Unified Rate Limiting in Broadband Access Networks for Defeating Internet Worms and DDoS Attacks
نویسندگان
چکیده
Internet worms and DDoS attacks are considered the two most menacing attacks on today’s Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.
منابع مشابه
Analysis of Entropy Based DDoS Attack Detection to Detect UDP Based DDoS Attacks in IPv6 Networks
Distributed Denial of Service (DDoS) attacks is an important thread in internet. In IPv6 internet worms are difficult to identify, because of the total amount of traffic which does not allow the instant investigation of fine points. In Internet Protocol Version 6 (IPv6) networks one of the common traffic flows occurs is UDP data flows. It is an unreliable data flow. This characteristic can be u...
متن کاملFast Containment of Internet Worms and Tracking of DDoS Attacks with Distributed-Hashing Overlays
Internet catastrophes could be caused by large-scale worm outbreaks that lead to DDoS flooding attacks. Internet worms can be exploited to damage infected hosts and launch flooding attacks against high-profile Internet services. We suggest deploying distributed WormShield monitors to automatically detect and disseminate worm signatures. WormShield monitors analyze the global prevalence and addr...
متن کاملA survey of DDoS Service Attacks in Collaborative Intrusion Detection System
A DDoS (Distributed Denial-of-Service) attack is a distributed large-scale attempt by malicious users to flood the victim network with an enormous number of packets. This exhausts the victim network of resources such as bandwidth, computing power, etc., the victim is unable to provide services to its legitimate clients and network performance is greatly deteriorated. There are many proposed met...
متن کاملHF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملDefeating distributed denial-of-service attack with deterministic bit marking
Denial-of-Service (DDoS) attack is a serious threat in Internet. We propose a bit marking concept to identify and drop the DDoS attack packets. Bit marking is a variation of the packet marking technique that modifies packet headers at each router. However instead of storing the router information in the packets, bit marking alters one or more bits in the marking field. The bit marking process d...
متن کامل