Efficient placement of sensors for detection against distributed denial of service attack

Distributed denial of service (DDoS) attacks have become a major threat to organizations and especially to Internet and intranet. In DDoS attacks targets are overwhelmed by sending an enormous amount of traffic from number of attack sites. The major tasks of any defense system are to detect these attacks accurately and early on, before it causes an unrecoverable loss. Most of the research in this regard has been focused on the detection techniques without exploiting spatial placement of detection system in a network. The ideal way to completely eliminate the DDoS threat is to run detection mechanism on every node in the network, which is not a practical solution. In this paper, we focus on the optimized placement of detection nodes in a network for distributed detection of DDoS attacks, which not only minimize the number of these node required but also reduce the cost, processing overheads and larger delays in identifying an attack. We examine the placement problem of finding a minimum cardinality set of nodes to detect DDoS attacks such that no attack traffic can reach the target without being monitored by these sensors. The placement problem is formulated as set covering which is NP hard.