Denial of Service (DoS) and Distributed DoS (DDoS) attacks have proven to be increasing threats to our digital world. There aremany approaches for trying to deal with these threats. With significant overhead and computational complexity, some of these methods can limit the effects of DoS and DDoS in some cases. However they cannot handle scenarios such as when both end hosts collude or when the route of the packets change. Here we present a noble packet accounting system (PAS) to deal with DoS and DDoS. The main idea of PAS is that if every packet is accounted or paid for, then the DoS and DDoS problem reduces into a congestion control and fairness problem. It can then be dealt with by finding better routes or adjusting the sending rates. Hence PAS can also serve as a congestion control and routing scheme with packet pricing. Our scheme can be implemented in the current Internet with few additional features to the current network infrastructure. Preliminary numerical NS2 simulation results show that our scheme can outperform TVA, a well known DoS mitigation approach. We are working on real implementation of PAS prototype.
展开▼
