An Efficient Detection Mechanism for Distributed Denial of Service (DDoS) Attack

TL;DR

This paper proposes a statistical traffic analysis-based detection mechanism for DDoS attacks that effectively identifies irregular traffic surges and maintains server availability with high accuracy.

Contribution

It introduces a novel detection algorithm combining statistical analysis and robust testing to improve DDoS attack detection accuracy.

Findings

High detection accuracy demonstrated in simulations

Effective traffic monitoring prevents server overload

Mechanism detects irregular traffic surges promptly

Abstract

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing collection particular overhaul disruptions, often for total periods of instance. The relative ease and low costs of initiation such attacks, supplemented by the present insufficient sate of any feasible defense method, have made them one of the top threats to the Internet centre of population nowadays. Since the rising attractiveness of web-based applications has led to quite a lot of significant services being provided more than the Internet, it is very important to monitor the network transfer so as to stop hateful attackers from depleting the assets of the network and denying services to rightful users. The most important drawbacks of the presently existing defense mechanisms and propose a new-fangled mechanism for defending a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is always monitored and some irregular rise in the inbound traffic is without delay detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust suggestion testing structure. While the detection procedure is on, the sessions from the rightful sources are not disrupted and the load on the server is restored to the usual level by overcrowding the traffic from the attacking sources. The accurate modules employ multifaceted detection logic and hence involve additional overhead for their execution. On the other hand, they have very huge detection accuracy. Simulations approved on the proposed mechanism have produced results that show efficiency of the proposed defense mechanism against DDoS attacks.