A Cross-Layer Approach for Mitigating Denial of Service Attacks: Device-Driver Packet Filter and Remote Firewalling

This paper presents two methods to mitigate distributed denial of service attacks and flash crowds: device driver level packet filtering and remote firewall. Device driver level packet filtering is designed to eliminate harmful network traffic before it consumes the processing resource for higher network protocol layers at a production server. The remote firewall is designed with a cross-layer control to protect access links from DDoS attacks by dropping potentially harmful network traffic before they get into the link. A proof-of-concept model for the remote firewall was developed to demonstrate its feasibility. Our performance study showed that the device driver level filtering processed approximately 2.5 times more packets than the IP level filtering at 200,000 packets per second while 75% of the traffic was attacking packets. This demonstrated that executing packet filtering at the device driver would be effective under intense DDoS attacks and heavy flash crowds.