DDoS mitigation

About: DDoS mitigation is a research topic. Over the lifetime, 237 publications have been published within this topic receiving 8082 citations.

Volumetric Hierarchical Heavy Hitters

Abstract: Hierarchical heavy hitters (HHH) identification is useful for various network utilities such as anomaly detection, DDoS mitigation, and traffic analysis. However, the increasing support for jumbo frames enables attackers to overload the system with fewer packets, avoiding detection by packet counting techniques. This paper suggests an efficient algorithm for detecting HHH based on their traffic volume that asymptotically improves the runtime of previous works. We implement our algorithm in Open vSwitch (OVS) and incur a 4-6% overhead compared to a 42% throughput reduction experienced by the state-of-the-art.

A Distributed Denial of Service Testbed

Abstract: The Denial of Service Testing Framework (dosTF) being developed as part of the joint India-Australia research project for ’Protecting Critical Infrastructure from Denial of Service Attacks’ allows for the construction, monitoring and management of emulated Distributed Denial of Service attacks using modest hardware resources. The purpose of the testbed is to study the effectiveness of different DDoS mitigation strategies and to allow for the testing of defense appliances. Experiments are saved and edited in XML as abstract descriptions of an attack/defense strategy that is only mapped to real resources at run-time. It also provides a web-application portal interface that can start, stop and monitor an attack remotely. Rather than monitoring a service under attack indirectly, by observing traffic and general system parameters, monitoring of the target application is performed directly in real time via a customised SNMP agent.

Adaptable feature-selecting and threshold-moving complete autoencoder for DDoS flood attack mitigation

Abstract: DDoS attacks remain one of the top cyber threats targeting the financial, health care, retail, gaming, and political sectors, which affects Internet service disruption, data or monetary loss. Security experts have predicted that the development of 5G technology will increase the frequency and the vector of DDoS attacks. Moreover, enhanced DDoS attack technology utilises artificial intelligence [1], which will escalate the level of difficulty to identify malicious traffic correctly to mitigate the attack effectively. The Internet service provider (ISP) is the connector between the users and the Internet. Deploying DDoS mitigation systems within the ISP domain can offer an efficient solution. Therefore, we propose a dynamic learning system (DLS) for the ISP. The DLS is an unsupervised ensemble model using the Complete Autoencoder (CA) as base learners to classify network traffic. The utmost difference between the CA and the regular Autoencoder is that the CA exploits the imbalanced characteristic of the attack data to generate a binary classification via a class switch. When the predicted number of normal IP addresses is over 50% of the total IP addresses, the CA swaps the class of the IP addresses. The CA is directed by a reference object (RO), which is either a reference limit or the mean of a reference error function ( R L 1 ¯ ), to furnish the automation to the DLS. The DLS was trained with a TCP-ICMP flood attack and tested with a UDP-TCP and a UDP-TCP-ICMP flood attack data set. The average Recall, Precision and F1 Score are all above 0.97. Additionally, the DLS outperformed the K-means and the Self-Organising Map models on a UDP flood attack data set.

SDN-based DDoS Attack Mitigation Scheme using Convolution Recursively Enhanced Self Organizing Maps

Abstract: In a cloud computing environment, the Distributed Denial of Service (DDoS) attack is considered as the crucial issue that needs to be addressed in ensuring the availability of resources that emerge due to the compromisation of hosts. The process of detecting and preventing DDoS attacks is determined to be predominant when the potential benefits of decoupling data plane from the control plane are facilitated through the Software Defined Networking (SDN) in the cloud environment. The incorporation of SDN in DDoS mitigation also enhances the probability of investigating the data traffic flow using the reactive process of updating forwarding rules, analyzing the network with a global view and centralized control in monitoring for better DDoS mitigation enforcement. In this paper, a Convolution Recursively Enhanced Self Organizing Map and Software Defined Networking-based Mitigation Scheme (CRESOM-SDNMS) is proposed for ensuring the better rate of detection during the process of preventing DDoS attacks in clouds. This proposed CRESOM-SDNMS facilitates a predominant option in resolving the issue of vector quantization with enhanced topology preservation and the superior initialization mechanism during the process of SOM-based categorization of flooded data traffic flows into genuine and malicious. The simulation experiments and results of the proposed CRESOM-SDNMS confirmed a superior classification accuracy of around 21% when compared to the existing systems with minimized False Positive rate of 19% compared to the benchmarked DDoS mitigation schemes of the literature.