Title :
Unfair rate limiting on traffic aggregates for DDoS attacks mitigation
Author :
Fei Wang ; Xiaofeng Hu ; Xiaofeng Wang ; Jinshu Su ; Xicheng Lu
Author_Institution :
Sch. of Comput., Nat. Univ. of Defense Technol., Changsha, China
Abstract :
Distributed Denial of Service (DDoS) attacks pose a threat to network applications. Many countermeasures have been proposed to tackle such attacks. This paper focuses on DDoS mitigation techniques, the practical way to filter attack traffic and keep victims alive. To rate limit attack traffic with as little normal traffic affected as possible, not just the amount of increased volume, but also how increased traffic is propagated in the network, denoted by traffic increasing patterns, is considered. In this paper, we propose unfair rate limiting (URL), in which traffic aggregates are given different priority by extracting increasing patterns and analyzing their relationship with DDoS attacks. Aggregates more likely to include attacks traffic are punished harder during mitigation. Basic and fine-grained unfair rate limiting mechanisms (BURL and FURL) are presented upon port-flows and bitwise-flows, respectively. Simulation results show that both two mechanisms can effectively mitigate DDoS attacks. But FURL outperforms BURL in filtering attack traffic without dropping normal packets.
Keywords :
computer network security; telecommunication traffic; BURL; DDoS attack mitigation; FURL; basic unfair rate limiting mechanism; bitwise-flows; distributed denial-of-service attack; fine-grained unfair rate limiting mechanism; limit attack traffic; port-flows; traffic aggregates; DDoS mitigation; traffic increasing pattern; traffic priority; unfair rate limiting;
Conference_Titel :
Information Science and Control Engineering 2012 (ICISCE 2012), IET International Conference on
Conference_Location :
Shenzhen
Electronic_ISBN :
978-1-84919-641-3
DOI :
10.1049/cp.2012.2448
