RateGuard: A robust Distributed Denial of Service (DDoS) defense system

Huizhong Sun, Wingchiu Ngan, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution


One of the major threats to cyber security is the Distributed Denial-of-Service (DDoS) attack. In this paper, we focus on three kinds of sophisticated DDoS attacks that seriously cripple the current DDoS defense systems and have not been solved yet. In Fast Adaptive Attacks (FAAs), attackers adaptively generate attacking traffic based on the feedback from a victim in Round Trip Time (RTT). Almost all proposed rules-based filtering schemes cannot effectively defend against FAAs, since they need a relatively long time (compared to RTT) to update filtering rules. In Adaptive Attacks with statistical filtering rules Scanning (AAS), attackers circumvent the defense system by discovering the statistical filtering rules of the defense system and then generating flooding traffic to mimic nominal traffic. In Low-Rate TCP Attacks (LRAs), attackers send periodic attack pulses to overflow a router's buffer and force the legitimate TCP flow to a low throughput while staying under the radar with a very low average rate. In this paper, we propose a Leaky-Bucket (LB) based highly robust DDoS defense system, called RateGuard. It can react to FAAs and LRAs by rate-limiting excessive traffic in real-time according to the victim's nominal traffic profile. Moreover, by associating an LB with each joint attribute value, the huge space required for possible joint attribute values makes it almost impossible for attackers to scan the victim's nominal traffic profiles and, thus, makes it highly robust to cope with AAS and other sophisticated attacks.

Original languageEnglish (US)
Title of host publicationGLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference
StatePublished - 2009
Event2009 IEEE Global Telecommunications Conference, GLOBECOM 2009 - Honolulu, HI, United States
Duration: Nov 30 2009Dec 4 2009

Publication series

NameGLOBECOM - IEEE Global Telecommunications Conference


Other2009 IEEE Global Telecommunications Conference, GLOBECOM 2009
Country/TerritoryUnited States
CityHonolulu, HI


  • Distributed denial-of-service attack
  • Fast adaptive attacks
  • Low-rate TCP attacks
  • Statistical filtering rules

ASJC Scopus subject areas

  • Electrical and Electronic Engineering


Dive into the research topics of 'RateGuard: A robust Distributed Denial of Service (DDoS) defense system'. Together they form a unique fingerprint.

Cite this