A collaborative peer-to-peer architecture to defend against DDoS attacks

Abstract

Nowadays, we are witnessing an important increase in attacks among which distributed denial-of-service (DDoS) that easily flood the victims using multiple paths. Intrusion detection and filtering are necessary mechanisms to combat against these attacks and secure networks. However, the existing detection techniques for DDoS attacks have their entities work in isolation. In this paper, we propose an efficient and distributed collaborative architecture that allows the placement and the cooperation of the defense entities to better address the main security challenges. The use of content based DHT (distributed hash table) algorithm permits also to improve the scalability and the load balancing of the whole system. This modular architecture has been implemented on IDS (intrusion detection system) entities with the DHT Pastry protocol and has shown a promising performance.