Mitigating distributed denial of service attacks using a proportional-integral-derivative controller

Abstract

Distributed Denial of Service (DDoS) attacks exploit the availability of servers and routers, resulting in the severe loss of their connectivity. We present a distributed, automated response model that utilizes a Proportional-Integral-Derivative (PID) controller to aid in handling traffic flow management. PID control law has been used in electrical and chemical engineering applications since 1934 and has proven extremely useful in stabilizing relatively unpredictable flows. This model is designed to prevent incoming traffic from exceeding a given threshold, while allowing as much incoming, legitimate traffic as possible. In addition, this model focuses on requiring less demanding modifications to external routers and networks than other published distributed response models that impact the effect of DDoS attacks. © Springer-Verlag Berlin Heidelberg 2003.