Exact and approximation algorithms for sensor placement against DDoS attacks

TL;DR

This paper develops exact and heuristic algorithms for optimally placing sensors in a network to detect DDoS attacks, balancing detection coverage and cost, with proven NP-hardness of the problem.

Contribution

It introduces two mixed integer models for sensor placement against DDoS attacks and compares their efficiency with heuristics and exact solvers.

Findings

Heuristic algorithms perform well compared to exact methods.

Optimal placement balances sensor count and attack detection.

Models are validated through experimental comparisons.

Abstract

In a DDoS attack (Distributed Denial of Service), an attacker gains control of many network users through a virus. Then the controlled users send many requests to a victim, leading to its resources being depleted. DDoS attacks are hard to defend because of their distributed nature, large scale and various attack techniques. One possible mode of defense is to place sensors in a network that can detect and stop an unwanted request. However, such sensors are expensive so there is a natural question as to the minimum number of sensors and the optimal placement required to get the necessary level of safety. Presented below are two mixed integer models for optimal sensor placement against DDoS attacks. Both models lead to a trade-off between the number of deployed sensors and the volume of uncontrolled flow. Since the above placement problems are NP-hard, two efficient heuristics are designed, implemented and compared experimentally with exact mixed integer linear programming solvers.