DDoS mitigation

About: DDoS mitigation is a research topic. Over the lifetime, 237 publications have been published within this topic receiving 8082 citations.

Cooperative Mitigation of DDoS Attacks Using an Optimized Auction Scheme on Cache Servers

Abstract: Distributed Denial of Service (DDoS) attack is one of the most prevalent attacks on the internet today which attacks the availability of the server by resource and bandwidth depletion exhaustion. Many mechanisms exist to fight against DDoS attack, a set of which are the cooperative defense mechanisms which work in a distributed manner and are more robust. This work makes use of one of the latest meta-heuristic optimization techniques, Whale Optimization Algorithm (WOA) to find underutilized internet cache servers which are in best position to absorb DDoS flood. These multiple caches will absorb a part of the attack flood thus preventing the victim’s network from getting congested. For effective allocation of these cache resources a Continuous Double Auction (CDA) mechanism is applied. It is more flexible and efficient as it allows simultaneous bidding by sellers and buyers. The cache servers are selected through multi-objective WOA in MATLAB and then the auction platform is set-up using Actor Model. In cooperative defense, selection of a pricing strategy which maximizes collateral profit is very important so a round-wise bidding strategy is implemented which promotes long-term participation. For evaluation of the scheme, the workload traces of distributed servers are used to generate three scenarios under different attack load conditions. Depending on the supply-demand of free cache resources, the results show that the proposed algorithm has high detection rate of close optimum solutions. This leads to increased throughput because the attack traffic is not only shared, but is shared in a balanced way.

Low Rate Denial of Service (LDoS) Attack

Abstract: The detection of LDoS is very much necessary in today’s scenario where world is coming closer and systems are prone to more attacks. This research work aims at providing a comprehensive detection mechanism to isolate the legitimate user from the attacker and free resources so that it could be properly utilised. Existing DoS attack detection tools are unable to detect Low rate DoS (LDoS) attacks. Many researchers have proposed mechanisms to detect LdoS attack. But they require modifications to the existing infrastructure or protocols which is not practical. There should be a lightweight mechanism which could be integrated with existing Intrusion Detection Systems. This project proposes a lightweight software-based approach for LdoS detection which could be integrated with existing Intrusion detection system and does not require any change in existing infrastructure and protocol. This research report comprises of various techniques currently available for detecting Low rate DoS attacks and compares them on various parameters.Then we propose the algorithm alongwith the experimental setup used to implement the same.Experimental results are provided to support the effectiveness and efficiency of proposed mechanism. Few References [1] Amey Shevtekar, Karunakar Anantharam, and Nirwan Ansari, “Low Rate TCP Denial-of-Service Attack Detection at Edge Routers”, IEEE COMMUNICATIONS LETTERS, VOL. 9, NO. 4 (2005) [2] A. Kuzmanovic and E. Knightly, “Low-Rate TCP -Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants)”, Proc. ACM SIGCOMM pp. 75-86 ( 2003) [3] Wuhan, Hubei, “Detection of Low-rate DDoS Attack Based on Self-Similarity”, China in 2010 Second International Workshop on Education Technology and Computer Science (March 06-March 07) [4] Gautam Thatte , Urbashi Mitra and John Heidemann, “Detection of Low-Rate Attacks in Computer Networks”, University of Southern California IEEE (2005) [5] Aditya Akella Ashwin Bharambe Mike Reiter Srinivasan Seshan, “Detecting DDoS Attacks on ISP Networks”, Carnegie Mellon University [6] Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants In: Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications Pages: 75 - 86 Year of Publication: ISBN: 1-58113-735-4 (2003) [7] Haibin Sun,John C.S. Lui, David K.Y. Yau, “Defending Against Low-rate TCP Attacks: Dynamic Detection and Protection”, Proceedings of the 12th IEEE International Conference on Network Protocols (2004) [8] Zenghui Liu , Liguo Gua, “Attack simulation and signature extraction of low-rate DoS.”, 3rd International Symposium on Intelligent Information Technology and Security Informatics IEEE 2010 Computer Society (2010) [9] Sandeep Sarat and Andreas Terz, “On the Effect of Router Buffer Sizes on Low-Rate Denial of Service Attacks”, IEEE Computer Society (2005) [10] G. Yang, M. Gerla, and M. Y. Sanadidi, “Defense against low rate tcp-targeted denial-of-service attacks”, ISCC ’04 Proceedings of the Ninth International Symposium on Computers and Communications 2004 Volume 2 (ISCC”04), pages 345–350, Washington, DC, USA. IEEE Computer Society (2004) [11] C. Jin, H. Wang and K. Shin: Hop-Count Filtering, “An Effective Defense against Spoofed DoS Traffic”, ACM CCS (2003) [12] J.C.C. Rodriguez, A.P. Briones and J.A. Nolazco, “Dynamic DDoS Mitigation based on TTL field using fuzzy logic”, CONIELECOMP ’07, Mexico (2007) [13] Petros Efstathopoulos, “Practical Study of a Defense against Low-Rate TCP-Targeted DoS Attack”, IEEE (2009)

