Mitigating Distributed Denial of Service Attacks Using a Proportional-Integral-Derivative Controller

Distributed Denial of Service (DDoS) attacks exploit the availability of servers and routers, resulting in the severe loss of their connectivity. We present a distributed, automated response model that utilizes a Proportional-Integral-Derivative (PID) controller to aid in handling traffic flow management. PID control law has been used in electrical and chemical engineering applications since 1934 and has proven extremely useful in stabilizing relatively unpredictable flows. This model is designed to prevent incoming traffic from exceeding a given threshold, while allowing as much incoming, legitimate traffic as possible. In addition, this model focuses on requiring less demanding modifications to external routers and networks than other published distributed response models that impact the effect of DDoS attacks.

[1]  Cheng-Ching Yu Autotuning of PID Controllers , 1999 .

[2]  Dong Lin,et al.  IP packet generation: statistical models for TCP start times based on connection-rate superposition , 2000, SIGMETRICS '00.

[3]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[4]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[5]  Xiaoyan Hong,et al.  A group mobility model for ad hoc wireless networks , 1999, MSWiM '99.

[6]  Daniel Massey,et al.  On design and evaluation of "intention-driven" ICMP traceback , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[7]  Michael G. Safonov,et al.  Automatic PID tuning: an application of unfalsified control , 1999, Proceedings of the 1999 IEEE International Symposium on Computer Aided Control System Design (Cat. No.99TH8404).

[8]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[9]  Michael G. Safonov,et al.  The unfalsified control concept and learning , 1994, Proceedings of 1994 33rd IEEE Conference on Decision and Control.

[10]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[11]  Parag Pruthi,et al.  Chaotic Maps As Models of Packet Traffic , 1994 .

[12]  Luigi Rizzo,et al.  Dummynet: a simple approach to the evaluation of network protocols , 1997, CCRV.

[13]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[14]  Karl Johan Åström,et al.  PID Controllers: Theory, Design, and Tuning , 1995 .

[15]  Brett Wilson,et al.  Autonomic Response to Distributed Denial of Service Attacks , 2001, Recent Advances in Intrusion Detection.

[16]  Kin K. Leung,et al.  Traffic models for wireless communication networks , 1994, IEEE J. Sel. Areas Commun..

[17]  Douglas S. Reeves,et al.  Preventing denial of service attacks on quality of service , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[18]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[19]  Kathleen S. Meier-Hellstern,et al.  TRAFFIC MODELS FOR ISDN DATA USERS: OFFICE AUTOMATION APPLICATION , 1991 .

[20]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[21]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).