DDoS Defense Systems

B. Tech (CSE) Seminar Report, Semester VI, Department of Computer Science and Engineering, NIST, Odisha, India., 2013

Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defence mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This report first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defence mechanism against DDoS attacks.

International Journal of Network Security and its Applications, Vol. 3, No. 2, pp. 162 – 179, March 2011, 2011

Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate state of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing collection particular overhaul disruptions, often for total periods of instance. The relative ease and low costs of initiation such attacks, supplemented by the present insufficient sate of any feasible defense method, have made them one of the top threats to the Internet centre of population nowadays. Since the rising attractiveness of webbased applications has led to quite a lot of significant services being provided more than the Internet, it is very important to monitor the network transfer so as to stop hateful attackers from depleting the assets of the network and denying services to rightful users. The most important drawbacks of the presently existing defense mechanisms and propose a newfangled mechanism for defending a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is always monitored and some irregular rise in the inbound traffic is without delay detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust suggestion testing structure. While the detection procedure is on, the sessions from the rightful sources are not disrupted and the load on the server is restored to the usual level by overcrowding the traffic from the attacking sources. The accurate modules employ multifaceted detection logic and hence involve additional overhead for their execution. On the other hand, they have very huge detection accuracy. Simulations approved on the proposed mechanism have produced results that show efficiency of the proposed defense mechanism against DDoS attacks.

The tools for launching a Distributed Denial-of-Service (DDoS) attack are widely available but there is still a lack of effective mechanisms that defend against such attacks in a reasonable amount of time. This paper presents a research that analyzed the security techniques currently available to reduce the result of DDoS attacks and identifies the technique or combination of techniques that is the most promising. We concluded from our analysis that none of the techniques analyzed fully meet our requirements. A cooperative distributed defense technique with multiple local detection techniques is the most effective.

2015

A Denial of Service (DoS) attack is a malicious effort to keep endorsed users of a website or web service from accessing it, or limiting their ability to do so. A Distributed Denial of Service (DDoS) attack is a type of DoS attack in which many computers are used to cripple a web page, website or webbased service. Fault either in users’ implementation of a network or in the standard specification of protocols has resulted in gaps that allow various kinds of network attack to be launched of the type of network attacks, denial-of-service flood attacks have reason the most severe impact. This analysis study on flood attacks and Flash Crowd their improvement, classifying such attacks as either high-rate flood or low-rate flood. Finally, the attacks are appraised against principle related to their characteristics, technique and collision. In the modern computer world, maintaining the information is very difficult. Some interrupts may occur on the local system (attack) or network based sy...

Distributed Denial of Service attacks disrupts the availability of a service or resource in the internet. A substantial no of Distributed DoS attacks potential have to severely decrease backbone availability and which enable it to virtually detach a network from the net. As a result of the seriousness of the problem many defense methods have been proposed to combat these attacks. We present an extensive survey of DDoS detection methods as published in technical papers. The paper also highlights the open issues, research challenges and possible solutions. The purpose of the paper is usually to put some order into the existing defense methods, to ensure that a greater perception of DDoS attacks methods may be accomplished and subsequently better efficient and effective algorithms, techniques and procedures to combat these attacks could also be developed.

International Journal of Computer Applications, 2017

In cyberworld, resource accessibility has a key part in digital security alongside confidentiality and trustworthiness. Distributed Denial of Service (DDoS) attack has turned into an intriguing issue to the availability of assets in computer networks. In this paper, DDoS attacks at different layers of TCP/IP protocol are scrutinized and comparison of existing GUI DDoS tools with a distinct DDoS script is done so as to know the trend of attacking technique used by the assailants to perform an attack.Various defense tools are analyzed and comparison of existing defense mechanism with a distinct hybrid protection methodology is done. This paper aims to provide a superior comprehension of the current DDoS tools, protective mechanisms,and comparative analysis of them.Existing deficiencies in tools and defensive tecniques are examined and reduced to improve the efficiency.

Proceedings of the 8th International Conference on Distributed Computing and Networking (ICDCN ’06), December 27-30, 2006, Guwahati, India. Springer-Verlag, LNCS 4308, pp. 139-144, 2006

With several critical services being provided over the Internet it has become imperative to monitor the network traffic to prevent malicious attackers from depleting the resources of the network. In this paper, we propose a mechanism to protect a web-server against a Distributed Denial of Service (DDoS) attack. Incoming traffic to the server is continuously monitored to immediately detect any abnormal rise in the inbound traffic. This detection activates a traffic-filtering rule that pushes down the network traffic to an acceptable level by discarding packets according to measured relative traffic levels of each of the active sources. The proposed mechanism does not affect legitimate users and is thus more effective and robust. We have presented simulation results to demonstrate the effectiveness of the proposed mechanism.

… 2003. Proceedings of the 3rd IEEE …, 2003

Denial of Service (DOS) attacks are an immense threat to lntemet sites and among the hardest security problems in today's Intemet. Of particular concernbecause of their potential impactare the Distributed Denial of Service (DDoS) attacks. With little or no advance warning a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. This paper presents the problem of DDoS attacks and develops a classification of DDoS defense systems. Important features of each attack and defense system category are described and advantages and disadvantages of each proposed scheme are outlined. The goal of the paper is to place some order into the existing attack and defense mechanisms, so that a better understanding of DDoS attacks can be achieved and more efficient defense mechanisms and techniques can he devised.