Unfair rate limiting for DDoS mitigation based on traffic increasing patterns

Distributed Denial of Service (DDoS) attacks pose a significant threat to network applications. Many countermeasures have been proposed to tackle such attacks. This paper focuses on DDoS mitigation techniques, the practical way to filter attack traffic and keep victims alive. To rate limit attack traffic with as little normal traffic affected as possible, not just the amount of increased volume, but also how increased traffic is propagated in the network, denoted by traffic increasing patterns, is considered. In this paper, we propose unfair rate limiting (URL), in which traffic aggregates are given different priority by extracting increasing patterns and analyzing their relationship with DDoS attacks. Aggregates more likely to include attacks traffic are punished harder during mitigation. Two URL mechanisms are presented, Local URL (LoURL) and Collaborative URL (CoURL). LoURL works locally, while CoURL deals with locally indeterminate patterns based on global information, and thus achieves more effective mitigation. We evaluate the performance of proposed mechanisms through simulation. The simulation results show that both LoURL and CoURL can effectively mitigate DDoS attacks. CoURL outperforms LoURL with regard to the percentage of filtered attack traffic.