Defending Against Distributed Denial-of-Service Attacks With Weight-Fair Router Throttling

A high profile internet server is always a target of denial-of-service attacks. This paper proposes a novel technique for protecting an internet server from distributed denial-of-service attacks. The defense mechanism is based on a distributed algorithm that performs weight-fair throttling at the upstream routers. The throttling is weight-fair because the traffics destined for the server are controlled increased or decreased) by the leaky-buckets at the routers based on the number of users connected, directly or through other routers, to each router. To the best of the knowledge, this is the first weight-fair technique for saving an internet server from denial-of-service attacks.