A Collaborative Defense Framework Against DDoS Attacks in Networks
MetadataShow full item record
Distributed Denial of Service (DDoS) attacks pose one of the most serious security threats to the Internet. In this work, we aimed to develop a collaborative defense framework against DDoS attacks in networks. We focus on two main phases, which are anomaly detection and filtering of malicious traffic, to achieve a successful defense against DDoS attacks. Our first accomplishment is to effectively detect DDoS traffic at local nodes. Our conducted experiments can be divided into three categories which are described as follows. Firstly, in order to detect the stealthy DDoS attack at an early stage, we proposed an effective detection scheme based on time-series decomposition method. Moreover, in order to more effectively defend against the attacks, our credit-based defense method is designed for pinpointing the malicious flows. In addition, in order to adapt to the high-speed environment, we present a two-level approach for scalable and accurate attack detection by exploiting the asymmetry in the attack traffic. At both detection levels, sketch structures are utilized to ensure the scalability of our scheme. Secondly, current defense systems are not scalable well to high-speed networks and few of them are able to defend against attacks originated from both spoofed and genuine source addresses effectively. Aimed at this problem, we propose a two-stage defense scheme to mitigate attacks. The main advantage of our defense approach is its space efficiency since it does not need to keep per-flow state. Moreover, both spoofed and genuine IP DDoS attacks can be well regulated. We finally extend the single-host sketch-based scheme to a distributed detection scheme and finally develop a collaborative defense scheme. In the distributed detection scheme, we deploy detectors in a certain number of edge routers at the edge side. The local analyzer periodically reports the local processed result to the global analyzer in order to infer the anomaly. The collaborative defense scheme is further developed to filter the malicious traffic. By combing both the host-based solutions with the network-wide solutions, we develop a comprehensive solution that can detect and defend against attacks more effectively. Experimental results using the real Internet traffic demonstrate its effectiveness.