master of Science (MS)

Legacy Department

Computer Science

Committee Chair/Advisor

Martin, James

Committee Member

Grossman , Harold

Committee Member

Smotherman , Mark


Over 48 million end users worldwide utilize cable modems as their means of accessing the Internet at high speeds. The United States accounts for 54% of those users. Networks which provide access via cable modems utilize Data Over Cable Service Interface Specifications (DOCSIS) as their means of network management. As availability to the Internet increases (especially at high speeds supported by broadband access), so does the opportunity for malicious activity against users utilizing the Internet. Denial-of-service (DoS) attacks are one form of malicious activity and one of the most common. In commonplace Ethernet-based wired networks, a DoS attack requires relatively high levels of computing and network resources to successfully deny service. In DOCSIS-based networks, high levels of computing and network resources aren't mandatory in order to sufficiently degrade a network segment, especially when the objective of the attack is to reduce the quality of Voice over Internet Protocol (VoIP) sessions. This phenomenon hinges on the Media Access Control layer protocol employed by DOCSIS used for managing access to the upstream transmission medium. Utilizing NS, a discrete event network simulator, we define and analyze a DoS attack that specifically targets DOCSISbased networks. The attack consumes a small portion of the downstream bandwidth available over a cable network but can severely impact upstream performance. While the DoS attack can have any objective, we focus on an attack on best effort VoIP sessions. The implications of this phenomenon are widespread as end users looking for cost-saving voice telecommunications services migrate to best effort VoIP such as provided by Vonage. The iii contribution of this research is the formulation of a DoS attack that exploits the relatively inefficient upstream channel in a DOCSIS system and analysis of the attack which explores the impact of the two attack parameters on VoIP performance. Those two attack parameters are the number of nodes attacked and the frequency at which each node is attacked.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.