Design and analysis of DDoS mitigating network architecture.

Abstract

Distributed Denial of Service (DDoS) attacks have emerged as the top security threat with the rise of e-commerce in recent years. Volumetric attacks are the most common DDoS attacks that aim to overwhelm the victim's bandwidth. The current mitigation methods use reactive filtering techniques that are not magical and straightforward solutions. In this paper, we propose a network architecture based on the capability to address the threat of DDoS attacks. Physically Unclonable Functions (PUFs) have emerged as a promising solution in security. Motivated by the capability approach, we put forward a network architecture where the routers use Transient Effect Ring Oscillator PUF to generate and verify capabilities. This novel hardware-based solution, to address the problem, has reduced the computational overhead of capability generation. Additionally, the destination has complete control over the incoming traffic in the proposed architecture, resulting in uninterrupted communication with the legitimate clients regardless of the attacker traffic. The large-scale simulation on an open-source Network Simulator (NS-3) has shown that the proposed architecture efficiently mitigates DDoS attacks to a large extend. With our proposed architecture, the throughput was hardly affected when attacker traffic was varied from 10 to 80%.