Mitigate Distributed Denial Of Service Attacks Research Articles

Net-Police: A network patrolling service for effective mitigation of volumetric DDoS attacks

Volumetric Distributed Denial of Service (DDoS) attacks are a significant concern for information technology-based organizations. These attacks result in significant revenue losses in terms of wastage of resources and unavailability of services at the victim (e.g., business websites, DNS servers, etc.) as well as the Internet Service Providers (ISPs) along the path of the attack. The state-of-the-art DDoS mitigation mechanisms attempt to alleviate the losses at either the victim or the ISPs, but not both. In this paper, we present Net-Police, which is a traffic patrolling system for DDoS mitigation. Net-Police identifies the sources of attack so that filters can be employed at these sources in order to quickly mitigate the attack. Such a solution effectively prevents the flow of malicious traffic across the ISP networks, thereby benefiting the ISPs also. Net-Police patrols the network by designating a small number of routers as dynamic packet taggers, to prune benign regions in the network, and localize the search to the Autonomous Systems (AS) from which the attack originates. We evaluate the proposed solution on 257 real-world topologies from the Internet Topology Zoo library and the Internet AS level topology. The paper also presents details of our hardware test-bed platform consisting of 30 routers on which network services such as Net-Police can be implemented and studied for on-field feasibility. Our experiments reveal that Net-Police performs better than the state-of-the-art cloud-based and traceback-based solutions in terms of ISP bandwidth savings and availability of the victim to legitimate clients.

Maintaining Cloud Performance under DDOS Attacks

The popularity of cloud computing has been growing where the cloud became an attractive alternative rather than classic information processing system. The distributed denial of service (DDoS) attack is one of the famous attacks to cloud computing. This paper proposes a Multiple Layer Defense (MLD) scheme to detect and mitigate DDoS attacks which due to resource depletion. The MLD consists of two layers. The first layer has an alarm system send alarms to cloud management when DDoS attacks start. The second layer includes an anomaly detection system detects VM is infected by DDoS attacks. Also,MLD tested with a different DDoS attack ratio to show scheme stability. MLD evaluated by The energy consumption and the overall SLA violations. The results show the great effect of the MLD to reduce the energy consumption and the overall SLA violation for all datasets. Also, the MLD shows acceptable stability and reactivity with different DDoS attack ratio

SEAL: SDN based secure and agile framework for protecting smart city applications from DDoS attacks

Evolution of smart cities induces critical challenges related to cyber and network security. The increased reliance of a smart city on Information and Communication Technologies (ICT) infrastructure improves automation, efficiency, and sustainability of city services. However, it also poses enormous challenges for ensuring continued operations and services at all times and especially under cyber-attacks. Any lapse in cyber security can lead to critical disaster across the city. Distributed Denial of Service (DDoS) attacks are considered to be the most predominant and prevalent cyber-attacks. We believe that smart city could consist of numerous applications with varying level of network and security requirements. Therefore, providing an adaptive mechanism against DDoS attacks for all applications in a smart city is a key challenge. Further, considering the wide-scale requirements of a smart city, developing an adaptive and flexible solution is a key requirement. Considering these requirements, this paper presents SEAL (SEcure and AgiLe) – a novel Software Defined Networking (SDN) based adaptive framework for protecting smart city applications against DDoS attacks. The SEAL framework leverages key characteristics of SDN such as the global visibility, centralized control, and programmability to enhance the security and resilience. SEAL is capable of effectively detecting and mitigating DDoS attacks not only on application servers but also on network resources. SEAL is also unique in this regard that it provides application specific DDoS attack security solution instead of static threshold mechanism. Moreover, inherently distributed architecture of the SEAL framework ensures fault tolerance, scalability and reliability of the smart city. The SEAL framework comprises three modules, namely D-Defense, A-Defense and C-Defense. These modules collectively provide a mechanism to detect and mitigate DDoS attack on smart city applications and the network infrastructure. Adaptability in SEAL is achieved through implementing customized version of estimated-weighted moving average (EWMA) filters. Three types of filters, Proactive Filter, Active Filter, and Passive Filter are proposed and implemented to compute the dynamic threshold in real time for various types of applications. Experimental evaluation of the SEAL framework has been conducted to establish the efficacy of the framework and its components in detecting and mitigating DDoS attacks. The results prove that SEAL is able to detect and mitigate DDoS attacks effectively. The focus of the SEAL framework is to protect smart city applications, however, the SEAL framework can potentially be utilized in a wide range of systems.

