RCS: A Distributed Mechanism Against Link Flooding DDoS Attacks

Cui, Yong; Song, Lingjian; Xu, Ke

doi:10.1007/11919568_76

Yong Cui¹⁸,
Lingjian Song¹⁸ &
Ke Xu¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3961))

Included in the following conference series:

International Conference on Information Networking

823 Accesses
1 Citations

Abstract

DoS/DDoS attacks especially the Link Flooding have exerted severe threat on Internet. In this paper we propose a novel mechanism called Rate Control System (RCS) against Link Flooding based on the correlation analysis of upper link flows. According to the feature of aggregate in DDoS attack, RCS takes DDoS attack problem as a way of flow control to simplify the situation and deploys the flow controller at the routers near the victims. As the key point of our mechanism, an algorithm is designed to differentiate the malicious packets and the normal ones and we classify the packets according to TCP flags in order to tell different flows apart. In addition we detect the malicious aggregate using correlation analysis to make clear the type and the location of the attack. Simulation results demonstrate the performance for detecting the Link Flooding DDoS attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Ghosh, A.K., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proceedings of the 14th Annual Computer Security Applications Conference
Google Scholar
Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial of Service Activity. In: Proceedings of USENIX Security Symposium (August 2001)
Google Scholar
Garber, L.: Denial-of-service attack rip the internet. IEEE Computer (April 2000)
Google Scholar
Yaar, A.: Pi: A path identification mechanism to defend against ddos attacks. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA (May 2003)
Google Scholar
Wang, H., Zhang, D., Shin, K.: Detecting SYN flooding attacks. In: Proceedings of IEEE INFOCOM, June 2002, pp. 1530–1539 (2002)
Google Scholar
Paxson, V.: An Analysis of Using Reflectors for Distributed Denial-of-service. Computer Communication Review 31(3) (2001)
Google Scholar
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: Characterization and implications for cdns and web sites. In: Proceedings of the 11th WWW Conference, Honolulu, HI (May 2002)
Google Scholar
Mahajan, R., Bellovin, S.M., Floyd, S., Ioannidis, J.: Controlling high bandwidth aggregates in the network. ACM SIGCOMM (submitted, 2001)
Google Scholar
Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of-service Attacks which employ IP Source Address Spoofing (2000), http://www.ietf.org/rfc/rfc2827.txt
Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: Source address validity enforcement protocol. In: Proceedings of IEEE INFOCOMM 2001 (April 2001)
Google Scholar
Jin, C., Wang, H., Shin, K.G.: Hop-count filtering: An effective defense against spoofed DDoS traffic. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (October 2003)
Google Scholar
Kim, Y., Lau, W.C.: PacketScore: Statistics-based Overload Control against Distributed Denial-of-Service Attacks. In: IEEE INFOCOM 2004 (2004)
Google Scholar
Bellovin: ICMP Traceback Messages AT&T Labs. Research, http://www.cs.columbia.edu/smb/papers/draft-bellovin-itrace-00.txt
Dean, D., Franklin, M., Stubblefield, A.: An algebraic approach to IP traceback. ACM Transactions on Information and System Security (May 2002)
Google Scholar
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical Network Support for IP Traceback. In: Proc.ACM/SIGCOMM, August 2000, pp. 295–306 (2000)
Google Scholar
Ioannidis, J.: Implementing pushback:Router-based defense against DDoS attacks. In: Proceedings of the 2002 ISOC Symposium on Network and Distributed Security (2002)
Google Scholar
Yau, D.K.Y., Lui, J.C.S., Liang, F.: Defending Against Distributed Denialof-service Attacks with Max-min Fair Server-centric Router Throttles. In: IEEE International Workshop on Quality of Service, IWQoS (2002)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science and Technology, Tsinghua University, Beijing, 100084, P.R. China
Yong Cui, Lingjian Song & Ke Xu

Authors

Yong Cui
View author publications
You can also search for this author in PubMed Google Scholar
Lingjian Song
View author publications
You can also search for this author in PubMed Google Scholar
Ke Xu
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Information and Communications Engineering, Hankuk University of Foreign Studies, Imun-dong, Dongdaemun-Gu, 130-790, Seoul, Korea
Ilyoung Chong
Kyusyu Institute of Technology, 680-4, Kawazu, Japan
Kenji Kawahara

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Cui, Y., Song, L., Xu, K. (2006). RCS: A Distributed Mechanism Against Link Flooding DDoS Attacks. In: Chong, I., Kawahara, K. (eds) Information Networking. Advances in Data Communications and Wireless Networks. ICOIN 2006. Lecture Notes in Computer Science, vol 3961. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11919568_76

Download citation

DOI: https://doi.org/10.1007/11919568_76
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48563-6
Online ISBN: 978-3-540-48564-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics