Title :
Distributed capabilities-based DDoS defense
Author :
Jog, Manjiri ; Natu, Maitreya ; Shelke, Sushama
Author_Institution :
Sch. of Eng., NBN Sinhgad, Pune, India
Abstract :
Existing strategies against DDoS are implemented as single-point solutions at different network locations. Our understanding is that, no single network location can cater to the needs of a full-proof defense solution, given the nature of DDoS and activities for its mitigation. This paper gives collective information about some important defense mechanisms discussing their advantages and limitations. Based on our understanding, we propose distribution of DDoS defense which uses improved techniques for capabilities-based traffic differentiation and scheduling-based rate-limiting. Additionally, we propose a novel approach for prediction of attack to determine the prospective attackers as well as the time-to-saturation of victim. We present two algorithms for this distribution of defense. The proposed distributed approach built with these incremental improvements in the defense activities is expected to provide better solution against the DDoS problem.
Keywords :
computer network security; DDoS defense; capabilities-based traffic differentiation; distributed denial-of-service; incremental improvements; scheduling-based rate-limiting; single-point solutions; Aggregates; Bandwidth; Computer crime; Filtering; Floods; IP networks; Limiting; Attack detection; Distributed Denial-of-Service; Distributed defense; Network security; Rate-limiting; Traffic differentiation;
Conference_Titel :
Pervasive Computing (ICPC), 2015 International Conference on
Conference_Location :
Pune
DOI :
10.1109/PERVASIVE.2015.7086993
