We present Backward Traffic Throttling (BTT), an efficient, decentralized mechanism for congestion and bandwidth-flooding attacks mitigation. Upon congestion, BTT employs three basic mechanisms to throttle excessive traffic, namely: prioritize legitimate flows, shape traffic, and request upstream BTT nodes to similarly prioritize and shape traffic. Flow prioritizing parameters are determined independently by each BTT server, based on typical traffic estimations. BTT is easily deployed: it requires no changes to routers, and does not modify traffic. Instead, BTT configures routers' queuing discipline and traffic shapers. Both simulation and testbed experiments were performed to asses the effectiveness of BTT during distributed denial-of-service (DDoS) attacks. Results show that even limited BTT deployment alleviates attacks damage and allows legitimate TCP traffic to sustain communication, whereas larger deployments maintain larger portions of the original bandwidth.
展开▼