Trawling traffic under attack overcoming DDoS attacks by target-controlled traffic filtering

Shlomi Dolev, Yuval Elovici, Alex Kesselman, Polina Zilberman

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

As more and more services are provided by servers via the Internet, Denial-of-Service (DoS) attacks pose an increasing threat to the Internet community. A DoS attack overloads the target server with a large volume of adverse requests, thereby rendering the server unavailable to "well-behaved" users. Recently, the novel paradigm of traffic ownership that enables the clients of Internet service providers (ISP) to configure their own traffic processing policies has gained popularity. In this paper, we propose two algorithms belonging to this paradigm that allow attack targets to dynamically filter their incoming traffic based on a distributed policy. The proposed algorithms defend the target against DoS and distributed DoS (DDoS) attacks and simultaneously ensure that it continues to receive valuable users' traffic. In a nutshell, a target can define a filtering policy which consists of a set of traffic classification rules and the corresponding amounts of traffic, measured in bandwidth units, which match each rule. The filtering algorithm is enforced by the ISP's or the Network Service Provider's (NSP) routers when a target is being overloaded with traffic. The goal Is to maximize the amount of filtered traffic forwarded to the target, according to the filtering policy, from the ISP's or the NSP's network. The first algorithm we propose relies on complete collaboration among the ISP/NSP routers. It computes the filtering policy in polynomial time and delivers the best possible traffic mix to the target. The second algorithm is a distributed algorithm which assumes no collaboration among the ISP/NSP routers, each router only uses local information about its incoming traffic. We show the intuition behind the proof of lower bound on the second algorithm's worst-case performance.

Original languageEnglish
Title of host publication2009 International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2009
Pages336-341
Number of pages6
DOIs
StatePublished - 1 Dec 2009
Event2009 International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2009 - Higashi, Hiroshima, Japan
Duration: 8 Dec 200911 Dec 2009

Publication series

NameParallel and Distributed Computing, Applications and Technologies, PDCAT Proceedings

Conference

Conference2009 International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2009
Country/TerritoryJapan
CityHigashi, Hiroshima
Period8/12/0911/12/09

Fingerprint

Dive into the research topics of 'Trawling traffic under attack overcoming DDoS attacks by target-controlled traffic filtering'. Together they form a unique fingerprint.

Cite this