DDoS mitigation

About: DDoS mitigation is a research topic. Over the lifetime, 237 publications have been published within this topic receiving 8082 citations.

Using whitelisting to mitigate DDoS attacks on critical Internet sites

Abstract: As DDoS attackers pursue monetary profit, critical Internet sites (CISs) become a good target. These attacks will be more difficult to defend because the botnet size continuously increases, and the attackers spare no pains in preparing the attacks. Under this new paradigm, current anti-DDoS systems may be fooled; we need a new survival strategy. We propose a novel DDoS mitigation scheme for CISs. We observe that CISs can continue their main businesses if most important clients can access the services. This motivates us to build a whitelist, called a VIP list in this article, and the source addresses in the list are given higher priority when the CIS is under attack. The VIP list is built from the previous login logs of authentication processes at the application layer. The experimental results show that the proposed scheme effectively mitigates DDoS attacks.

Leveraging SDN for collaborative DDoS mitigation

Abstract: In this paper we propose a collaborative distributed denial of service (DDoS) attack mitigation scheme using SDN. We design a secure controller-to-controller (C-to-C) protocol that allows SDN-controllers lying in different autonomous systems (AS) to securely communicate and transfer attack information with each other. This enables efficient notification along the path of an ongoing attack and effective filtering of traffic near the source of attack, thus saving valuable time and network resources. We developed and deployed a prototype of the proposed scheme in our lab to evaluate the performance and efficiency. Based on the experimental results we showed that our SDN based collaborative scheme is capable of efficiently mitigating DDoS attacks in real time with very small computational footprints.

Health monitor based distributed denial of service attack mitigation

Abstract: Provided are methods and systems for mitigating a DDoS event. The method may comprise receiving an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. In response to the received indication of the collapse, the collapse may be attributed to the DDoS event. Furthermore, the method may comprise redirecting the network data traffic to one or more DDoS mitigation services. The method may further comprise mitigating the DDoS event by the one or more DDoS mitigation services.

Per-Host DDoS Mitigation by Direct-Control Reinforcement Learning

Abstract: DDoS attacks plague the availability of online services today, yet like many cybersecurity problems are evolving and non-stationary. Normal and attack patterns shift as new protocols and applications are introduced, further compounded by burstiness and seasonal variation. Accordingly, it is difficult to apply machine learning-based techniques and defences in practice. Reinforcement learning (RL) may overcome this detection problem for DDoS attacks by managing and monitoring consequences ; an agent’s role is to learn to optimise performance criteria (which are always available) in an online manner. We advance the state-of-the-art in RL-based DDoS mitigation by introducing two agent classes designed to act on a per-flow basis, in a protocol-agnostic manner for any network topology. This is supported by an in-depth investigation of feature suitability and empirical evaluation. Our results show the existence of flow features with high predictive power for different traffic classes, when used as a basis for feedback-loop-like control. We show that the new RL agent models can offer a significant increase in goodput of legitimate TCP traffic for many choices of host density.