Abstract
The Internet is nowadays suffering dramatically serious attacks, with the distributed denial of service (DDoS) attacks being the representative and dominant ones. It is seen that, to stabilize the buffer queue length around a given target under DDoS attacks in the relevant routes is vitally important and helpful to mitigate the attacks and to improve the quality of service (QoS) for normal users. In the current paper, a stochastic queue dynamic model with L e ´ vy jump noise, which is affected by the continuous Brownian motion and the discontinuous Poisson process, is worked out to develop a novel and accurate mathematical framework for the stability of a route queue that deals with constant-rate DDoS attacks. This article proposes a security defensive mechanism in the network for solving the network collapse that can possibly be caused by DDoS attacks, otherwise. Particularly, based on the formulation of a stochastic queue dynamic with L e ´ vy jump noise, the mechanism that characterizes the behavior of the queue at routers is presented for stabilizing the queue length under constant-rate DDoS attacks. By applying the stochastic control theory into analyzing the performance of queue dynamic under constant-rate DDoS attacks, some explicit conditions are established under which the instantaneous queue length converges to any given target in a route. Simulation results demonstrate the satisfaction of the proposed defense mechanism with sharp contrast to the state of the art active queue management (AQM) schemes.
Highlights
Distributed denial of service (DDoS) attackers send large volume of attacking packets through the distributed method, which subsequently prevent the normal users to access the Internet services and seriously affect the availability of the networks. e motivations of DDoS attacks range from commercial competition to extortion and even political motives. ere are growing research interests on DDoS attacks, mainly including detecting DDoS attacks and mitigating DDoS attacks [1,2,3]. e biggest disadvantage of intrusion detection system (IDS), as a DDoS defense platform, is that IDS can only detect the attacks, but it does nothing to alleviate the attacks [4, 5]
In order to solve the challenge of DDoS attacks, we study the random queue system with Le vy jump noise and design the parabolic controller as a defense mechanism against DDoS attacks. e parabolic controller is introduced into SDE-LJN system to improve the practical applicability and anti-interference performance of the system. e purpose of the defense scheme based on SDE-LJN
Our defense strategy has a complementary defense solution, which provides the combination of detection attack and the execution of mitigation attack. erefore, how to effectively mitigate the attack is important when the attack is detected, and this paper focuses on the research of mitigating DDoS attacks
Summary
Distributed denial of service (DDoS) attackers send large volume of attacking packets through the distributed method, which subsequently prevent the normal users to access the Internet services and seriously affect the availability of the networks. e motivations of DDoS attacks range from commercial competition to extortion and even political motives. ere are growing research interests on DDoS attacks, mainly including detecting DDoS attacks and mitigating DDoS attacks [1,2,3]. e biggest disadvantage of intrusion detection system (IDS), as a DDoS defense platform, is that IDS can only detect the attacks, but it does nothing to alleviate the attacks [4, 5]. 3. The Stability Analysis of the Stochastic Queue Dynamic with Levy Jump under Constant-Rate DDoS Attacks e stability analysis of networks queue model has caught many researchers’ attention [39,40,41,42]. In order to solve the challenge of DDoS attacks, we study the random queue system with Le vy jump noise and design the parabolic controller as a defense mechanism against DDoS attacks (see Figure 3). E specific relationship of the white noise factor ξ2, the attack rate r(u), and the network parameter τ0 of SDE-LJN system can be taken as DDoS attacks’ defense strategy to achieve the purpose of protecting the networks. E defense strategy objectives of SDE-LJN system are (i) Effectively controlling and blocking the attack flows into the network (ii) Minimizing the attack traffic as much as possible, so that DDoS attacks do not make the network collapse
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
