Abstract
Internet worms and DDoS attacks are considered the two most menacing attacks on today’s Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Arbor Networks: Worldwide Infrastructure Security Report (September 2007)
Chen, T.M., Robert, J.-M.: Worm Epidemics in High-Speed Networks. IEEE Computer 37(6), 48–53 (2004)
Yaneza, J., Sancho, D.: The trend of threats today: 2005 annual roundup and 2006 forecast. Trend Micro White Paper (2005)
CISCO SYSTEMS: ONS 15327 Multi-Service Provisioning Platform (November 2002)
Mahajan, R., Bellovin, S.M., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling High Bandwidth Aggregates in the Network. ACM SIGCOMM Computer Communications Review 32(3), 62–73 (2006)
Keromytis, A., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: Proc. of ACM SIGCOMM, pp. 61–72 (August 2002)
Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Proc. of 10th IEEE International Conference on Network Protocols (November 2002)
Kang, J., Zhang, Z., Ju, J.: Protect e-commerce against DDoS attacks with improved D-WARD system. In: Proc. of the e-Technology, e-Commerce and e-Service conference, March 2005, pp. 100–105 (2005)
Gil, T., Poletto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proc. of 10th Usenix Security Symposium (August 2001)
Williamson, M.M.: Throttling Viruses: Restricting propagation to defeat malicious mobile code. In: Proc. of the 18th Annual Computer Security Applications Conference (ACSAC) (June 2002)
Chen, S., Tang, Y.: Slowing Down Internet Worms. In: Proc. of the 24th International Conference on Distributed Computing and Systems (ICDCS) (March 2004)
Schechter, E., Jung, J., Berger, A.W.: Fast Detection of Scanning Worm Infections. In: Proc. of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID) (October 2004)
Whyte, D., Kranakis, E., van Oorschot, P.C.: DNS-based detection of scanning worms in an enterprise network. In: Proc. of the 12th ISOC Symposium on Network and Distributed Systems Security(NDSS) (February 2005)
Granger, G., Economou, G., Bielski, S.: Self-securing network interfaces: What, why and how. Technical report, Carnegie Mellon University, CMU-CS-02-144 (May 2002)
Moore, D., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-Service Activity. ACM Transactions on Computer Systems (TOCS) 24(2), 115–139 (2006)
Wong, C., Bielski, S., Studer, A., Wang, C.: Empirical Analysis of Rate Limiting Mechanisms. In: Proc. of the 11th International Symposium on Recent Advances in Intrusion Detection (2006)
Meyer, D.: University of Oregon Route Views archive project (2006), http://archive.routeviews.org
SGI: Standard Template Library Programmer’s Guide; hashmap containers, http://www.sgi.com/tech/stl/hash_map.html
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, K., Seo, D., Yoo, J., Lee, H., Kim, H. (2008). Unified Rate Limiting in Broadband Access Networks for Defeating Internet Worms and DDoS Attacks. In: Chen, L., Mu, Y., Susilo, W. (eds) Information Security Practice and Experience. ISPEC 2008. Lecture Notes in Computer Science, vol 4991. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79104-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-79104-1_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79103-4
Online ISBN: 978-3-540-79104-1
eBook Packages: Computer ScienceComputer Science (R0)