A Threshold Adaptation Mechanism for Detecting and Filtering Low-Rate DDoS Attacks
Main Article Content
Abstract
TCP-targeted low-rate distributed denial-of-service (LDDoS) attacks pose a serious challenge to the reliability and security of the Internet. Among various proposed solutions, we are particularly interested in the Congestion Participation Rate (CPR) metric and the CPR-based approach. Through a simulation study, we show that if the algorithm makes use of a fixed CPR threshold, it cannot simultaneously preserve high TCP throughput under attacks and achieve good fairness performance for TCP flows in attack-free periods. Then, we propose a method for adaptively changing the threshold over time to obtain both the objectives. Simulation results show that our adaptive CPR-based approach can effectively protect TCP flows under attacks while keeping fairness for the flows when attacks are not present.