Unified rate limiting in broadband access networks for defeating internet worms and DDoS attacks

Authors:
Keun Park;Dongwon Seo;Jaewon Yoo;Heejo Lee;Hyogon Kim
Affiliations:
Division of Computer and Communication Engineering, Korea University, Seoul, Korea;Division of Computer and Communication Engineering, Korea University, Seoul, Korea;Division of Computer and Communication Engineering, Korea University, Seoul, Korea;Division of Computer and Communication Engineering, Korea University, Seoul, Korea;Division of Computer and Communication Engineering, Korea University, Seoul, Korea
Venue:
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Year:
2008

Citing 10
Cited 0

Controlling high bandwidth aggregates in the network

ACM SIGCOMM Computer Communication Review
SOS: secure overlay services

Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Attacking DDoS at the Source

ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Throttling Viruses: Restricting propagation to defeat malicious mobile code

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Slowing Down Internet Worms

ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Worm Epidemics in High-Speed Networks

Computer
Protect E-Commerce against DDoS Attacks with Improved D-WARD Detection System

EEE '05 Proceedings of the 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE'05) on e-Technology, e-Commerce and e-Service
Inferring Internet denial-of-service activity

ACM Transactions on Computer Systems (TOCS)
MULTOPS: a data-structure for bandwidth attack detection

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Empirical analysis of rate limiting mechanisms

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Internet worms and DDoS attacks are considered the two most menacing attacks on today's Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.