scispace - formally typeset
Search or ask a question

Showing papers on "DDoS mitigation published in 2013"


Journal ArticleDOI
TL;DR: The primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
Abstract: Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.

1,153 citations


22 May 2013
TL;DR: This paper investigates effective solutions to mitigate Interest flooding and shows that NDN's inherent properties of storing per packet state on each router and maintaining flow balance provides the basis for effective DDoS mitigation algorithms.
Abstract: Distributed Denial of Service (DDoS) attacks are an ongoing problem in today's Internet, where packets from a large number of compromised hosts thwart the paths to the victim site and/or overload the victim machines. In a newly proposed future Internet architecture, Named Data Networking (NDN), end users request desired data by sending Interest packets, and the network delivers Data packets upon request only, effectively eliminating many existing DDoS attacks. However, an NDN network can be subject to a new type of DDoS attack, namely Interest packet flooding. In this paper we investigate effective solutions to mitigate Interest flooding. We show that NDN's inherent properties of storing per packet state on each router and maintaining flow balance (i.e., one Interest packet retrieves at most one Data packet) provides the basis for effective DDoS mitigation algorithms. Our evaluation through simulations shows that the solution can quickly and effectively respond and mitigate Interest flooding.

366 citations


Journal Article
TL;DR: Goodput of Datacenter has been improved by detecting and mitigating the incoming traffic threats at each stage and simulation results proved that the Enhanced Entropy approach behaves better at DDoS attack prone zones.
Abstract: Distributed Denial of Service (DDoS) attack launched in Cloud computing environment resulted in loss of sensitive information, Data corruption and even rarely lead to service shutdown. Entropy based DDoS mitigation approach analyzes the heuristic data and acts dynamically according to the traffic behavior to effectively segregate the characteristics of incoming traffic. Heuristic data helps in detecting the traffic condition to mitigate the flooding attack. Then, the traffic data is analyzed to distinguish legitimate and attack characteristics. An additional Trust mechanism has been deployed to differentiate legitimate and aggressive legitimate users. Hence, Goodput of Datacenter has been improved by detecting and mitigating the incoming traffic threats at each stage. Simulation results proved that the Enhanced Entropy approach behaves better at DDoS attack prone zones. Profit analysis also proved that the proposed mechanism is deployable at Datacenter for attack mitigation and resource protection which eventually results in beneficial service at slenderized revenue

31 citations


Proceedings ArticleDOI
25 Mar 2013
TL;DR: A multi-stage detection to more precisely detect the possible attackers and a text-based turing test with question generation module to challenge the suspected requesters who are detected by the detection module to mitigate the DDoS traffic from the Internet.
Abstract: An important trend in the computer science is towards Cloud Computing and we can see that many cloud services are proposed and developed in the Internet. An important cloud service like the IaaS as AWS EC2 can help many companies to build data centers with high performance computing resources and reduce the cost of maintaining the computing hardware. A data center which provides internet service may suffer from many security risks including Distributed Denial of Service (DDOS) attack. We believe that most of the cloud services, like Gmail, Drop box, Google Document, and etc., are based on HTTP connection. Hence, we aim at HTTP-based connection and propose a low reflection ratio mitigation system against the DDoS attacks. Our system is in the front of an IaaS that all of the virtual data centers in the IaaS are our protection targets. Our system consists of Source Checking, Counting, Attack Detection, Turing Test, and Question Generation modules. We provide a multi-stage detection to more precisely detect the possible attackers and a text-based turing test with question generation module to challenge the suspected requesters who are detected by the detection module. We implemented the proposed system and evaluated the performance to show that our system works efficiently to mitigate the DDoS traffic from the Internet.

30 citations


Patent
26 Aug 2013
TL;DR: In this paper, a collapse of a virtual data circuit associated with network data traffic is attributed to the DDoS event and redirecting the network traffic to one or more DDoS mitigation services.
Abstract: Provided are methods and systems for mitigating a DDoS event. The method may comprise receiving an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. In response to the received indication of the collapse, the collapse may be attributed to the DDoS event. Furthermore, the method may comprise redirecting the network data traffic to one or more DDoS mitigation services. The method may further comprise mitigating the DDoS event by the one or more DDoS mitigation services.

