An Efficient Analytical Solution to Thwart DDoS Attacks in Public Domain

TL;DR

This paper introduces an analytical model for detecting DDoS attacks by monitoring traffic volume and flow changes, employing a scalable, distributed approach to improve detection rates while managing computational overheads.

Contribution

It presents a novel scalable detection system using traffic volume and flow measures, and a distributed cooperative technique to reduce overheads in DDoS detection.

Findings

Significant improvement in detection rate and false positive rate.

Distributed approach reduces memory and computational overheads.

Effective detection of a wide range of DDoS attacks.

Abstract

In this paper, an analytical model for DDoS attacks detection is proposed, in which propagation of abrupt traffic changes inside public domain is monitored to detect a wide range of DDoS attacks. Although, various statistical measures can be used to construct profile of the traffic normally seen in the network to identify anomalies whenever traffic goes out of profile, we have selected volume and flow measure. Consideration of varying tolerance factors make proposed detection system scalable to the varying network conditions and attack loads in real time. NS-2 network simulator on Linux platform is used as simulation testbed. Simulation results show that our proposed solution gives a drastic improvement in terms of detection rate and false positive rate. However, the mammoth volume generated by DDoS attacks pose the biggest challenge in terms of memory and computational overheads as far as monitoring and analysis of traffic at single point connecting victim is concerned. To address this problem, a distributed cooperative technique is proposed that distributes memory and computational overheads to all edge routers for detecting a wide range of DDoS attacks at early stage.