Unfair rate limiting on traffic aggregates for DDoS attacks mitigation

Distributed Denial of Service (DDoS) attacks pose a threat to network applications. Many countermeasures have been proposed to tackle such attacks. This paper focuses on DDoS mitigation techniques, the practical way to filter attack traffic and keep victims alive. To rate limit attack traffic with as little normal traffic affected as possible, not just the amount of increased volume, but also how increased traffic is propagated in the network, denoted by traffic increasing patterns, is considered. In this paper, we propose unfair rate limiting (URL), in which traffic aggregates are given different priority by extracting increasing patterns and analyzing their relationship with DDoS attacks. Aggregates more likely to include attacks traffic are punished harder during mitigation. Basic and fine-grained unfair rate limiting mechanisms (BURL and FURL) are presented upon port-flows and bitwise-flows, respectively. Simulation results show that both two mechanisms can effectively mitigate DDoS attacks. But FURL outperforms BURL in filtering attack traffic without dropping normal packets.