Issue No.07 - July (2007 vol.18)
Chee Wei Tan , IEEE
Dah-Ming Chiu , IEEE
John C.S. Lui , IEEE
David K.Y. Yau , IEEE
<p><b>Abstract</b>—Public-access networks need to handle persistent congestion and overload caused by high bandwidth aggregates that may occur during times of flooding-based DDoS attacks or flash crowds. The often unpredictable nature of these two activities can severely degrade server performance. Legitimate user requests also suffer considerably when traffic from many different sources aggregates inside the network and causes congestion. This paper studies a family of algorithms that "proactively” protect a server from overload by installing <it>rate throttles</it> in a set of upstream routers. Based on an optimal control setting, we propose algorithms that achieve throttling in a distributed and fair manner by taking important performance metrics into consideration, such as minimizing overall load variations. Using ns-2 simulations, we show that our proposed algorithms 1) are highly adaptive by avoiding unnecessary parameter configuration, 2) provide max-min fairness for any number of throttling routers, 3) respond very quickly to network changes, 4) are extremely robust against extrinsic factors beyond the system control, and 5) are stable under given delay bounds.</p>
Resource management, DDoS attacks, network security.
Chee Wei Tan, Dah-Ming Chiu, John C.S. Lui, David K.Y. Yau, "A Distributed Throttling Approach for Handling High Bandwidth Aggregates", IEEE Transactions on Parallel & Distributed Systems, vol.18, no. 7, pp. 983-995, July 2007, doi:10.1109/TPDS.2007.1034