Title :
Optimal control of DDoS defense with multi-resource max-min fairness
Author :
Wei, Wei ; Dong, Yabo ; Lu, Dongming ; Jin, Guang
Author_Institution :
Coll. of Comput. Sci. & Technol., Zhejiang Univ., Hangzhou
Abstract :
Distributed defense of DDoS (Distributed Denial of Service) attack has been extensively researched in recent years and control-based defense is a hopeful way. However, existed methods only deal with bandwidth protection. The paper takes defense of DDoS flood as a kind of Processing and Bandwidth Resources allocation and solves it using control theory. Our defense mechanism FFDRF (Feedback Filtering with Dual-Resource Fairness) sets up filters in edge routers of AS and adjusts the filtering thresholds through feedback between these routers and the victim. The simulation results show that FFDRF can make the legitimate traffic keep high survival rate while is stable and converges quickly even in case of heterogeneous flow sources and link conditions. Compared with level-k max-min fairness defense, FFDRF is more effective against CPU-consuming flood. And an implementation of FFDRF in a linux router indicates that FFDRF is feasible in real-life routers.
Keywords :
Internet; bandwidth allocation; feedback; minimax techniques; optimal control; telecommunication network routing; telecommunication security; telecommunication traffic; DDoS defense attack; FFDRF mechanism; Internet security; bandwidth protection; distributed denial of service; feedback filtering-with-dual-resource fairness; multiresource max-min fairness; optimal control; resources allocation; Bandwidth; Computer crime; Control theory; Feedback; Filtering; Filters; Floods; Optimal control; Protection; Resource management; DDoS; filtering; max-min fairness;
Conference_Titel :
Cybernetics and Intelligent Systems, 2008 IEEE Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-1673-8
Electronic_ISBN :
978-1-4244-1674-5
DOI :
10.1109/ICCIS.2008.4670732
