A distributed filtering mechanism against DDoS attacks: ScoreForCore

Traffic filtering is an essential technique that is used as a prevention mechanism against network attacks. This paper presents a proactive and collaborative filtering based defense mechanism against Distributed Denial of Service (DDoS) attacks. Proactivity provides prevention of attacks before it spreads whereas collaboration enables getting knowledge about different points of the network and deciding filters together. The proposed model called ScoreForCore is a statistical mechanism that is inspired from another proactive but individual model. The most distinctive property of our model is the selection of the most appropriate attributes during current attack traffic. We compared our results with the existing model. Our results suggest that the success of system's behavior on legal and attack packets are increased considerably. In addition, most of the attack packets are stonewalled near the source of the attack.

[1]  Xin Liu,et al.  To filter or to authorize: network-layer DoS defense against multimillion-node botnets , 2008, SIGCOMM '08.

[2]  Xiangyang Li,et al.  An SDN-supported collaborative approach for DDoS flooding detection and containment , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[3]  John Skilling,et al.  Data analysis : a Bayesian tutorial , 1996 .

[4]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[5]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[6]  Kensuke Fukuda,et al.  MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking , 2010, CoNEXT.

[7]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[8]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[9]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[10]  Heejo Lee,et al.  PFS: Probabilistic filter scheduling against distributed denial-of-service attacks , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[11]  Thiagarajan Hamsapriya,et al.  Statistical Segregation Method to Minimize the False Detections During DDoS Attacks , 2011, Int. J. Netw. Secur..

[12]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[13]  David R. Cheriton,et al.  Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks , 2003, ArXiv.

[14]  Sneha Kumar Kasera,et al.  Fast and robust signaling overload control , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[15]  Raouf Boutaba,et al.  FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks , 2012, IEEE/ACM Transactions on Networking.

[16]  Heejo Lee,et al.  APFS: Adaptive Probabilistic Filter Scheduling against distributed denial-of-service attacks , 2013, Comput. Secur..

[17]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[18]  Shui Yu,et al.  CBF: A Packet Filtering Method for DDoS Attack Defense in Cloud Environment , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[19]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.