Title :
NIS04-5: Defending Against Meek DDoS Attacks By IP Traceback-based Rate Limiting
Author :
Jing, Yinan ; Wang, Xueping ; Xiao, Xiaochun ; Zhang, Gendu
Author_Institution :
Sch. of Inf. Sci. & Eng., Fudan Univ., Shanghai
fDate :
Nov. 27 2006-Dec. 1 2006
Abstract :
Distributed denial-of-service attack is one of major threats to Internet today. Rate limit is an effective countermeasure to defeat rate-related attacks on condition that attackers send more traffics than legitimate users. However, sometimes the real case is opposite, because there may be only subtle rate difference between attackers and legitimate users today. We thoroughly investigate such a "meek" DDoS attack case and provide an elaborate IP traceback-based rate limit algorithm. The simulation results show that our method can better mitigate the meek DDoS attack as well as improve the throughput of legitimate traffic.
Keywords :
IP networks; telecommunication security; telecommunication traffic; IP traceback-based rate limiting; distributed denial-of-service attack; legitimate traffic; meek DDoS attacks; rate-related attacks; Aggregates; Algorithm design and analysis; Computer crime; Floods; Information science; Internet; Protection; Resource management; Throughput; Traffic control;
Conference_Titel :
Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE
Conference_Location :
San Francisco, CA
Print_ISBN :
1-4244-0356-1
Electronic_ISBN :
1930-529X
DOI :
10.1109/GLOCOM.2006.283
