Mitigating distributed denial-of-service attacks using network connection control charts

In this paper, we present a simple, automated response model that utilizes the Shewhart's control charts based-on network connection to aid in handling DDoS attacks. This model is designed to prevent incoming traffic from exceeding a given threshold, while allowing as much incoming, legitimate traffic as possible. In addition, this model focuses on requiring less demanding modifications to external routers and networks than other published distributed response models that impact the effect of DDoS attacks. The experimental results show the effectiveness of our scheme in early mitigating DDoS attacks.

[1]  Lawrence A. Gordon,et al.  Managing Cybersecurity Resources (The Mcgraw-Hill Homeland Security Series) , 2005 .

[2]  Kamil Saraç,et al.  IP traceback based on packet marking and logging , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[3]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[4]  Md. Safi Uddin,et al.  Statistical-Based SYN-Flooding Detection Using Programmable Network Processor , 2005, Third International Conference on Information Technology and Applications (ICITA'05).

[5]  Rami G. Melhem,et al.  Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks , 2006, J. Parallel Distributed Comput..