Abstract
DoS/DDoS attacks especially the Link Flooding have exerted severe threat on Internet. In this paper we propose a novel mechanism called Rate Control System (RCS) against Link Flooding based on the correlation analysis of upper link flows. According to the feature of aggregate in DDoS attack, RCS takes DDoS attack problem as a way of flow control to simplify the situation and deploys the flow controller at the routers near the victims. As the key point of our mechanism, an algorithm is designed to differentiate the malicious packets and the normal ones and we classify the packets according to TCP flags in order to tell different flows apart. In addition we detect the malicious aggregate using correlation analysis to make clear the type and the location of the attack. Simulation results demonstrate the performance for detecting the Link Flooding DDoS attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ghosh, A.K., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proceedings of the 14th Annual Computer Security Applications Conference
Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial of Service Activity. In: Proceedings of USENIX Security Symposium (August 2001)
Garber, L.: Denial-of-service attack rip the internet. IEEE Computer (April 2000)
Yaar, A.: Pi: A path identification mechanism to defend against ddos attacks. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA (May 2003)
Wang, H., Zhang, D., Shin, K.: Detecting SYN flooding attacks. In: Proceedings of IEEE INFOCOM, June 2002, pp. 1530–1539 (2002)
Paxson, V.: An Analysis of Using Reflectors for Distributed Denial-of-service. Computer Communication Review 31(3) (2001)
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: Characterization and implications for cdns and web sites. In: Proceedings of the 11th WWW Conference, Honolulu, HI (May 2002)
Mahajan, R., Bellovin, S.M., Floyd, S., Ioannidis, J.: Controlling high bandwidth aggregates in the network. ACM SIGCOMM (submitted, 2001)
Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of-service Attacks which employ IP Source Address Spoofing (2000), http://www.ietf.org/rfc/rfc2827.txt
Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: Source address validity enforcement protocol. In: Proceedings of IEEE INFOCOMM 2001 (April 2001)
Jin, C., Wang, H., Shin, K.G.: Hop-count filtering: An effective defense against spoofed DDoS traffic. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (October 2003)
Kim, Y., Lau, W.C.: PacketScore: Statistics-based Overload Control against Distributed Denial-of-Service Attacks. In: IEEE INFOCOM 2004 (2004)
Bellovin: ICMP Traceback Messages AT&T Labs. Research, http://www.cs.columbia.edu/smb/papers/draft-bellovin-itrace-00.txt
Dean, D., Franklin, M., Stubblefield, A.: An algebraic approach to IP traceback. ACM Transactions on Information and System Security (May 2002)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical Network Support for IP Traceback. In: Proc.ACM/SIGCOMM, August 2000, pp. 295–306 (2000)
Ioannidis, J.: Implementing pushback:Router-based defense against DDoS attacks. In: Proceedings of the 2002 ISOC Symposium on Network and Distributed Security (2002)
Yau, D.K.Y., Lui, J.C.S., Liang, F.: Defending Against Distributed Denialof-service Attacks with Max-min Fair Server-centric Router Throttles. In: IEEE International Workshop on Quality of Service, IWQoS (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cui, Y., Song, L., Xu, K. (2006). RCS: A Distributed Mechanism Against Link Flooding DDoS Attacks. In: Chong, I., Kawahara, K. (eds) Information Networking. Advances in Data Communications and Wireless Networks. ICOIN 2006. Lecture Notes in Computer Science, vol 3961. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11919568_76
Download citation
DOI: https://doi.org/10.1007/11919568_76
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48563-6
Online ISBN: 978-3-540-48564-3
eBook Packages: Computer ScienceComputer Science (R0)