Distributed and Predictive-Preventive Defense Against DDoS Attacks

Proceedings of the 16th International Conference on Distributed Computing and Networking Pub Date : 2015-01-04 DOI:10.1145/2684464.2684503

Manjiri Jog, M. Natu, S. Shelke

{"title":"Distributed and Predictive-Preventive Defense Against DDoS Attacks","authors":"Manjiri Jog, M. Natu, S. Shelke","doi":"10.1145/2684464.2684503","DOIUrl":null,"url":null,"abstract":"Distributed Denial of Service (DDoS) attacks are a perpetual threat to today's business. Existing strategies against DDoS are implemented as single-point solutions, or reactive solutions, or focus on differentiating traffic and localizing attackers. Our understanding is that no single network location can cater to the needs of a full-proof defense solution. In this paper we propose a solution based on two principles -- 'distributed defense for distributed attack' and 'need for a preventive solution over a reactive solution'. We present a system architecture for distributed and predictive-preventive defense mechanism. We also propose two algorithms for systematic placement of the defense nodes in the victim's upstream router network. We compare the performance and efficiency of the proposed algorithms through simulation results. We also present an algorithmic approach for prediction of attack to determine the potential attackers as well as the time-to-saturation of victim. We present experimental evaluation to show the effectiveness of the proposed approach.","PeriodicalId":298587,"journal":{"name":"Proceedings of the 16th International Conference on Distributed Computing and Networking","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Distributed Computing and Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2684464.2684503","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Distributed Denial of Service (DDoS) attacks are a perpetual threat to today's business. Existing strategies against DDoS are implemented as single-point solutions, or reactive solutions, or focus on differentiating traffic and localizing attackers. Our understanding is that no single network location can cater to the needs of a full-proof defense solution. In this paper we propose a solution based on two principles -- 'distributed defense for distributed attack' and 'need for a preventive solution over a reactive solution'. We present a system architecture for distributed and predictive-preventive defense mechanism. We also propose two algorithms for systematic placement of the defense nodes in the victim's upstream router network. We compare the performance and efficiency of the proposed algorithms through simulation results. We also present an algorithmic approach for prediction of attack to determine the potential attackers as well as the time-to-saturation of victim. We present experimental evaluation to show the effectiveness of the proposed approach.

查看原文本刊更多论文

分布式预防DDoS攻击防御

分布式拒绝服务(DDoS)攻击是当今企业面临的一个永久威胁。现有的DDoS防御策略主要是单点解决方案、响应式解决方案，或者侧重于区分流量和攻击者的本地化。我们的理解是，没有一个单一的网络位置可以满足全面防御解决方案的需求。在本文中，我们提出了一个基于两个原则的解决方案——“分布式防御分布式攻击”和“需要预防性解决方案而不是反应性解决方案”。提出了一种分布式预测预防防御机制的体系结构。我们还提出了两种算法，用于在受害者的上游路由器网络中系统地放置防御节点。通过仿真结果比较了所提算法的性能和效率。我们还提出了一种预测攻击的算法方法，以确定潜在的攻击者以及受害者的饱和时间。我们提出了实验评估来证明所提出方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 16th International Conference on Distributed Computing and Networking

自引率

0.00%

发文量