23 citations


Patent
16 Jul 2013
TL;DR: In this paper, several methods are disclosed for detecting and mitigating Distributed Denial-of-Service (DDoS) attacks that are intended to exhaust network resources, using DDoS mitigation devices.
Abstract: Several methods are disclosed for detecting and mitigating Distributed Denial-of-Service (DDoS) attacks that are intended to exhaust network resources. The methods use DDoS mitigation devices to detect DDoS attacks using operationally based thresholds. The methods also keep track of ongoing attacks, have an understanding of “protected IP space,” and activate appropriate mitigation tactics based on the severity of the attack and the capabilities of the DDoS mitigation devices.

8 citations


Journal ArticleDOI
TL;DR: Experimental results showed that deploying websites under the guidance of SD algorithm can significantly reduce the pressure of servers during DDoS attacks.
Abstract: In this paper, we built up a simulated environment to research the performances of Content Distribution Networks CDN under DDoS attack. In order to research how to enhance CDN's ability of resisting DDoS attacks, a mathematical model of websites deployment was built. Based on the mathematical model, we proposed a website deploying algorithm SD algorithm which can be used by CDN service providers to make website deployment plans. Experimental results showed that deploying websites under the guidance of SD algorithm can significantly reduce the pressure of servers during DDoS attacks.

3 citations


Proceedings ArticleDOI
01 Dec 2013
TL;DR: An SQL DDoS Mitigator device that focuses on preventing such attacks targeting SQL database resources, built on “Xilinx Virtex-II Pro 50” FPGA based NetFPGA-1G platform and achieved a throughput of 400 Kilo Packets/s in a 1 Gbps network.
Abstract: A Distributed Denial-of-Service attack is an attempt to make a computer resource unavailable to its intended users. Typically, a large number of bots are triggered by an attacker simultaneously to create a huge load on a web server and bring it down. However, when processing SQL queries on a web server, owing to huge resource requirements, even a small number of queries from smaller set of bots can create huge load on the server. Such sophisticated application layer attacks go undetected by network security solutions under deployment today. Therefore, we propose an SQL DDoS Mitigator device that focuses on preventing such attacks targeting SQL database resources. It can parse packets at line speed, with a maximum latency of 20μs for detecting HTTP GET packets with embedded SQL queries. The query pattern information for requester IP addresses are stored in a red-black tree data structure. Clients crossing the limit of server load, dynamically set on the basis of server state, will be re-directed to a CAPTCHA server for identification of bots. The IPs confirmed as bots are black-listed for a configurable timeout period. The complete system, except the CAPTCHA server, is built on “Xilinx Virtex-II Pro 50” FPGA based NetFPGA-1G platform. The device achieved a throughput of 400 Kilo Packets/s in a 1 Gbps network.

2 citations



Proceedings ArticleDOI
01 Dec 2013
TL;DR: This paper significantly extends the underlying cryptographic approach so as to support disclosure not only for threshold-based policies, but for more general (monotone) access structures.
Abstract: Defensive techniques against Internet-scale attacks can significantly benefit from sharing network security data among different domains. One compelling example, proposed in this paper, is the case of whitelists for DDoS mitigation, where domains broadcast, for each possible DDoS target (!), the set of legitimate customers (client IP addresses) whose traffic should not be blocked while a DDoS attack is in progress. However, such a fine-grained whitelist sharing approach appears hardly appealing (to say the least) to operators; not only the indiscriminate sharing of customers' addresses raises privacy concerns, but also it discloses, to competitor domains, business critical information on the identity and activity of customers. In a previous work, we proposed a cryptographic approach called “conditional data sharing”, devised to permit disclosure of cross-domain shared fine-grained organized subsets of network monitoring data, only when a threshold number of domains are ready to reveal their data. In this paper, we cast such technique to a realistic scenario of whitelist sharing for DDoS mitigation, and we significantly extend the underlying cryptographic approach so as to support disclosure not only for threshold-based policies, but for more general (monotone) access structures.

1 citations