D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events

Abstract

In the present computer era, though the Internet-based applications are the driving force of social evolution, yet its architectural vulnerabilities proffer plethoric leisure to the attackers for conquering diversity of attacks on its services. Distributed Denial of Service (DDoS) is one of such prominent attack that constitutes a lethal threat to Internet domain that harnesses its computing and communication resources. Despite the presence of enormous defense solutions, ensuring the security and availability of data, resources, and services to end users remains an ongoing research challenge. In addition, the increase in network traffic rates of legitimate traffic and flow similarity of attack traffic with legitimate traffic has further made DDoS problem more crucial. The current research has deployed DDoS defense solutions primarily at the victim-end because of the inherent advantages of easy deployment and availability of complete attack information. However, the huge network traffic volume generated by DDoS attacks and lack of sufficient computational resources at the victim-end makes defense solution itself vulnerable to these attacks. This paper proposes an ISP level distributed, flexible, automated, and collaborative (D-FACE) defense system which not only distributes the computational and storage complexity to the nearest point of presence (PoPs) routers but also leads to an early detection of DDoS attacks and flash events (FEs). The results show that D-FACE defense system outperformed the existing Entropy-based systems on various defense system evaluation metrics.