Distributed capabilities-based DDoS defense

Author

Jog, Manjiri ; Natu, Maitreya ; Shelke, Sushama

Author_Institution

Sch. of Eng., NBN Sinhgad, Pune, India

fYear

2015

fDate

8-10 Jan. 2015

Firstpage

1

Lastpage

6

Abstract

Existing strategies against DDoS are implemented as single-point solutions at different network locations. Our understanding is that, no single network location can cater to the needs of a full-proof defense solution, given the nature of DDoS and activities for its mitigation. This paper gives collective information about some important defense mechanisms discussing their advantages and limitations. Based on our understanding, we propose distribution of DDoS defense which uses improved techniques for capabilities-based traffic differentiation and scheduling-based rate-limiting. Additionally, we propose a novel approach for prediction of attack to determine the prospective attackers as well as the time-to-saturation of victim. We present two algorithms for this distribution of defense. The proposed distributed approach built with these incremental improvements in the defense activities is expected to provide better solution against the DDoS problem.

Keywords

computer network security; DDoS defense; capabilities-based traffic differentiation; distributed denial-of-service; incremental improvements; scheduling-based rate-limiting; single-point solutions; Aggregates; Bandwidth; Computer crime; Filtering; Floods; IP networks; Limiting; Attack detection; Distributed Denial-of-Service; Distributed defense; Network security; Rate-limiting; Traffic differentiation;

fLanguage

English

Publisher

ieee

Conference_Titel

Pervasive Computing (ICPC), 2015 International Conference on

Conference_Location

Pune

Type

conf

DOI

10.1109/PERVASIVE.2015.7086993

Filename

7086993