Title :
A Distributed Defense Framework for Flooding-Based DDoS Attacks
Author :
You, Yonghua ; Zulkernine, Mohammad ; Haque, Anwar
Author_Institution :
Sch. of Comput., Queen´´s Univ., Kingston, ON
Abstract :
A flooding-based distributed denial of service (DDoS) attack sends a large amount of unwanted traffic to a victim machine. Existing network-level congestion control mechanisms are inadequate in preventing service quality from deteriorating because of these attacks. We propose a distributed framework to defend against DDoS attacks. It has three major components: detection, traceback, and traffic control. We present the traffic control component in detail in this paper. A distance-based rate limit mechanism is proposed to allow the traffic control component at the victim end request the defense systems at the source end to set up rate limits on the edge routers of the attack source ends. This rate limit mechanism efficiently reduces attack traffic from being forwarded to the victim. We evaluate the DDoS defense framework using the NS2 platform. The results demonstrate that the framework can effectively control attack traffic to sustain quality of service for legitimate traffic compared to the pushback technique.
Keywords :
distributed processing; quality of service; security of data; distributed defense framework; distributed denial of service; flooding-based DDoS attacks; network-level congestion control; service quality; traffic control; Aggregates; Availability; Communication system traffic control; Computer crime; Distributed computing; History; Internet; Protection; Quality of service; Traffic control; Distributed Denial of Service; Intrusion Detection; Unwanted Traffic;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.69
