On the Effectiveness of Rate-Limiting Methods to Mitigate Distributed DoS (DDoS) Attacks

Takanori KOMATSU  Akira NAMATAME  

IEICE TRANSACTIONS on Communications   Vol.E90-B   No.10   pp.2665-2672
Publication Date: 2007/10/01
Online ISSN: 1745-1345
DOI: 10.1093/ietcom/e90-b.10.2665
Print ISSN: 0916-8516
Type of Manuscript: Special Section PAPER (Special Section on New Challenge for Internet Technology and its Architecture)
DDoS attack,  complex network,  bandwidth control,  

Full Text: PDF(888.9KB)>>
Buy this Article

It has been widely observed that high-bandwidth traffic aggregates often occur by flooding-based distributed denial-of-service (DDoS) attacks. Several congestion control methods have been proposed for bandwidth controls. These methods are also considered to be important in order to avoid collapse of network services by DDoS attacks. We perform simulation studies of these well-known crowd management methods in order to minimize the damage caused by DDoS attacks with bandwidth control. Internet topologies have many facets in terms of the focus of the observation. Therefore, we need to conduct simulation of DDoS attacks in different Internet topologies, including the tiers model, the transit-stub model, and the Barabasi-Albert model. Using RED, CHOKe, and pushback with ACC as congestion control methods, we evaluate network resistance against DDoS attacks and similar overflow problems.