Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks

Keun Park, Dongwon Seo, Jaewon Yoo, Heejo Lee, Hyogon Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Internet worms and DDoS attacks are considered the two most menacing attacks on today's Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages176-187
Number of pages12
Volume4991 LNCS
DOIs
Publication statusPublished - 2008 Apr 7
Event4th Information Security Practice and Experience Conference, ISPEC 2008 - Sydney, NSW, Australia
Duration: 2008 Apr 212008 Apr 23

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4991 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other4th Information Security Practice and Experience Conference, ISPEC 2008
CountryAustralia
CitySydney, NSW
Period08/4/2108/4/23

Fingerprint

DDoS
Worm
Internet
Broadband
Limiting
Attack
Beast
Traffic
Experiments
High Accuracy
Resources
Computing

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Park, K., Seo, D., Yoo, J., Lee, H., & Kim, H. (2008). Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4991 LNCS, pp. 176-187). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4991 LNCS). https://doi.org/10.1007/978-3-540-79104-1_13

Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. / Park, Keun; Seo, Dongwon; Yoo, Jaewon; Lee, Heejo; Kim, Hyogon.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4991 LNCS 2008. p. 176-187 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4991 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Park, K, Seo, D, Yoo, J, Lee, H & Kim, H 2008, Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 4991 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4991 LNCS, pp. 176-187, 4th Information Security Practice and Experience Conference, ISPEC 2008, Sydney, NSW, Australia, 08/4/21. https://doi.org/10.1007/978-3-540-79104-1_13
Park K, Seo D, Yoo J, Lee H, Kim H. Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4991 LNCS. 2008. p. 176-187. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-79104-1_13
Park, Keun ; Seo, Dongwon ; Yoo, Jaewon ; Lee, Heejo ; Kim, Hyogon. / Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4991 LNCS 2008. pp. 176-187 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{01e179caa42241a987686c8cce0272d1,
title = "Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks",
abstract = "Internet worms and DDoS attacks are considered the two most menacing attacks on today's Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7{\%} worm packets and 93{\%} DDoS packets, while 69.2{\%} worms and 3.4{\%} DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.",
author = "Keun Park and Dongwon Seo and Jaewon Yoo and Heejo Lee and Hyogon Kim",
year = "2008",
month = "4",
day = "7",
doi = "10.1007/978-3-540-79104-1_13",
language = "English",
isbn = "3540791035",
volume = "4991 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "176--187",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks

AU - Park, Keun

AU - Seo, Dongwon

AU - Yoo, Jaewon

AU - Lee, Heejo

AU - Kim, Hyogon

PY - 2008/4/7

Y1 - 2008/4/7

N2 - Internet worms and DDoS attacks are considered the two most menacing attacks on today's Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.

AB - Internet worms and DDoS attacks are considered the two most menacing attacks on today's Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.

UR - http://www.scopus.com/inward/record.url?scp=41549160289&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=41549160289&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-79104-1_13

DO - 10.1007/978-3-540-79104-1_13

M3 - Conference contribution

AN - SCOPUS:41549160289

SN - 3540791035

SN - 9783540791034

VL - 4991 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 176

EP - 187

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -