For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
On the Effectiveness of Rate-Limiting Methods to Mitigate Distributed DoS (DDoS) Attacks
Takanori KOMATSU Akira NAMATAME
IEICE TRANSACTIONS on Communications
Publication Date: 2007/10/01
Online ISSN: 1745-1345
Print ISSN: 0916-8516
Type of Manuscript: Special Section PAPER (Special Section on New Challenge for Internet Technology and its Architecture)
DDoS attack, complex network, bandwidth control,
Full Text: PDF(888.9KB)>>
It has been widely observed that high-bandwidth traffic aggregates often occur by flooding-based distributed denial-of-service (DDoS) attacks. Several congestion control methods have been proposed for bandwidth controls. These methods are also considered to be important in order to avoid collapse of network services by DDoS attacks. We perform simulation studies of these well-known crowd management methods in order to minimize the damage caused by DDoS attacks with bandwidth control. Internet topologies have many facets in terms of the focus of the observation. Therefore, we need to conduct simulation of DDoS attacks in different Internet topologies, including the tiers model, the transit-stub model, and the Barabasi-Albert model. Using RED, CHOKe, and pushback with ACC as congestion control methods, we evaluate network resistance against DDoS attacks and similar overflow problems.