Trawling traffic under attack overcoming ddos attacks by target-controlled traffic filtering

Shlomi Dolev, Yuval Elovici, Alex Kesselman, Polina Zilberman

Research output: Contribution to journalArticlepeer-review

Abstract

As more and more services are provided by servers via the Internet, Denial-of-Service (DoS) attacks pose an increasing threat to the Internet community. A DoS attack overloads the target server with a large volume of adverse requests, thereby rendering the server unavailable to well-behaved users. In this paper, we propose two algorithms that allow attack targets to dynamically filter their incoming traffic based on a distributed policy. The proposed algorithms defend the target against DoS and distributed DoS (DDoS) attacks and simultaneously ensure that it continues to serve well-behaved users. In a nutshell, a target can define a filtering policy which consists of a set of traffic classification rules and the corresponding amounts of traffic for each rule. A filtering algorithm is enforced by the ISP's routers when a target is being overloaded with traffic. The goal is to maximize the amount of filtered traffic forwarded to the target, according to the filtering policy, from the ISP. The first proposed algorithm is a collaborative algorithm which computes and delivers to the target the best possible traffic mix in polynomial time. The second algorithm is a distributed non-collaborative algorithm for which we prove a lower bound on the worst-case performance.

Original languageEnglish
Pages (from-to)1073-1098
Number of pages26
JournalInternational Journal of Foundations of Computer Science
Volume22
Issue number5
DOIs
StatePublished - 1 Aug 2011

Keywords

  • Denial-of-Service attack
  • dynamic filtering
  • filtering policy
  • internet router
  • traffic classification

Fingerprint

Dive into the research topics of 'Trawling traffic under attack overcoming ddos attacks by target-controlled traffic filtering'. Together they form a unique fingerprint.

Cite this