TDPF: a traceback-based distributed packet filter to mitigate spoofed DDoS attacks

Authors

  • Mehran S. Fallah,

    Corresponding author
    1. Department of Computer Engineering and Information Technology, Amirkabir University of Technology (Tehran Polytechnic), Tehran, Iran
    • Correspondence: Mehran S. Fallah, Department of Computer Engineering and Information Technology, Amirkabir University of Technology (Tehran Polytechnic), Tehran, Iran.

      E-mail: msfallah@aut.ac.ir

    Search for more papers by this author
  • Nafiseh Kahani

    1. Department of Computer Engineering and Information Technology, Amirkabir University of Technology (Tehran Polytechnic), Tehran, Iran
    Search for more papers by this author

ABSTRACT

Defense mechanisms against distributed denial-of-service (DDoS) attacks usually mitigate the attack by filtering out the excess traffic targeted at the victim. These defenses should be able to discriminate the attack from the legitimate traffic so that filtering can be selectively applied. The problem is exacerbated when spoofed addresses are used in attack packets. This paper proposes traceback-based distributed packet filter (TDPF), a novel distributed packet filtering mechanism that employs IP traceback as a means for traffic discrimination. In this defense mechanism, packet filters are relocated to the routers nearer the attack sources whenever the traceback algorithm adds such nodes to the attack tree. The filtering probabilities at packet filters are also dynamically adjusted to the volume of traffic the victim receives from each filtering router. In this way, TDPF is able to achieve a high throughput of legitimate traffic while blocking malicious flows. The burden it imposes on a participating router is negligible as well. Moreover, unlike the earlier traceback-based defenses, it can defend against intense DDoS attacks. Experimental results show that TDPF is effective in different attack scenarios. Copyright © 2013 John Wiley & Sons, Ltd.

Ancillary