DDoS Detection using host-network based metrics and mitigation in experimental testbed

Distributed Denial of Service (DDoS) attacks is very recent and popular devastating attack in the field of cyber society. Flooding DDoS attacks produce adverse effects for critical infrastructure availability, integrity and confidentiality. Current defense approaches cannot efficiently detect and filter out the attack traffic in real time. Online analysis of real time attack traffic and their impact and degradation of host and network based performance metrics becomes very essential. So, online measurement of these network performance metrics itself acts as an Intrusion detection system. The anomalies are the inference for network security analyst to suspect whether the network is under attack or not. Based on the assumption that the attacker flows are very aggressive than the legitimate users the proposed work provides sufficient bandwidth to genuine users during flooding DDoS attack. The Interface Based Rate Limiting (IBRL) algorithm proposed in this paper is used to mitigate the identified DDoS attacks. The implementation is carried out on an experimental testbed build up on Linux machines and Virtual routers. The experimental results show that there is considerable increase in the host and network based performance metrics for legitimate users even under DoS and DDoS attacks.