Please wait a minute...
J4  2010, Vol. 44 Issue (2): 265-270    DOI: 10.3785/j.issn.1008-973X.2010.02.010
魏蔚, 董亚波, 鲁东明
(浙江大学 计算机科学与技术学院, 浙江 杭州 310027)
Multi-resource max-min fairness and support vector machine based DDoS defense
WEI Wei, DONG Ya-bo, LU Dong-ming
(College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China)
 全文: PDF  HTML



Distributed denial of service (DDoS) attack was defended by distributed filtering. Distributed defense was restricted inside autonomous system (AS), which was a suitable bound for defense. Both bandwidth and processing capability of victim were considered. The filtering threshold was dynamically adjusted in AS edge according to the throughput of victim in support vector machine (SVM)-based multi-resource max-min fairness (SMMF) algorithm. Then SMMF achieved multi-resource max-min fairness and was much effective. Simulation results demonstrate that attacking traffic can be depressed in a common scenario and the legitimate throughput can be kept in a normal level when current methods fail. A realization of filters on PC-based router indicates that only a very small amount of memory is needed and the packet throughput is still normal when thousands of filters are installed.

出版日期: 2010-03-09
:  TP 393.08  


通讯作者: 董亚波,男,副教授.     E-mail:
作者简介: 魏蔚(1983—),男,河南固始人,博士生,从事网络安全技术研究.
E-mail Alert


魏蔚, 董亚波, 鲁东明. 基于支持向量机和多资源最大最小公平的DDoS防御[J]. J4, 2010, 44(2): 265-270.

WEI Wei, DONG E-Bei, LU Dong-Meng. Multi-resource max-min fairness and support vector machine based DDoS defense. J4, 2010, 44(2): 265-270.


[1]  WAN K K K, CHANG R K C. Engineering of a global defense infrastructure for ddos attacks [C] // Proceedings of 10th IEEE International Conference on Networks. Pairs: IEEE, 2002: 419427.
[2] MAHAJAN R, BELLOVIN S. M, FLOYD S, et al. Controlling high bandwidth aggregates in the network [J]. Computer Communication Review, 2002, 32(3): 6273.
[3] KEROMYTIS A D, MISRA V, RUBENSTEIN D. SOS: secure overlay services [J]. Computer Communication Review, 2002, 32(4): 6172.
[4] YAAR A, PERRIG A, SONG D. Pi: a path identification mechanism to defend against ddos attacks [C] // Proceedings of Symposium on Security and Privacy. San Diego: IEEE, 2003: 93107.
[5] YANG X W, WETHERALL D, ANDERSON T. A DoS limiting network architecture [J]. Computer Communication Review, 2005, 35(4): 241252.
[6] DUAN Z, YUAN X, CHANDRASHEKAR J. Constructing inter-domain packet filters to control IP spoofing based on BGP updates [C] // Proceedings of IEEE Infocom. Barcelona: IEEE, 2006: 112.
[7] PARK K, LEE H. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets [J]. Computer Communication Review, 2001, 31(4): 1526.
[8] CHEN S, SONG Q. Perimeter-based defense against high bandwidth DDoS attacks [J]. IEEE Transactions on Parallel and Distributed Systems, 2005, 16(6): 526537.
[9] YAU D K Y, LUI J C S. Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles [J]. IEEE/ACM Transactions on Networking, 2005, 13(1): 2942.
[10] JAFFE J. Bottleneck flow control [J]. IEEE Transactions on Communications, 1981, 29(7): 954962.
[11] KELLY F. Charging and rate control for elastic traffic [J]. Europen Transactions on Telecommunications, 1997, 8(1): 3337.
[12] CAO Z, ZEGURA E W. Utility max-min: an application-oriented bandwidth allocation scheme [C] // Proceedings of IEEE Infocom. New York: IEEE, 1999: 793801.
[13] ZHOU Y, SETHU H. On achieving fairness in the joint allocation of processing and bandwidth resources: principles and algorithms [J]. IEEE/ACM Transactions on Networking, 2005, 13(4): 10541067.
[14] HSU C W, LIN C J. A comparison of methods for multi-class support vector machines [J]. IEEE Transactions on Neural Networks, 2002, 13(2): 415425.
[15] PAPPU P, WOLF T. Scheduling processing resources in programmable routers [C] // Proceedings of IEEE Infocom. New York: IEEE, 2002: 104112.

[1] 徐昶, 寿黎但, 陈刚, 胡天磊. 一种基于闪存的数据库复合存储模型[J]. J4, 2012, 46(2): 294-300.
[2] 吴羽, 盛振华, 寿黎但, 陈刚. TrigSigs:一种有效的非结构化记录关联合并算法[J]. J4, 2010, 44(12): 2284-2290.
[3] 寿黎但, 廖定柏, 徐昶, 陈刚. PWLRU: 一种面向闪存数据库的缓冲区存取算法[J]. J4, 2010, 44(12): 2257-2262.
[4] 皮俊波, 陈珂, 陈刚, 董金祥. 基于用户兴趣模型两段式排序的隐私保护方法[J]. J4, 2010, 44(9): 1659-1665.