Counteract SYN flooding using second chance packet filtering
Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication
Hi-index | 0.00 |
The one of the biggest barrier that hinders Internetdevelopment is security problem caused by malicious user.In this paper, we deal with Distributed Denial of Service(DDoS) attacks that monopolize network resource, thusresult in network or system congestion. Under DDoSattack, it's very difficult to provide legitimate users withtheir fair share of available network resource. This paperproposes MF (Minority First) as a traffic metering andcontrol scheme that can provide quick weakness of DDoSattack, while protecting legitimate user's traffic. The keyidea of MF scheme is to provide good quality of service(QoS) to sources that use the network resource properlyand poor QoS to sources that use network resource soexcessively as to result in network congestion. MFscheme is composed of both source-traffic-trunk basedmetering and queue mapping mechanism for controllingmalicious DDoS traffic and legitimate traffic. To showour scheme's excellence, its performance is measured andcompared with that of the existing queuing services andstatic rate-limit through simulation.