Engineering of a global defense infrastructure for DDoS attacks

Distributed denial-of-service (DDoS) attacks have emerged as a major threat to the stability of the Internet. By the very nature of the DDoS attacks, pure preventive and pure reactive approaches are not effective to defend against them. We propose a global defense infrastructure to detect-and-respond to the DDoS attacks. This infrastructure consists of a network of distributed local detection systems (LDSes), which detect attacks and respond to them cooperatively. Because of the current Internet topology, this infrastructure can be very effective even if only a small number of major backbone ISPs participate in this infrastructure by installing fully configured LDSes. Moreover, we propose to use traffic volume anomaly for DDoS attack detection. A fully configured LDS monitors the passing traffic for an abnormally high volume of traffic destined to an IP host. A DDoS attack is confirmed if multiple LDSes have detected such anomalies at the same time. Our simulation studies have demonstrated that the proposed detection algorithms are responsive and effective in curbing DDoS attacks.