Defending against Distributed Denial-of-Service Attacks with Weight-Fair Router Throttles

A high profile internet server is always a target of denial-of-service attacks. In this project, we propose a novel technique for protecting an internet server from distributed denial-of-service attacks. The defense mechanism is based on a distributed algorithm that performs weight-fair throttling at the upstream routers. The throttling is weight-fair because the traffics destined for the server are controlled (increased or decreased ) by the leaky-buckets at the routers based on the number of users connected, directly or through other routers, to each router. To the best of our knowledge, this is the first weightfair technique for saving an internet server from denial-of-service attacks. The system is guaranteed to work even if some of the routers are compromised. Furthermore, in the beginning of the algorithm, the server’s capacity is underestimated by the routers so as to protect the server from any sudden initial attack. Keywords-Network security; Distributed denial-of-service attack; Internet server;