A Defense Framework for Flooding-based DDoS Attacks

Distributed denial of service (DDoS) attacks are widely regarded as a major threat to the Internet. A flooding-based DDoS attack is a very common way to attack a victim machine by sending a large amount of malicious traffic. Existing networklevel congestion control mechanisms are inadequate in preventing service quality from deteriorating because of these attacks. Although a number of techniques have been proposed to defeat DDoS attacks, it is still hard to detect and respond to floodingbased DDoS attacks due to a large number of attacking machines, the use of sourceaddress spoofing, and the similarities between legitimate and attack traffic. In this thesis, we propose a distributed framework which will help to improve the quality of service of internet service providers (ISP) for legitimate traffic under DDoS attacks. The distributed nature of DDoS problem requires a distributed solution. In this thesis, we propose a distance-based distributed DDoS defense framework which defends against attacks by coordinating between the distance-based DDoS defense systems of the source ends and the victim end. The proposed distance-based defense system has three major components: detection, traceback, and traffic control. In the detection component, two distance-based detection techniques are employed. The distance value of a packet indicates the number of hops the packet has traversed from