Towards Defeating DDoS Attacks

Distributed Denial of Service (DDoS) attacks are attacks where a host of compromised systems are used to target a single system. This single system can be either an actual machine or a network resource. What makes these attacks so prevalent and hard to deal with is the fact that they are distributed. They come from a wide variety of machines, making them hard to trace and even harder to counter. This, in conjunction with the fact that many tools are becoming available on the market that make DDoS attacks easier, makes preventing DDoS attacks a very imperative issue. This paper proposes a mechanism, DDDoS, or Triple Dos, which will deal with DDoS attacks on the Internet layer. There are registration and authentication protocols used to connect clients and servers, so that an unregistered client cannot access the network and thus flood it with traffic. The Triple Dos service will only be activated when a DDoS attack is detected (using clustering), and it will ensure that registered clients and servers can always communicate.

[1]  Chengxu Ye,et al.  Detection of application layer distributed denial of service , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[2]  Ramesh Chandra Joshi,et al.  Dual-Level Attack Detection and Characterization for Networks under DDoS , 2010, 2010 International Conference on Availability, Reliability and Security.

[3]  Yulin Wang,et al.  IP Tracking for DoS/DDoS -- State of the Art , 2010, 2010 International Conference on Internet Technology and Applications.

[4]  Raouf Boutaba,et al.  FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks , 2012, IEEE/ACM Transactions on Networking.

[5]  Huey-Ing Liu,et al.  Defending systems Against Tilt DDoS attacks , 2011, 2011 6th International Conference on Telecommunication Systems, Services, and Applications (TSSA).

[6]  Shigang Chen,et al.  A new perspective in defending against DDoS , 2004, Proceedings. 10th IEEE International Workshop on Future Trends of Distributed Computing Systems, 2004. FTDCS 2004..

[7]  Sherali Zeadally,et al.  Defending against Distributed Denial of Service (DDoS) Attacks with Queue Traffic Differentiation over Micro-MPLS-based Wireless Networks , 2006, 2006 International Conference on Systems and Networks Communications (ICSNC'06).

[8]  Jae-Kwang Lee,et al.  Multi Layer Approach to Defend DDoS Attacks Caused by Spam , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[9]  Jie Yu,et al.  A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks , 2007, International Conference on Networking and Services (ICNS '07).

[10]  Wei Zhang,et al.  A Defending Mechanism against DDoS Based on Registration and Authentication , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[11]  Natalija Vlajic,et al.  Smart crawlers for flash-crowd DDoS: The attacker's perspective , 2012, World Congress on Internet Security (WorldCIS-2012).

[12]  Lata Ragha,et al.  A rate limiting mechanism for defending against flooding based distributed denial of service attack , 2011, 2011 World Congress on Information and Communication Technologies.

[13]  E. Y. Chen,et al.  Practical techniques for defending against DDoS attacks , 2005, The 3rd ACS/IEEE International Conference onComputer Systems and Applications, 2005..