A deep learning based intelligent framework to mitigate DDoS attack in fog environment

Fog computing (FC) is a contemporary computing paradigm that gives additional support to cloud environment by carrying out some local data analysis in edge of the devices, facilitating networking, computing, infrastructure and storage support as backbone for end user computing. Still enterprises are not convinced to use this as security and privacy are most of the open and challenging issues. Availability among the security requirements is the one which is about rendering on demand service to different client applications without any disruptions. It can often be demolished by Denial of service (DoS) and distributed denial of service (DDoS) attacks in fog and cloud computing environment. In this paper we propose a novel Source based DDoS defence mechanism which can be used in fog environment as well as the cloud environment to mitigate DDoS attacks. It makes use of Software Defined Network (SDN) to deploy the DDoS defender module at SDN controller to detect the anomalous behavior of DDoS attacks in Network/Transport level. The proposed work provides deep learning (DL) based detection method which makes use of the network traffic analysis mechanisms to filter and forward the legitimate packets to the server and can block the infected packets to cause further attacks.

SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks

The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.

Cochain-SC: An Intra- and Inter-Domain Ddos Mitigation Scheme Based on Blockchain Using SDN and Smart Contract

With the exponential growth in the number of insecure devices, the impact of Distributed Denial-of-Service (DDoS) attacks is growing rapidly. Existing DDoS mitigation schemes are facing obstacles due to low flexibility, lack of resources, and high cost. The new emerging technologies, such as blockchain, introduce new opportunities for low-cost, efficient and flexible DDoS attacks mitigation across multiple domains. In this paper, we propose a blockchain-based approach, called Cochain-SC, which combines two levels of mitigation, intra-domain and inter-domain DDoS mitigation. For intra-domain, we propose an effective DDoS mitigation method in the context of software defined networks (SDN); it consists of three schemes: (1) Intra Entropy-based scheme (I-ES) to measure, using sFlow, the randomness of data inside the domain; (2) Intra Bayes-based scheme (I-BS) to classify, based on entropy values, illegitimate flows; and (3) Intra-domain Mitigation (I-DM) scheme to effectively mitigate illegitimate flows inside the domain. For inter-domain, we propose a collaborative DDoS mitigation scheme based on blockchain; it uses the concept of smart contracts (i.e., Ethereum’s smart contracts) to facilitate the collaboration among SDN-based domains (i.e., Autonomous System: AS) to mitigate DDoS attacks. For this aim, we design a novel and secure scheme that allows multiple SDN-based domains to securely collaborate and transfer attack information in a decentralized manner. Combining intra- and inter-domain DDoS mitigation, Cochain-SC allows an efficient mitigation along the path of an ongoing attack and an effective mitigation near the origin of the attack. This allows reducing the enormous cost of forwarding packets, across multiple domains, which consist mostly of useless amplified attack traffic. To the best of our knowledge, Cochain-SC is the first scheme that proposes to deal with both intra-domain and inter-domain DDoS attacks mitigation combining SDN, blockchain and smart contract. The implementation of Cochain-SC is deployed on Ethereum official test network Ropsten. Moreover, we conducted extensive experiments to evaluate our proposed approach; the experimental results show that Cochain-SC achieves flexibility, efficiency, security, cost effectiveness, and high accuracy in detecting illegitimate flows, making it a promising approach to mitigate DDoS attacks.

A New Smart Router-Throttling Method to Mitigate DDoS Attacks

The distributed denial of service (DDoS) attack is one of the most server threats to the current Internet and brings huge losses to society. Furthermore, it is challenging to defend DDoS due to the case that the DDoS traffic can appear similar to the legitimate ones. Router throttling is an accessible approach to defend DDoS attacks. Some existing router throttling methods dynamically adjust a given threshold value to keep the server load safe. However, these methods are not ideal as they exploit the information of the current time, so the perception of time series variations is poor. The DDoS problem can be seen as a Markov decision process (MDP). Multi-agent router throttling (MART) method based on hierarchical communication mechanism has been proposed to address this problem. However, each agent is independent with each other and has no communication among them, therefore, it is hard for them to collaborate to learn an ideal policy to defend DDoS. To solve this multi-agent partially observable MDP problem, we propose a centralized reinforcement learning router throttling method based on a centralized communication mechanism. Each router sends its own traffic reading to a central router, the central router then makes a decision for each router to choose the throttling rate. We also simulate the environment of the DDoS problem more realistic while modify the reward function of the MART to make the reward function of more coherent. To decrease the communication costs, we add a deep deterministic policy gradient network for each router to decide whether or not to send information to the central agent. The experiments validate that our proposed new smart router throttling method outperforms existing methods to the DDoS instruction response.

