A Cooperative Mechanism to Defense against Distributed Denial of Service Attacks

  • Authors:
  • Hakem Beitollahi;Geert Deconinck

  • Affiliations:
  • -;-

  • Venue:
  • TRUSTCOM '11 Proceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper proposes a cooperative mechanism to tackle distributed denial of service (DDoS) attacks based on cooperation between the victim server and customer edge routers of the ISPs (internet service providers) that have traffic toward the victim server. The mechanism tackles the attack in three consecutive phases: first, before attack packets can converge to saturate the bandwidth, the victim server through edge routers of its ISP, regulates traffic rate at which traffic load falls below upper bound of its bandwidth (control phase); second, the victim server installs leaky buckets at customer edge routers of all ISPs that have traffic toward it and then, through a feedback control process adjusts the size of leaky buckets appropriately( stabilization phase); third, based on a fingerprint test, the victim server requests those customer edge routers that purely carry good traffic to remove the leaky-bucket and then based on a reference profile fairly adjusts size of leaky-buckets for the remaining customer edge routers such that those routers that carry both good and attack traffic get bigger leaky-bucket sizes compared to those routers that totally carry attack traffic. Simulation results shows that our technique effectively, defenses a victim server against various DDoS attacks.