DDoS mitigation

About: DDoS mitigation is a research topic. Over the lifetime, 237 publications have been published within this topic receiving 8082 citations.

A Multi-Criteria based Software Defined Networking System Architecture for DDoS-Attack Mitigation

Abstract: Nowadays, Software-Defined Networking (SDN) has become a promising network architecture in which network devices are controlled in a separate Control Plane (i.e., SDN controller). In a specific aspect, employing SDN in a network offers an attractive network security solution due to its flexibility in building and adding more new software security rules. From another perspective, attack prediction and mitigation, especially for Distributed Denial of Service (DDoS) attacks, are still challenges in SDN environments since a SDN control system works probably slower than a non-SDN one and the SDN controller can become a target of attacks. In this article, at first, we analyze a real traffic use case in order to derive DDoS indicators and thresholds. Secondly, we design an Openflow/SDN-based Attack Mitigation Architecture that is able to quickly mitigate DDoS attacks on the fly. The design solves the existing problems of the Openflow protocol, reducing the traffic volume traversing over the interface between the data plane (switch) and the control plane (SDN controller) and decreasing the buffer size at the Openflow switch. Applying our proposed Fuzzy Logic-based DDoS Mitigation algorithm that deploys multiple criteria for DDoS detection - FDDoM, the system demonstrates the ability to detect and filter 97% of attack flows and reach a False Positive Rate of 5% that are acceptable figures in real system management. The results also show that the network resource which is required to cope and maintain flow entries is 50% reduced during attack time.

Survey on Recent DDoS Mitigation Techniques and Comparative Analysis

Abstract: Customers trust is the most important factor for an organization success. This trust only builds if customers receive unhindered services from their vendors. A major threat in successfully building a customer-vendor trust relationship exists in the form of Distributed Denial of Service attacks. These attacks have become more evasive and complex with time such that existing security mechanisms are not sufficient to counter them. A lot of techniques are already proposed by various researchers to counter these attacks which have their own application domain, advantages and disadvantages. In this paper we present an extensive survey of recent DDoS mitigation techniques along with their comparative analysis.

DDOS Mitigation Cloud-Based Service

Abstract: Cloud computing has evolved over the last decade from a simple storage service for more complex ones, offering software as a service (SaaS), platforms as a service (PaaS) and most recently security as a service (SECaaS). The work presented in this paper is a response to: (1) the resource constraints in physical security devices such as firewalls or IPS/IDS, that can no more counter advanced DDOS attacks, (2) The expensive cost, management complexity and the requirement of high amount of resources on existing DDOS mitigation tools to verify the traffic. We propose a new architecture of a cloud based firewalling service using resources offered by the Cloud and characterized by: a low financial cost, high availability, reliability, self scaling and easy managing. In order to improve the efficiency of our proposal to face DDOS attacks, we deploy, configure and test our mitigation service using Network Function Virtualization technology (NFV) and other virtualization capabilities. We also detail some result and point out future work.

FLF4DoS. Dynamic DDoS Mitigation based on TTL field using fuzzy logic.

Abstract: DoS is an attack which overwhelm victims servers and services. Distributed DoS attacks do not let legitimate users to access services provided by servers. Several techniques have been proposed to mitigate such attacks. Preventive techniques have proven their effectiveness. However, most of those techniques require historic data and training. We propose a dynamic algorithm based on the concept of fuzzy logic applied to hop-count filtering technique to mitigate distributed DoS. Very promising results of this technique is shown through this paper