TY - GEN
T1 - Backward traffic throttling to mitigate bandwidth floods
AU - Gev, Yehoshua
AU - Geva, Moti
AU - Herzberg, Amir
PY - 2012
Y1 - 2012
N2 - We present Backward Traffic Throttling (BTT), an efficient, decentralized mechanism for congestion and bandwidth-flooding attacks mitigation. Upon congestion, BTT employs three basic mechanisms to throttle excessive traffic, namely: prioritize legitimate flows, shape traffic, and request upstream BTT nodes to similarly prioritize and shape traffic. Flow prioritizing parameters are determined independently by each BTT server, based on typical traffic estimations. BTT is easily deployed: it requires no changes to routers, and does not modify traffic. Instead, BTT configures routers' queuing discipline and traffic shapers. Both simulation and testbed experiments were performed to asses the effectiveness of BTT during distributed denial-of-service (DDoS) attacks. Results show that even limited BTT deployment alleviates attacks damage and allows legitimate TCP traffic to sustain communication, whereas larger deployments maintain larger portions of the original bandwidth.
AB - We present Backward Traffic Throttling (BTT), an efficient, decentralized mechanism for congestion and bandwidth-flooding attacks mitigation. Upon congestion, BTT employs three basic mechanisms to throttle excessive traffic, namely: prioritize legitimate flows, shape traffic, and request upstream BTT nodes to similarly prioritize and shape traffic. Flow prioritizing parameters are determined independently by each BTT server, based on typical traffic estimations. BTT is easily deployed: it requires no changes to routers, and does not modify traffic. Instead, BTT configures routers' queuing discipline and traffic shapers. Both simulation and testbed experiments were performed to asses the effectiveness of BTT during distributed denial-of-service (DDoS) attacks. Results show that even limited BTT deployment alleviates attacks damage and allows legitimate TCP traffic to sustain communication, whereas larger deployments maintain larger portions of the original bandwidth.
UR - http://www.scopus.com/inward/record.url?scp=84877668772&partnerID=8YFLogxK
U2 - 10.1109/glocom.2012.6503228
DO - 10.1109/glocom.2012.6503228
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84877668772
SN - 9781467309219
T3 - Proceedings - IEEE Global Communications Conference, GLOBECOM
SP - 904
EP - 910
BT - 2012 IEEE Global Communications Conference, GLOBECOM 2012
T2 - 2012 IEEE Global Communications Conference, GLOBECOM 2012
Y2 - 3 December 2012 through 7 December 2012
ER -