A Novel DDoS Attack Defending Framework with Minimized Bilateral Damages

Distributed Denial of Service (DDoS) attacks are one of the most damaging threats against Internet based applications. Many of the DDoS defense mechanisms may unintentionally deny a certain portion of legitimate user accesses by mistaking them as attackers or may simply not block enough traffic to adequately protect the victim. Other better performing systems have not yet to reach adoption because of designs that require a substantial investment into the Internet infrastructure before offering much effectiveness. This paper proposes Heimdall, a novel traffic verification based framework to protect legitimate traffic from bilateral damages. Based on a proof-of-work technique and application of distributed hash ID, aside from protecting established connections, our system can validate new initial request for communication and open valid channels between users and the protected server. Through intensive simulation experiments on the ns-2 network simulator, we verified that Heimdall scheme can effectively protect legitimate communications and filter out malicious flows with very high accuracy.