Scale Inside-Out: Rapid Mitigation of Cloud DDoS Attacks

The distributed denial of service (DDoS) attacks in cloud computing requires quick absorption of attack data. DDoS attack mitigation is usually achieved by dynamically scaling the cloud resources so as to quickly identify the onslaught features to combat the attack. The resource scaling comes with an additional cost which may prove to be a huge disruptive cost in the cases of longer, sophisticated, and repetitive attacks. In this work, we address an important problem, whether the resource scaling during attack, always result in rapid DDoS mitigation? For this purpose, we conduct real-time DDoS attack experiments to study the attack absorption and attack mitigation for various target services in the presence of dynamic cloud resource scaling. We found that the activities such as attack absorption which provide timely attack data input to attack analytics, are adversely compromised by the heavy resource usage generated by the attack. We show that the operating system level local resource contention, if reduced during attacks, can expedite the overall attack mitigation. The attack mitigation would otherwise not be completed by the dynamic scaling of resources alone. We conceived a novel relation which terms “Resource Utilization Factor” for each incoming request as the major component in forming the resource contention. To overcome these issues, we propose a new “Scale Inside-out” approach which during attacks, reduces the “Resource Utilization Factor” to a minimal value for quick absorption of the attack. The proposed approach sacrifices victim service resources and provides those resources to mitigation service in addition to other co-located services to ensure resource availability during the attack. Experimental evaluation shows up to 95 percent reduction in total attack downtime of the victim service in addition to considerable improvement in attack detection time, service reporting time, and downtime of co-located services.

SDN Based Collaborative Scheme for Mitigation of DDoS Attacks

Software Defined Networking (SDN) has proved itself to be a backbone in the new network design and is quickly becoming an industry standard. The idea of separation of control plane and data plane is the key concept behind SDN. SDN not only allows us to program and monitor our networks but it also helps in mitigating some key network problems. Distributed denial of service (DDoS) attack is among them. In this paper we propose a collaborative DDoS attack mitigation scheme using SDN. We design a secure controller-to-controller (C-to-C) protocol that allows SDN-controllers lying in different autonomous systems (AS) to securely communicate and transfer attack information with each other. This enables efficient notification along the path of an ongoing attack and effective filtering of traffic near the source of attack, thus saving valuable time and network resources. We also introduced three different deployment approaches i.e., linear, central and mesh in our testbed. Based on the experimental results we demonstrate that our SDN based collaborative scheme is fast and reliable in efficiently mitigating DDoS attacks in real time with very small computational footprints.

A Multivariant Stream Analysis Approach to Detect and Mitigate DDoS Attacks in Vehicular Ad Hoc Networks

Vehicular Ad Hoc Networks (VANETs) are rapidly gaining attention due to the diversity of services that they can potentially offer. However, VANET communication is vulnerable to numerous security threats such as Distributed Denial of Service (DDoS) attacks. Dealing with these attacks in VANET is a challenging problem. Most of the existing DDoS detection techniques suffer from poor accuracy and high computational overhead. To cope with these problems, we present a novel Multivariant Stream Analysis (MVSA) approach. The proposed MVSA approach maintains the multiple stages for detection DDoS attack in network. The Multivariant Stream Analysis gives unique result based on the Vehicle‐to‐Vehicle communication through Road Side Unit. The approach observes the traffic in different situations and time frames and maintains different rules for various traffic classes in various time windows. The performance of the MVSA is evaluated using an NS2 simulator. Simulation results demonstrate the effectiveness and efficiency of the MVSA regarding detection accuracy and reducing the impact on VANET communication.

Advance DDOS detection and mitigation technique for securing cloud

Distributed denial of service (DDoS) attacks have become a serious attack on internet security and cloud computing. This kind of attacks is the most complex form of denial of service (DoS) attacks. This type of attack can simply duplicate its source address, such as spoofing attack, which disguises the real location of the attack. Therefore, DDoS attack is the most significant challenge for network security. In this paper, we present a model to detect and mitigate DDoS attacks in cloud computing. The proposed model requires very small storage and has the ability of fast detection. The experimental results show that the system is able to mitigate most of the attacks. Detection accuracy and processing time were the metrics used to evaluate the performance of proposed model. From the results, it is evident that the system achieved high detection accuracy (97%) with some minor false alarms.

