Document Type

Technical Report

Department

Computer Science and Engineering

Publication Date

2009

Filename

wucse-2009-7.pdf

DOI:

10.7936/K76H4FP4

Technical Report Number

wucse-2009-7

Abstract

A high profile internet server is always a target of denial-of-service attacks. In this paper, we propose a novel technique for protecting an internet server from distributed denial-of-service attacks. The defense mechanism is based on a distributed algorithm that performs weight-fair throttling at the upstream routers. The throttling is weight-fair because the traffics destined for the server are controlled increased or decreased ) by the leaky-buckets at the routers based on the number of users connected, directly or through other routers, to each router. To the best of our knowledge, this is the first weight-fair technique for saving an internet server from denial-of-service attacks. The system is guaranteed to work even if some of the routers are compromised. Furthermore, in the beginning of the algorithm, the server’s capacity is underestimated by the routers so as to protect the server from any sudden initial attack.

Comments

Permanent URL: http://dx.doi.org/10.7936/K76H4FP4

Download

Share

COinS