An effective approach to counter application layer DDoS attacks

Distributed Denial of Service (DDoS) attacks are posing major threat to today´s essential Internet service because of its ability to create a huge volume of unwanted traffic. It is hard to detect and respond to DDoS attacks due to large and complex network environments. It becomes more serious when such attacks occur during the flash crowd. Both Flash crowds and DDoS attacks have very similar properties in terms of internet traffic; however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows. This paper proposes a scheme to counter application layer DDoS attack and to schedule the flash crowd during DDoS attacks. In this scheme, an Access Matrix is defined to capture the access patterns of the legitimate clients and the normal flash crowd. Dimensionality reduction schemes are applied to reduce the multidimensional Access Matrix. A counter-mechanism consisting of a suspicion assignment mechanism and a scheduler is deployed. The suspicion mechanism assigns a score to each client session, and the scheduler decides whether to forward the session´s requests or to drop the request based on the suspicion score.