A dynamic rate limiting mechanism for flooding based Distributed Denial of service attack

The Distributed Denial of service attack is the most threatening attack to the current internet security. DDOS can be attempted by many different techniques but flooding is the easiest way of attempting it. In this paper we have proposed the dynamic bandwidth control framework which detects and defend DDOS attack very quickly and efficiently by using rate limiting mechanism. The proposed defense system is distributed in nature because it is deployed on all edge routers of the network. The proposed dynamic bandwidth control approach penalize the different routers with different rate limit valued based on current traffic at victim end and source end and the packet drop history. The routers sending aggressive traffic will be penalize with lower rate limit value and with moderate traffic will be penalize with higher rate limit value. The propose system is compare with existing distributed defense framework and implemented with existing network simulator NS2.The experimental results are showing that the proposed dynamic bandwidth control system perform better than the distributed framework.