Tackling congestion to address distributed Denial of Service: A push-forward mechanism

Srinivasan Krishnamoorthy, Partha Dasgupta

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Distributed Denial of Service attacks prevent legitimate users from accessing a target machine or the service a target machine provides. One common method of attack is overwhelming the target machine with a large volume of traffic. Thus, handling congestion indirectly leads to detection and recovery from Distributed Denial of Service attacks. The Internet is an interconnected collection of Autonomous Systems. Every host on an Autonomous System connects to the Internet through an Access Router. Monitoring the rate of packets to and from a host, at the Access Router, helps in identifying Distributed Denial of Service attacks initiated at the host. Monitoring every Access Router leads to an effective Distributed Denial of Service prevention, but is infeasible. An alternative is a combination of Access Router monitoring and Intermediate Router monitoring with a novel Push-Forward mechanism that provides good defense within manageable deployment requirements. Push-Forward messages reduce the amount of traffic to monitor at the Intermediate Routers. Prototype testing and simulations of such a combination reveal good congestion detection and recovery time with very little performance overhead.

Original languageEnglish (US)
Title of host publicationGLOBECOM - IEEE Global Telecommunications Conference
Number of pages6
StatePublished - 2004
EventGLOBECOM'04 - IEEE Global Telecommunications Conference - Dallas, TX, United States
Duration: Nov 29 2004Dec 3 2004


OtherGLOBECOM'04 - IEEE Global Telecommunications Conference
Country/TerritoryUnited States
CityDallas, TX

ASJC Scopus subject areas

  • Engineering(all)


Dive into the research topics of 'Tackling congestion to address distributed Denial of Service: A push-forward mechanism'. Together they form a unique fingerprint.

Cite this