B. Bencsáth, I. Vajda|
Protection Against DDoS Attacks Based On Traffic Level Measurements
2004 International Symposium on Collaborative Technologies and Systems, The Society for Modeling and Simulation International, 2004, Waleed W. Smari, William McQuay, pp. 22-28., The Society for Modeling and Simulation International, San Diego, CA, USA, January, Simulation series vol 36. no. 1., ISBN 1-56555-272-5.
keywords: DDoS attacks, traffic analysis, network protection
abstract A method for protecting an Internet server against a bandwidth-consuming DDoS attack is proposed and analyzed. Incoming traffic is monitored continuously and ``dangerous'' traffic intensity rises are detected. Such an event activates a traffic filtering rule which pushes down the incoming aggregate traffic to an acceptable level by discarding excess packets according to the measured relative traffic levels of active sources. Compared to other studies, our method has a structurally stronger base: legitimate traffic to the server is not necessarily hindered because of the attack or the traffic suppression. The method is supported by an analysis and a simulation as well.