Mantlet Trilogy: DDoS Defense Deployable with Innovative Anti-Spoofing, Attack Detection and Mitigation

Distributed Denial of Service (DDoS) attacks have become one of the most serious threats to the Internet. In this paper, we propose Mantlet, an overlay-based approach to detect and mitigate DDoS attacks. Mantlet combines three innovative mechanisms for anti-spooflng, attack detection and mitigation, respectively. To circumvent IP spoofing, we first propose a probing mechanism named Bypass Check to authenticate the clients of TCP or UDP services. Then, Cumulative Sum (CUSUM) is adopted to detect DDoS attacks based on the abrupt change of sequential packet symmetry, the ratio of received to transmitted packets of a service. After detection, the suspicious flows that contribute to asymmetry are segregated and experience preferential dropping test (PDT). A suspicious flow is confirmed as malicious if it is unresponsive to packet drops. Finally, we implement Mantlet with Click and perform experiments on PlanetLab. The experimental results validate our analysis and show that Mantlet is applicable to not only TCP services but also UDP services.