DDoS Detection using host-network based metrics and mitigation in experimental testbed

Distributed Denial of Service (DDoS) attacks is very recent and popular devastating attack in the field of cyber society. Flooding DDoS attacks produce adverse effects for critical infrastructure availability, integrity and confidentiality. Current defense approaches cannot efficiently detect and filter out the attack traffic in real time. Online analysis of real time attack traffic and their impact and degradation of host and network based performance metrics becomes very essential. So, online measurement of these network performance metrics itself acts as an Intrusion detection system. The anomalies are the inference for network security analyst to suspect whether the network is under attack or not. Based on the assumption that the attacker flows are very aggressive than the legitimate users the proposed work provides sufficient bandwidth to genuine users during flooding DDoS attack. The Interface Based Rate Limiting (IBRL) algorithm proposed in this paper is used to mitigate the identified DDoS attacks. The implementation is carried out on an experimental testbed build up on Linux machines and Virtual routers. The experimental results show that there is considerable increase in the host and network based performance metrics for legitimate users even under DoS and DDoS attacks.

[1]  Yinan Jing,et al.  NIS04-5: Defending Against Meek DDoS Attacks By IP Traceback-based Rate Limiting , 2006, IEEE Globecom 2006.

[2]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[3]  Songjie Wei,et al.  Benchmarks for DDOS Defense Evaluation , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[4]  Jelena Mirkovic,et al.  Distributed Defense Against DDoS Attacks , 2004 .

[5]  Jun Xu,et al.  IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[6]  Kuldip Singh,et al.  Performance Analysis of Web Service under DDoS Attacks , 2009, 2009 IEEE International Advance Computing Conference.

[7]  Liang Feng Using Adaptive Router Throttles Against Distributed Denial-of-Service Attacks , 2002 .

[8]  S. Mercy Shalinie,et al.  Combat model-based DDoS detection and defence using experimental testbed: a quantitative approach , 2011, Int. J. Intell. Eng. Informatics.

[9]  Michael Weber,et al.  Protecting web servers from distributed denial of service attacks , 2001, WWW '01.

[10]  Sonia Fahmy,et al.  Automating DDoS Experimentation , 2007, DETER.

[11]  David R. Cheriton,et al.  Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks , 2003, ArXiv.

[12]  Ming Li,et al.  Simulation Study of Flood Attacking of DDOS , 2008, 2008 International Conference on Internet Computing in Science and Engineering.

[13]  Li Sui,et al.  High Performance Wireless Field Measurement System Based on Wireless Sensor Network , 2008, 2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application.

[14]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[15]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.