Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks

Keun Park; Dongwon Seo; Jaewon Yoo; Heejo Lee; Hyogon Kim

doi:10.1007/978-3-540-79104-1_13

Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks

Keun Park, Dongwon Seo, Jaewon Yoo, Heejo Lee, Hyogon Kim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Internet worms and DDoS attacks are considered the two most menacing attacks on today's Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.

Original language	English
Title of host publication	Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings
Pages	176-187
Number of pages	12
DOIs	https://doi.org/10.1007/978-3-540-79104-1_13
Publication status	Published - 2008
Event	4th Information Security Practice and Experience Conference, ISPEC 2008 - Sydney, NSW, Australia Duration: 2008 Apr 21 → 2008 Apr 23

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4991 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	4th Information Security Practice and Experience Conference, ISPEC 2008
Country/Territory	Australia
City	Sydney, NSW
Period	08/4/21 → 08/4/23

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-540-79104-1_13

Cite this

Park, K., Seo, D., Yoo, J., Lee, H., & Kim, H. (2008). Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. In Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings (pp. 176-187). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4991 LNCS). https://doi.org/10.1007/978-3-540-79104-1_13

Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. / Park, Keun; Seo, Dongwon; Yoo, Jaewon et al.
Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings. 2008. p. 176-187 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4991 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Park, K, Seo, D, Yoo, J, Lee, H & Kim, H 2008, Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. in Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4991 LNCS, pp. 176-187, 4th Information Security Practice and Experience Conference, ISPEC 2008, Sydney, NSW, Australia, 08/4/21. https://doi.org/10.1007/978-3-540-79104-1_13

Park K, Seo D, Yoo J, Lee H , Kim H. Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. In Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings. 2008. p. 176-187. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-79104-1_13

Park, Keun ; Seo, Dongwon ; Yoo, Jaewon et al. / Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks. Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings. 2008. pp. 176-187 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{01e179caa42241a987686c8cce0272d1,

title = "Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks",

abstract = "Internet worms and DDoS attacks are considered the two most menacing attacks on today's Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.",

author = "Keun Park and Dongwon Seo and Jaewon Yoo and Heejo Lee and Hyogon Kim",

year = "2008",

doi = "10.1007/978-3-540-79104-1_13",

language = "English",

isbn = "3540791035",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "176--187",

booktitle = "Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings",

note = "4th Information Security Practice and Experience Conference, ISPEC 2008 ; Conference date: 21-04-2008 Through 23-04-2008",

}

TY - GEN

T1 - Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks

AU - Park, Keun

AU - Seo, Dongwon

AU - Yoo, Jaewon

AU - Lee, Heejo

AU - Kim, Hyogon

PY - 2008

Y1 - 2008

N2 - Internet worms and DDoS attacks are considered the two most menacing attacks on today's Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.

AB - Internet worms and DDoS attacks are considered the two most menacing attacks on today's Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traffic reduction performance than that of existing rate limiting schemes geared toward worm mitigation, in addition to the added advantage of dropping most DDoS attack packets. In our experiments with attack traffics generated by attacking tools, the unified rate limiting scheme drops 80.7% worm packets and 93% DDoS packets, while 69.2% worms and 3.4% DDoS packets are dropped at maximum by previous worm scan rate limiting schemes. Also, the proposed scheme requires less computing resources, and has higher accuracy for dropping attack packets but not dropping legitimate packets.

UR - http://www.scopus.com/inward/record.url?scp=41549160289&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-79104-1_13

DO - 10.1007/978-3-540-79104-1_13

M3 - Conference contribution

AN - SCOPUS:41549160289

SN - 3540791035

SN - 9783540791034

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 176

EP - 187

BT - Information Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings

T2 - 4th Information Security Practice and Experience Conference, ISPEC 2008

Y2 - 21 April 2008 through 23 April 2008

ER -

Unified rate limiting in broadband access networks for defeating Internet worms and DDoS attacks

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this