Abstract
Problem statement: The last decade has seen many prominent Distributed Denial of Service (DDoS) attacks on high profile webservers. In this study, we deal with DDoS attacks by proposing a dynamic reactive defense system using an adaptive Spin Lock Rate control (D3SLR). D3SLR identifies malicious traffic flow towards a target system based on the volume of traffic flowing towards the victim machine. Approach: The proposed scheme uses a divide and conquer approach to identify the infected interface via which malicious traffic are received and selectively implements rate limiting based on the source of traffic flow towards victim and type of packet rather than a collective rate limiting on flow towards victim. Results: The results observed in simulation shows that D3SLR detects the onset of the attacks very early and reacts to the threat by rate limiting the malicious flow. The spin lock rate control adapts quickly to any changes in the rate of flow. Conclusion: D3SLR can be successfully implemented at critical points in the network as autonomous defense systems working independently to limit damage to the victim and also allows legitimate flows towards the target system with a higher degree of accuracy.
Highlights
The frequency, severity and sophistication of to max out, preventing any work from occurring
Iterative refinement is Monitoring module observes the packet arrival rate at each incoming interface for an observation interval Tobs, calculates its collective incoming flow and computes the Ratio of Collective Flow (RCF) at each interface (IF). This information is forwarded to the reason module. It is responsible for monitoring the incoming packets and updating the Destination Based Table (DBT), Source Based Table (SBT) and Packettype Based Table (PBT) when measurement activities used to determine the target of Distributed Denial of Service (DDoS) attack, identify the source machine generating the malicious traffic and packet type of the malicious traffic and rate limiting is performed on malicious traffic while legitimate/normal traffic from the infected interface is left relatively undisturbed
The rate limiting is continued until a minimum volume of flow is achieved at the infected interface beyond which the flow cannot be throttled.When the DDoS attack concludes, Spin Lock Rate Control gradually decrements the Spin Lock Rate Limiting factor (SLR) in successive observation intervals by SLR, (SLR-δSLR), (SLR2δSLR), (SLR-3δSLR) and so on until the rate limit spins down to zero and normal activity resumes at the defense system
Summary
The frequency, severity and sophistication of to max out, preventing any work from occurring. This information is forwarded to the reason module It is responsible for monitoring the incoming packets and updating the Destination Based Table (DBT), Source Based Table (SBT) and Packettype Based Table (PBT) when measurement activities used to determine the target of DDoS attack, identify the source machine generating the malicious traffic and packet type of the malicious traffic and rate limiting is performed on malicious traffic while legitimate/normal traffic from the infected interface is left relatively undisturbed. The rate limiting is continued until a minimum volume of flow is achieved at the infected interface beyond which the flow cannot be throttled.When the DDoS attack concludes, Spin Lock Rate Control gradually decrements the SLR in successive observation intervals by SLR, (SLR-δSLR), (SLR2δSLR), (SLR-3δSLR) and so on until the rate limit spins down to zero and normal activity resumes at the defense system
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