Adaptive self-optimzing DDoS mitigation

Abstract: A system for mitigating network attacks includes a protected network including a plurality of devices The system further includes attack mitigation devices communicatively coupled to the protected network The mitigation devices are configured to receive network data packets from external devices attempting to access protected devices in the protected network The attack mitigation devices are further configured to periodically analyze effectiveness of each of a plurality of packet analysis sections Each of the plurality of packet analysis sections includes a plurality of packet analysis instructions and is associated with a counter configured to count number of packets dropped by a corresponding analysis section The attack mitigation devices are further configured to disable one or more of the plurality of packet analysis sections responsive to the performed analysis and to analyze the received network data packets by utilizing only enabled one or more of the plurality of the packet analysis sections

Building a Traffic Policer for DDoS Mitigation on Top of Commodity Hardware

Abstract: Traffic policing is the process of ensuring that network traffic complies with its policies with methods like traffic shaping. As the distribution of sources involved in a DDoS attack differs significantly from the typical distribution of customers for web services, traffic shapers and policers can be used in DDoS mitigation. In the past, software-based middleboxes, like traffic shapers, easily became overloaded and therefore a vulnerability for DDoS attacks. Although recent advances in network stack design on commodity hardware increased the performance, the software on top of the network stack also needs to provide adequate throughput and scalability regarding the number of limited subnets. Therefore, we build a high-performance and scalable traffic policer called MoonPol and evaluated it in a DDoS mitigation scenario. MoonPol runs on any commodity hardware, takes advantage of the underlying framework, DPDK, and combines it with appropriate algorithms and data structures. Data structures for efficient lookups are implemented together with the token bucket algorithm to police a traffic of fine-grained IP address ranges. Benchmarking results show that the single core throughput of the policer running on a 3.2 GHz CPU, is 6.5 Mpps with limiting 1 Million subnets, i.e., 492 CPU cycles per packet. With 250K subnets of all countries in the world, the throughput is 6.66 Mpps.

STDC: A SDN-Oriented Two-Stage DDoS Detection and Defence System Based on Clustering

Abstract: DDoS has now become the most severe security problem of the Internet Without in time report, DDoS attack can knock down the victim in no time by exhausting the victim's computing and communicating resources In this paper we propose STDC-a DDoS defense system STDC is a two-stage system based on clustering In the first stage STDC leverage the benefit of SDN and NFV to apply flow-based detection method STDC use the flow information gathered to do clustering Since we use cluster analysis as the basic detection algorithm, STDC can separate the DDoS attacks from the legitimate flush crowd easily In the second stage, we extract attack traffic pattern from the clustering result of the first stage to make blocking rules and use the structure of SDN to quickly dispatch them to achieve effictive and efficient DDoS mitigation We test STDC using public DDoS dataset and the traffic captured through the gateway Both of the experiments achieve good detection percision and high filtering ratio