RCS: A Distributed Mechanism Against Link Flooding DDoS Attacks

  • Yong Cui
  • Lingjian Song
  • Ke Xu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3961)


DoS/DDoS attacks especially the Link Flooding have exerted severe threat on Internet. In this paper we propose a novel mechanism called Rate Control System (RCS) against Link Flooding based on the correlation analysis of upper link flows. According to the feature of aggregate in DDoS attack, RCS takes DDoS attack problem as a way of flow control to simplify the situation and deploys the flow controller at the routers near the victims. As the key point of our mechanism, an algorithm is designed to differentiate the malicious packets and the normal ones and we classify the packets according to TCP flags in order to tell different flows apart. In addition we detect the malicious aggregate using correlation analysis to make clear the type and the location of the attack. Simulation results demonstrate the performance for detecting the Link Flooding DDoS attacks.


Pass Rate Link Load USENIX Security Symposium Good Packet Packet Category 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ghosh, A.K., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proceedings of the 14th Annual Computer Security Applications ConferenceGoogle Scholar
  2. 2.
    Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial of Service Activity. In: Proceedings of USENIX Security Symposium (August 2001)Google Scholar
  3. 3.
    Garber, L.: Denial-of-service attack rip the internet. IEEE Computer (April 2000)Google Scholar
  4. 4.
    Yaar, A.: Pi: A path identification mechanism to defend against ddos attacks. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA (May 2003)Google Scholar
  5. 5.
    Wang, H., Zhang, D., Shin, K.: Detecting SYN flooding attacks. In: Proceedings of IEEE INFOCOM, June 2002, pp. 1530–1539 (2002)Google Scholar
  6. 6.
    Paxson, V.: An Analysis of Using Reflectors for Distributed Denial-of-service. Computer Communication Review 31(3) (2001)Google Scholar
  7. 7.
    Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: Characterization and implications for cdns and web sites. In: Proceedings of the 11th WWW Conference, Honolulu, HI (May 2002)Google Scholar
  8. 8.
    Mahajan, R., Bellovin, S.M., Floyd, S., Ioannidis, J.: Controlling high bandwidth aggregates in the network. ACM SIGCOMM (submitted, 2001)Google Scholar
  9. 9.
    Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of-service Attacks which employ IP Source Address Spoofing (2000),
  10. 10.
    Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: Source address validity enforcement protocol. In: Proceedings of IEEE INFOCOMM 2001 (April 2001)Google Scholar
  11. 11.
    Jin, C., Wang, H., Shin, K.G.: Hop-count filtering: An effective defense against spoofed DDoS traffic. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (October 2003)Google Scholar
  12. 12.
    Kim, Y., Lau, W.C.: PacketScore: Statistics-based Overload Control against Distributed Denial-of-Service Attacks. In: IEEE INFOCOM 2004 (2004)Google Scholar
  13. 13.
    Bellovin: ICMP Traceback Messages AT&T Labs. Research,
  14. 14.
    Dean, D., Franklin, M., Stubblefield, A.: An algebraic approach to IP traceback. ACM Transactions on Information and System Security (May 2002)Google Scholar
  15. 15.
    Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical Network Support for IP Traceback. In: Proc.ACM/SIGCOMM, August 2000, pp. 295–306 (2000)Google Scholar
  16. 16.
    Ioannidis, J.: Implementing pushback:Router-based defense against DDoS attacks. In: Proceedings of the 2002 ISOC Symposium on Network and Distributed Security (2002)Google Scholar
  17. 17.
    Yau, D.K.Y., Lui, J.C.S., Liang, F.: Defending Against Distributed Denialof-service Attacks with Max-min Fair Server-centric Router Throttles. In: IEEE International Workshop on Quality of Service, IWQoS (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yong Cui
    • 1
  • Lingjian Song
    • 1
  • Ke Xu
    • 1
  1. 1.Department of Computer Science and TechnologyTsinghua UniversityBeijingP.R. China

Personalised recommendations