A Proactive Statistical Defense Solution for DDOS Attacks in Active Networks

A distributed denial of service attack is coordinated and synchronized set of comprehensive attacks on a sophisticated network and its services that hampers the network infrastructure thereby bringing down its performance. Its effects are characterized by the uninformed delays and interruptions accompanied by undue losses. Since no optimal methodology exists, the internet continues to remain susceptible to DDoS attacks. The PacketScore scheme is a practical DDoS defense mechanism, which approximates the authenticity of the packets concerning its attribute values and discards selective attack packets. This paper extends the PacketScore scheme and implements a new two-level filtering mechanism using leaky bucket that can lessen the losses created by the attacks. The proposed scheme validates the data signatures of the packets complementing the check performed on the packet header. This two-level scrutiny enhances the correctness of detection of DDoS attacks. A standard model to review the efficiency of the two-level filtering has been proposed and the scheme has been deployed and tested in ANTS active network tool kit. The implementation of the proposed scheme is easy let alone efficient and effective in DDoS attack detection with an accurate response to varying DDoS attacks.