In this paper, the characteristics of Client/Server interaction behaviors under normal web access and typical DoS/DDoS attack are analyzed. A simple local rate-limiting method called Behavior-based Ingress Rate-limiting (BIR) mechanism is proposed, by which the client-end host's inbound and outbound traffics are monitored. Bursts of the traffics are suppressed by a local transmission delay mechanism. The principle and implementation are described. Simulations are performed to validate its efficacy. Finally, the approach's potential and limitations are also discussed.
展开▼