RCS: a distributed mechanism against link flooding DDoS attacks

Authors:
Yong Cui;Lingjian Song;Ke Xu
Affiliations:
Department of Computer Science and Technology, Tsinghua University, Beijing, P.R China;Department of Computer Science and Technology, Tsinghua University, Beijing, P.R China;Department of Computer Science and Technology, Tsinghua University, Beijing, P.R China
Venue:
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Year:
2006

Citing 10
Cited 0

Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
An algebraic approach to IP traceback

ACM Transactions on Information and System Security (TISSEC)
An analysis of using reflectors for distributed denial-of-service attacks

ACM SIGCOMM Computer Communication Review
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites

Proceedings of the 11th international conference on World Wide Web
Controlling high bandwidth aggregates in the network

ACM SIGCOMM Computer Communication Review
Denial-of-Service Attacks Rip the Internet

Computer
Detecting Anomalous and Unknown Intrusions Against Programs

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Pi: A Path Identification Mechanism to Defend against DDoS Attacks

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Hop-count filtering: an effective defense against spoofed DDoS traffic

Proceedings of the 10th ACM conference on Computer and communications security
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

Quantified Score

Hi-index	0.00

Visualization

Abstract

DoS/DDoS attacks especially the Link Flooding have exerted severe threat on Internet In this paper we propose a novel mechanism called Rate Control System (RCS) against Link Flooding based on the correlation analysis of upper link flows According to the feature of aggregate in DDoS attack, RCS takes DDoS attack problem as a way of flow control to simplify the situation and deploys the flow controller at the routers near the victims As the key point of our mechanism, an algorithm is designed to differentiate the malicious packets and the normal ones and we classify the packets according to TCP flags in order to tell different flows apart In addition we detect the malicious aggregate using correlation analysis to make clear the type and the location of the attack Simulation results demonstrate the performance for detecting the Link Flooding DDoS attacks.