A DDoS-Oriented Distributed Defense Framework Based on Edge Router Feedbacks in Autonomous Systems

Abstract

Distributed defense of distributed denial of service (DDoS) is one of the main research areas in DDoS recently. It is preferred to be conducted as the control-based defense. However, some existed methods have their respective disadvantages, such as efficiency, privacy. Therefore, a DDoS-oriented distributed defense framework based on the edge router feedbacks in autonomous systems (AS) is proposed to thwart the attack traffic in the boundary of AS near to the attacking sources. In the attacks, by measuring its ingress traffic rate the victim sends the feedbacks to the edge routers, as a result that malicious traffic is effectively filtered in AS boundary. The experiments show that the distributed defense framework can effectively guarantee the survival rate of legitimate flows and protect the victims in AS from DDoS.