A DDoS Attack Detection and Mitigation With Software-Defined Internet of Things Framework

With the spread of Internet of Things’ (IoT) applications, security has become extremely important. A recent distributed denial-of-service (DDoS) attack revealed the ubiquity of vulnerabilities in IoT, and many IoT devices unwittingly contributed to the DDoS attack. The emerging software-defined anything (SDx) paradigm provides a way to safely manage IoT devices. In this paper, we first present a general framework for software-defined Internet of Things (SD-IoT) based on the SDx paradigm. The proposed framework consists of a controller pool containing SD-IoT controllers, SD-IoT switches integrated with an IoT gateway, and IoT devices. We then propose an algorithm for detecting and mitigating DDoS attacks using the proposed SD-IoT framework, and in the proposed algorithm, the cosine similarity of the vectors of the packet-in message rate at boundary SD-IoT switch ports is used to determine whether DDoS attacks occur in the IoT. Finally, experimental results show that the proposed algorithm has good performance, and the proposed framework adapts to strengthen the security of the IoT with heterogeneous and vulnerable devices.

USING GRAPHIC NETWORK SIMULATOR 3 FOR DDOS ATTACKS SIMULATION

Distributed Denial of Service (DDoS) attacks are still one of the major cybersecurity threats and the focus of much research on developing DDoS attack mitigation and detection techniques. Being able to model DDoS attacks can help researchers develop effective countermeasures. Modeling DDoS attacks, however, is not an easy task because modern DDoS attacks are huge and simulating them would be impossible in most cases. That’s why researchers use tools like network simulators for modeling DDoS attacks. Simulation is a widely used technique in networking research, but it has suffered a loss of credibility in recent years because of doubts about its reliability. In our previous works we used discrete event simulators to simulate DDoS attacks, but our results were often different from real results. In this paper, we apply our approach and use Graphical Network Simulator-3(GNS3) to simulate an HTTP server’s performance in a typical enterprise network under DDoS attack. Also, we provide references to related work.

Filtering-Based Defense Mechanisms Against DDoS Attacks: A Survey

This paper presents a comprehensive survey on filtering-based defense mechanisms against distributed denial of service (DDoS) attacks. Several filtering techniques are analyzed and their advantages and disadvantages are presented. In order to help network security analysts choose the most appropriate mechanism according to their security requirements, a comparative classification of these methods is provided. The relevant research efforts are identified and discussed for rendering the current state of the art in the literature. This classification will also serve researchers to address weaknesses of these filtering methods, and thus mitigate DDoS attacks using more effective defense mechanisms.

A Multi-Criteria based Software Defined Networking System Architecture for DDoS-Attack Mitigation

Nowadays, Software-Defined Networking (SDN) has become a promising network architecture in which network devices are controlled in a separate Control Plane (i.e., SDN controller). In a specific aspect, employing SDN in a network offers an attractive network security solution due to its flexibility in building and adding more new software security rules. From another perspective, attack prediction and mitigation, especially for Distributed Denial of Service (DDoS) attacks, are still challenges in SDN environments since a SDN control system works probably slower than a non-SDN one and theSDN controller can become a target of attacks. In this article, at first, we analyze a real traffic use case in order to derive DDoS indicators and thresholds. Secondly, we design an Openflow/SDN-based Attack Mitigation Architecture that is able to quickly mitigate DDoS attacks on the fly. The design solves the existing problems of the Openflow protocol, reducing the traffic volume traversing over the interface between the data plane (switch) and the control plane (SDN controller) and decreasing the buffer size at the Openflow switch. Applying our proposed Fuzzy Logic-based DDoS Mitigation algorithm that deploys multiple criteria for DDoS detection - FDDoM, the system demonstrates the ability to detect and filter 97% of attack flows and reach a False Positive Rate of 5% that are acceptable figures in real system management. The results also show that the network resource which is required to cope and maintain flow entries is 50% reduced during attack time.

Effective software‐defined networking controller scheduling method to mitigate DDoS attacks

To improve the availability of the software-defined networking (SDN) under distributed denial of service (DDoS) attacks, a multi-queue SDN controller scheduling algorithm based on time slice allocation strategy is proposed. The proposed algorithm can take different time slice allocation strategies according to the intensity of DDoS attacks and use SDN controller to schedule processing flow request from different switches (including the switches suffering from different degrees of attacks and normal switches) to ensure better protection to the normal switch in the network under DDoS attacks. Simulation results are presented to show the effectiveness of the proposed algorithm.

DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions

Distributed denial-of-service (DDoS) attacks have become a weapon of choice for hackers, cyber extortionists, and cyber terrorists. These attacks can swiftly incapacitate a victim, causing huge revenue losses. Despite the large number of traditional mitigation solutions that exists today, DDoS attacks continue to grow in frequency, volume, and severity. This calls for a new network paradigm to address the requirements of today’s challenging security threats. Software-defined networking (SDN) is an emerging network paradigm which has gained significant traction by many researchers to address the requirement of today’s data centers. Inspired by the capabilities of SDN, we present a comprehensive survey of existing SDN-based DDoS attack detection and mitigation solutions. We classify solutions based on DDoS attack detection techniques and identify requirements of an effective solution. Based on our findings, we propose a novel framework for detection and mitigation of DDoS attacks in a large-scale network which comprises a smart city built on SDN infrastructure. Our proposed framework is capable of meeting application-specific DDoS attack detection and mitigation requirements. The primary contribution of this paper is twofold. First, we provide an in-depth survey and discussion of SDN-based DDoS attack detection and mitigation mechanisms, and we classify them with respect to the detection techniques. Second, leveraging the characteristics of SDN for network security, we propose and present an SDN-based proactive DDoS Defense Framework (ProDefense). We show how this framework can be utilized to secure applications built for smart cities. Moreover, the paper highlights open research challenges, future research directions, and recommendations related to SDN-based DDoS detection and mitigation.

ReCSDN: Resilient Controller for Software Defined Networks

Software Defined Networking (SDN) is an emerging network paradigm that provides central control over the network. Although, this simplifies the network management and makes efficient use of network resources, it introduces new threats to network reliability and scalability. In fact, a single centralized controller is a single point of failure. Moreover, a single controller may become a performance bottleneck as processing overhead increases. Distributed SDN controller platforms improve the reliability and scalability to some extent, however they remain vulnerable to Distributed Denial of Service (DDoS) attacks, specifically on control plane. We believe that there is a need for a distributed controller framework that is capable of providing service continuity without performance degradation in case of excessive network traffic or DDoS attacks on controller. In this paper, we aim to address the vulnerabilities of SDN control plane. We propose and implement an efficient and Resilient Controller for Software Defined Network (ReCSDN). This framework is capable of detecting and mitigating DDoS attacks timely and ensures the continuity of services without performance degradation. We created an experimental test bed using Mininet to conduct extensive experiments. We deployed ReCSDN on top of Open Network Operating System (ONOS) cluster to confirm the viability of our approach. The experiment results show that with ReCSDN, control plane is not only able to withstand excessive network load but will also continue to provide services in case of any controller failure.

Scalable DDoS Mitigation System for Data Centers

Distributed Denial of Service attacks (DDoS) have been used by attackers for over two decades because of their effectiveness. This type of the cyber-attack is one of the most destructive attacks in the Internet. In recent years, the intensity of DDoS attacks has been rapidly increasing and the attackers combine more often different techniques of DDoS to bypass the protection. Therefore, the main goal of our research is to propose a DDoS solution that allows to increase the filtering capacity linearly and allows to protect against the combination of attacks. The main idea is to develop the DDoS defense system in the form of a portable software image that can be installed on the reserve hardware capacities. During a DDoS attack, these servers will be used as filters of this DDoS attack. Our solution is suitable for data centers and eliminates some lacks of commercial solutions. The system employs modular DDoS filters in the form of special grids containing specific protocol parameters and conditions.

Defending HTTP Web Servers against DDoS Attacks through Busy Period-based Attack Flow Detection

We propose a new Distributed Denial of Service (DDoS) defense mechanism that protects http web servers from application-level DDoS attacks based on the two methodologies: whitelist-based admission control and busy period-based attack flow detection. The attack flow detection mechanism detects attach flows based on the symptom or stress at the server, since it is getting more difficult to identify bad flows only based on the incoming traffic patterns. The stress is measured by the time interval during which a given client makes the server busy, referred to as a client-induced server busy period (CSBP). We also need to protect the servers from a sudden surge of attack flows even before the malicious flows are identified by the attack flow detection mechanism. Thus, we use whitelist-based admission control mechanism additionally to control the load on the servers. We evaluate the performance of the proposed scheme via simulation and experiment. The simulation results show that our defense system can mitigate DDoS attacks effectively even under a large number of attack flows, on the order of thousands, and the experiment results show that our defense system deployed on a linux machine is sufficiently lightweight to handle packets arriving at a rate close to the link rate.