A Cooperative Mechanism to Defense against Distributed Denial of Service Attacks

This paper proposes a cooperative mechanism, to tackle distributed denial of service (DDoS) attacks based on cooperation between the victim server and customer edge routers of the ISPs (internet service providers) that have traffic toward the victim server. The mechanism tackles the attack in three consecutive phases: first, before attack packets can converge to saturate the bandwidth, the victim server through edge routers of its ISP, regulates traffic rate at which traffic load falls below upper bound of its bandwidth (control phase); second, the victim server installs leaky- buckets at customer edge routers of all ISPs that have traffic toward it and then, through a feedback- control process adjusts the size of leaky buckets appropriately (stabilization phase); third, based on a finger- print test, the victim server requests those customer edge routers that purely carry good traffic to remove the leaky-bucket and then based on a reference profile fairly adjusts size of leaky-buckets for the remaining customer edge routers such that those routers that carry both good and attack traffic get bigger leaky-bucket sizes compared to those routers that totally carry attack traffic. Simulation results shows that our technique effectively, defenses a victim server against various DDoS attacks.