Please wait a minute...
J4  2010, Vol. 44 Issue (2): 265-270    DOI: 10.3785/j.issn.1008-973X.2010.02.010
Multi-resource max-min fairness and support vector machine based DDoS defense
WEI Wei, DONG Ya-bo, LU Dong-ming
(College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China)
Download:   PDF(0KB) HTML
Export: BibTeX | EndNote (RIS)      


Distributed denial of service (DDoS) attack was defended by distributed filtering. Distributed defense was restricted inside autonomous system (AS), which was a suitable bound for defense. Both bandwidth and processing capability of victim were considered. The filtering threshold was dynamically adjusted in AS edge according to the throughput of victim in support vector machine (SVM)-based multi-resource max-min fairness (SMMF) algorithm. Then SMMF achieved multi-resource max-min fairness and was much effective. Simulation results demonstrate that attacking traffic can be depressed in a common scenario and the legitimate throughput can be kept in a normal level when current methods fail. A realization of filters on PC-based router indicates that only a very small amount of memory is needed and the packet throughput is still normal when thousands of filters are installed.

Published: 09 March 2010
CLC:  TP 393.08  
Cite this article:

WEI Wei, DONG E-Bei, LU Dong-Meng. Multi-resource max-min fairness and support vector machine based DDoS defense. J4, 2010, 44(2): 265-270.

URL:     OR



[1]  WAN K K K, CHANG R K C. Engineering of a global defense infrastructure for ddos attacks [C] // Proceedings of 10th IEEE International Conference on Networks. Pairs: IEEE, 2002: 419427.
[2] MAHAJAN R, BELLOVIN S. M, FLOYD S, et al. Controlling high bandwidth aggregates in the network [J]. Computer Communication Review, 2002, 32(3): 6273.
[3] KEROMYTIS A D, MISRA V, RUBENSTEIN D. SOS: secure overlay services [J]. Computer Communication Review, 2002, 32(4): 6172.
[4] YAAR A, PERRIG A, SONG D. Pi: a path identification mechanism to defend against ddos attacks [C] // Proceedings of Symposium on Security and Privacy. San Diego: IEEE, 2003: 93107.
[5] YANG X W, WETHERALL D, ANDERSON T. A DoS limiting network architecture [J]. Computer Communication Review, 2005, 35(4): 241252.
[6] DUAN Z, YUAN X, CHANDRASHEKAR J. Constructing inter-domain packet filters to control IP spoofing based on BGP updates [C] // Proceedings of IEEE Infocom. Barcelona: IEEE, 2006: 112.
[7] PARK K, LEE H. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets [J]. Computer Communication Review, 2001, 31(4): 1526.
[8] CHEN S, SONG Q. Perimeter-based defense against high bandwidth DDoS attacks [J]. IEEE Transactions on Parallel and Distributed Systems, 2005, 16(6): 526537.
[9] YAU D K Y, LUI J C S. Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles [J]. IEEE/ACM Transactions on Networking, 2005, 13(1): 2942.
[10] JAFFE J. Bottleneck flow control [J]. IEEE Transactions on Communications, 1981, 29(7): 954962.
[11] KELLY F. Charging and rate control for elastic traffic [J]. Europen Transactions on Telecommunications, 1997, 8(1): 3337.
[12] CAO Z, ZEGURA E W. Utility max-min: an application-oriented bandwidth allocation scheme [C] // Proceedings of IEEE Infocom. New York: IEEE, 1999: 793801.
[13] ZHOU Y, SETHU H. On achieving fairness in the joint allocation of processing and bandwidth resources: principles and algorithms [J]. IEEE/ACM Transactions on Networking, 2005, 13(4): 10541067.
[14] HSU C W, LIN C J. A comparison of methods for multi-class support vector machines [J]. IEEE Transactions on Neural Networks, 2002, 13(2): 415425.
[15] PAPPU P, WOLF T. Scheduling processing resources in programmable routers [C] // Proceedings of IEEE Infocom. New York: IEEE, 2002: 104112.

[1] XU Chang, SHOU Li-dan, CHEN Gang, HU Tian-lei. An flash-based hybrid storage model for database[J]. J4, 2012, 46(2): 294-300.
[2] SHOU Li-dan, LIAO Ding-bai, XU Chang, CHEN Gang. PWLRU: a buffer replacement algorithm for flash-based Database[J]. J4, 2010, 44(12): 2257-2262.
[3] WU Yu, SHENG Zhen-hua, SHOU Li-dan, CHEN Gang. TrigSigs: an effective record linkage algorithm for unstructured data[J]. J4, 2010, 44(12): 2284-2290.
[4] PI Dun-Bei, CHEN Ke, CHEN Gang, DONG Jin-Xiang. Privacy protection method based on user profile of two-step sorting[J]. J4, 2010, 44(9): 1659-1665.