Abstract
Distributed Denial of Service (DDoS) attacks exploit the availability of servers and routers, resulting in the severe loss of their connectivity. We present a distributed, automated response model that utilizes a Proportional-Integral-Derivative (PID) controller to aid in handling traffic flow management. PID control law has been used in electrical and chemical engineering applications since 1934 and has proven extremely useful in stabilizing relatively unpredictable flows. This model is designed to prevent incoming traffic from exceeding a given threshold, while allowing as much incoming, legitimate traffic as possible. In addition, this model focuses on requiring less demanding modifications to external routers and networks than other published distributed response models that impact the effect of DDoS attacks.
Chapter PDF
References
Howard, J.: An Analysis of Security Incidents on the Internet. Ph.D. thesis, Carnegie Mellon University (1998)
Dittrich, D.: Distributed denial of service (DDoS) attacks/tools resource page (2000), http://staff.washington.edu/dittrich/misc/ddos/
Computer Emergency Response Team (CERT) Carnegie Mellon University, Denial-of-Service Developments(2000) 2000, CA-2001:01
Computer Emergency Response Team (CERT), Carnegie Mellon University, Nimda Worm, (September 2001) CA-2001:26
Song, D., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings of IEEE INFOCOM 2001 (March 2001)
Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: source address validity enforcement. In: Proceedings of IEEE INFOCOM 2002 (June 2002), http://www.cs.ucla.edu/adas/ucla_tech_report_010004.ps
Sterne, D., Djahandari, K., Wilson, B., Babson, B., Schnackenberg, D., Holliday, H., Reid, T.: Autonomic response to distributed denial of service attacks. Recent Advances in Intrusion Detection (October 2001)
Ioannidis, J., Bellovin, S.M.: Implementing pushback: router-based defense against DDoS attacks. In: Proceedings of the Network and Distributed System Security Symposium ( February 2002)
Mahajan, R., Bellovin, S., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling High Bandwidth Aggregates in the Network. Computer Communications Review 32(3), 62–73 (2002)
Meier-Hellstern, K.S., Wirth, P.E., Yan, Y.L., Hoeflin, D.A.: Traffic models for ISDN data users: office automation application. In: Jensen, A., Iversen, B. (eds.) Teletraffic and Data Traffic in a Period of Change, ITC 13, pp. 167–172. Elsevier, Amsterdam
Hong, X., Gerla, M., Pei, G., Chiang, C.-C.: A group mobility model for ad hoc wireless networks. In: ACM International Workshop on Modeling Analysis and Simulation of Wireless and Mobile Systems, August 1999, pp. 53–60 (1999)
Leung, K.K., Massey, W.A., Whitt, W.: Traffic models for wireless communication networks. IEEE Journal on Selected Areas in Communications 12(8), 1353–1364 (1994)
Cleveland, W.S., Lin, D., Sun, D.: IP packet generation: statistical models for TCP start times based on connection-rate superposition. In: Proceedings of ACM SIGMETRICS 2000 (June 2000)
Erramilli, A., Singh, E.P., Pruthi, P.: Chaotic maps as models of packet traffic. In: Proceedings of the 14th ITC, June 1994, pp. 329–338 (1994)
Erramilli, Singh, R.P.: Application of deterministic chaotic maps to model packet traffic in broadband networks. In: Proceedings of the 7th ITC Specialist Seminar, Morristown, NJ, 8.1.1-8.1.3 (1990)
Astrom, K.J., Hagglund, T.: PID Controllers: Theory, Design, and Tuning (January 1995)
Yu, C.-C.: Autotuning of PID Controllers, p. 1 (1999)
Mankin, A., Massey, D., Wu, C.L., Wu, S.F., Zhang, L.: On Design and Evaluation of Intention- Driven ICMP Traceback. In: IEEE International Conference on Computer Communication and Networks (October 2001)
http://www.isel.ipl.pt/~pribeiro/RC2/DocCisco/QOS/cef_wp.pdf
Fulp, E., Fu, Z., Reeves, D., Wu, S.F., Zhang, X.: Preventing Denial of Service Attacks on Network Quality of Service. In: 2001 DARPA Information Survivability Conference and Exposition (DISCEX 2001) (June 2001)
Computer Emergency Response Team (CERT), Carnegie Mellon University. TCP Syn Flooding and IP Spoofing Attacks (September 1996) CA-96:21
Rizzo, L.: Dummynet: a simple approach to the evaluation of network protocols. ACM Computing Communication Review (January 1997)
Stevens, W.R.: TCP timeout and retransmission. In: TCP/IP Illustrated, vol. 1, pp. 297–322
Jun, M., Safonov, M.: Automatic PID Tuning: An Application of Unfalsified Control, http://citeseer.nj.nec.com/jun99automatic.html
Safonov, M., Tsao, T.: The Unfalsified Control Concept and Learning. IEEE Transactions on Automatic Control 42(6), 843–847 (1997)
Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellovin, S.: ICMP Traceback Messages. Internet Draft (March 2001)
Wang, H., Zhang, D., Shin, K.: Detecting SYN Flooding Attacks. In: Proceedings of IEEE Infocom 2002 (June 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tylutki, M., Levitt, K. (2003). Mitigating Distributed Denial of Service Attacks Using a Proportional-Integral-Derivative Controller. In: Vigna, G., Kruegel, C., Jonsson, E. (eds) Recent Advances in Intrusion Detection. RAID 2003. Lecture Notes in Computer Science, vol 2820. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45248-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-45248-5_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40878-9
Online ISBN: 978-3-540-45248-5
eBook Packages: Springer Book Archive