Abstract
Distributed Denials of Service (DDoS) attacks are among the most serious threats on the Internet. With large-scale DDoS attacks, it is necessary to stop malicious traffic closer to the attack sources with minimal disruption of legitimate traffic. A responsive defense mechanism that filters potential attack traffic and prevents it from reaching the victim network is developed. First we investigate the features of network traffic that can be used for discriminating attacks from normal traffic, and then use the identified features to develop an accurate and robust signature-based filtering model that forms the basis of a responsive defense mechanism. A Bloom filter based mechanism is proposed to efficiently implement and disseminate the signature-based model; it helps reduce the communication overhead and the computation and storage requirements at the upstream routers that check for malicious traffic. The approach is verified and evaluated using the DARPA dataset. Experimental results show the effectiveness of the proposed scheme in blocking attack traffic and allowing most of the legitimate traffic at upstream routers.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Beitollahi, H., Deconinck, G.: Analyzing well known countermeasures against distributed denial of service attacks. Comput. Commun. 35(11), 1312–1332 (2012)
Cabrera, J.B.D., Lewis, L.M., Qin, X.Z., Lee, W., Mehra, R.K.: Proactive intrusion detection and distributed denial of service attacks - a case study in security management. J. Netw. Syst. Manage. 10(2), 225–254 (2002)
Cheng, J., Yin, J., Liu, Y., Cai, Z., Wu, C.: DDoS attack detection using IP address feature interaction. In: Proceedings of 1st International Conference Intelligent Networking and Collaborative Systems, pp. 113–118 (2009)
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proceedings of 11th World Wide Web conference, Honolulu, Hawaii (2002)
Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: Proceedings of 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Portland, Oregon, USA (2004)
Lee, K., Kim, J., Kwon, K.H., Han, Y., Kim, S.: DDoS attack detection method using cluster analysis. Expert Syst. Appl. 34, 1659–1665 (2007)
Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. IEEE Commun. Mag. 40(10), 76–82 (2002)
Mitzenmacher, M.: Compressed bloom filters. In: Proceedings of the 20th Annual ACM Symposium on Principles of Distributed Computing, Newport, Rhode Island, pp. 144–150 (2001)
Noh, S., Jung, G., Choi, K., Lee, C.: Compiling network traffic into rules using soft computing methods for the detection of flooding attacks. J. Appl. Soft Comput. 8(3), 1200–1210 (2008)
Peng, T., Leckie, C., Ramamohanarao, K.: Protection from distributed denial of service attack using history-based IP filtering. In: Proceedings of IEEE International Conference on Communications, Anchorage, Alaska, pp. 482–486 (2003)
Peng, T., Leckie, C., Ramamohanarao, K.: Proactively detecting distributed denial of service attacks using source ip address monitoring. In: Mitrou, N.M., Kontovasilis, K., Rouskas, G.N., Iliadis, I., Merakos, L. (eds.) NETWORKING 2004. LNCS, vol. 3042, pp. 771–782. Springer, Heidelberg (2004)
Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39(1), 1–42 (2007)
RioRey, Inc.: 2009–2012, RioRey Taxonomy of DDoSAttacks, RioRey_Taxonomy_Rev_2.3_2012 (2012). http://www.riorey.com/x-resources/2012/RioRey_Taxonomy_DDoS_Attacks2012.eps
Waikato Applied Network Dynamics Research Group. Auckland university data traces. http://wand.cs.waikato.ac.nz/wand/wits/
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Mosharraf, N., Jayasumana, A.P., Ray, I. (2015). A Responsive Defense Mechanism Against DDoS Attacks. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P. (eds) Foundations and Practice of Security. FPS 2014. Lecture Notes in Computer Science(), vol 8930. Springer, Cham. https://doi.org/10.1007/978-3-319-17040-4_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-17040-4_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17039-8
Online ISBN: 978-3-319-17040-4
eBook Packages: Computer ScienceComputer Science (R0)