Detecting and preventing DDoS attacks in botnets by the help of self triggered black holes

Abstract

Among various types of computer threats, botnet is the most serious one against cyber security as they provide several illegal activities such as denial of service attacks, spamming, click fraud and other type of espionage activities. A botnet is a network of infected computers called bots which are under the control of one person known as Botmaster. Botmaster will have full control over the compromised machines from the command and control (C&C) channels, which allow Botmaster to update and add new features to the botnet. Distributed Denial of Service is one of deadliest attacks in history of network security which is take place by botnets. Until now many different solutions against this attack are proposed. One of these techniques is the Remote Triggered black hole filtering for stopping DDoS attacks by botnets. The main drawback of this technique is that the trigger is located at the victim premises and in case of an attack the network between trigger and routers will be saturated by attack traffic. Therefore the trigger cannot effectively communicate with the router to ask them to stop the traffic from the source IP. This paper proposes an improved framework to do the black hole filtering on the edge of internet service provider without need of the trigger (Self Triggered). The most tangible improvements in our framework are stopping DDoS attacks before entering into victim premises, ease of tracking and reporting the compromised machines for further cleanings.