NIS04-5: Defending Against Meek DDoS Attacks By IP Traceback-based Rate Limiting

Distributed denial-of-service attack is one of major threats to Internet today. Rate limit is an effective countermeasure to defeat rate-related attacks on condition that attackers send more traffics than legitimate users. However, sometimes the real case is opposite, because there may be only subtle rate difference between attackers and legitimate users today. We thoroughly investigate such a "meek" DDoS attack case and provide an elaborate IP traceback-based rate limit algorithm. The simulation results show that our method can better mitigate the meek DDoS attack as well as improve the throughput of legitimate traffic.

[1]  Jun Xu,et al.  IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Defending against Internet DDoS Attacks , 2003, IEEE Trans. Parallel Distributed Syst..

[2]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[3]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[4]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[5]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[6]  David R. Cheriton,et al.  Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks , 2003, ArXiv.

[7]  Liang Feng Using Adaptive Router Throttles Against Distributed Denial-of-Service Attacks , 2002 .

[8]  Jelena Mirkovic,et al.  Distributed Defense Against DDoS Attacks , 2004 .

[9]  Zheng Xiao,et al.  O2-DN: An Overlay-based Distributed Rate Limit Framework to Defeat DDoS Attacks , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[10]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[11]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[12]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[13]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[14]  Vern Paxson,et al.  An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[15]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.