Abstract
Distributed Denial of Service (DDoS) attacks pose a serious threat to availability of Internet Services. Several schemes have been proposed for countering DDoS attacks directed at an Internet Server, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. We propose a dynamic rate throttling technique that will greatly minimize the impact of attack. The basic mechanism is to have monitoring, rate limiting and filtering at edges of ISPs. The participating routers, start there function after getting a signal from a server under attack. Our scheme is invoked only during attack times, and is able to mitigate attack traffic through dynamic filtering. Server instructs edge routers to rate limit the traffic according to the share of traffic which is being passed through particular edge router. The solution proposed is an ISP level solution which is practical enough to be implemented. We simulate the scheme in NS-2 in Linux System. We use an Internet type topology to test our scheme. Web and FTP traffic was generated to evaluate the effectiveness of scheme. Our scheme shows good improvement over static router throttling techniques which were proposed earlier. Hence we believe that the scheme proposed in this paper is a promising approach to stop DDoS attacks
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
