DDoS mitigation

About: DDoS mitigation is a research topic. Over the lifetime, 237 publications have been published within this topic receiving 8082 citations.

Fuzzy Logic based Application Layer DDoS Mitigation System in Cloud

Abstract: Cloud Computing is at the forefront of Information Technology and has revolutionized computing in many ways. As numerous enterprises move into the cloud, the chances of being targeted by attacks especially Application Layer Distributed Denial of Service (DDoS) attacks will increase dramatically. Such attacks are capable of exhausting a victim's resources (such as servers, network, storage and applications), denying access and overloading with bogus requests, resulting in significant economic loss. Unlike the traditional DDoS attacks which occur at the network layer, these attacks occur at the application layer where the detection is comparatively difficult, since the attacker already has a valid connection to the victim server. Fuzzy logic is a precise algorithm for imprecise system that plays an important role in decision making process of the incoming HTTP requests to decide whether the request is malicious or genuine. Hence, a Fuzzy Logic based Application Layer Mitigation is necessary to handle such threats for maintaining cloud based services and ensuring availability of enterprise systems. Hence, this thesis is focused on combining evidences of the existing architectures (used for protecting and tracing DDoS attacks) as well as filtering malicious requests using DDoS mitigation systems and Fuzzy Logic.

Internet of things DDoS mitigation. Preventing DDoS attacks using learning algorithms on limited hardware

Abstract: ddos attacks are becoming more andmore common, and threatens the current infrastructure of the internet. Cheap new iot devices have led to a lot of new devices that are poorly secured and can easily be compromised and used for such nefarious purposes. While there are many attempts at solving this problem this thesis looks at a solution which could be applied to typical home router. This would stop malicious traffic before even hitting the internet, as a compliment to the greater effort. iot devices typically have fairly simple traffic patterns during normal operations. The system tries to learn these patterns in order to block traffic which would be outside of normal. A home router however is an extremely limited device from a hardware perspective, so a balance has to be struck between learning capability and resource consumption. This becomes especially apparent when considering that most of the chips in home routers doesn’t even support floating point operations, which are commonly used for various learning methods. The proposed system, with the accompanying implementation, shows promising results throughout the testing suite while remaining very low in resource consumption. However dealing with false negatives and implementing the result in a qos algorithm are still difficult questions. Over all however the solution shows promise and by implementing something like this along with other existing ddos mitigation efforts a substantial dent can be made in the viability of these attacks.