A Ratio-Based Control Algorithm for Defense of DDoS Attacks
نویسندگان
چکیده
Resource depletion is a universal indicator of Distributed Denial of Service (DDoS) attacks. In this paper, we propose a ratio based control algorithm for detection and throttling of DDoS attacks. We use the sliding mode control (SMC) control theory to formulate and optimize the traffic control conditions for DDoS defense. A cluster-based control model is developed for the environment of an open network at reduced computing cost. The control algorithm is shown to be highly flexible and robust against different types of attack patterns. It can be integrated with different low level detection schemes, so that bandwidth sharing can be implemented using one common framework.
منابع مشابه
Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملA Defense Framework for Flooding-based DDoS Attacks
Distributed denial of service (DDoS) attacks are widely regarded as a major threat to the Internet. A flooding-based DDoS attack is a very common way to attack a victim machine by sending a large amount of malicious traffic. Existing networklevel congestion control mechanisms are inadequate in preventing service quality from deteriorating because of these attacks. Although a number of technique...
متن کاملExploring DDoS Defense Mechanisms
Nowadays, Distributed Denial-of-Service (DDoS) attacks are a major threat for all sizes of networks. The number of attacks against companies and institutions steadily increased over the last years. Downtime of an enterprise network usually causes financial damage. Therefore, it is important to have mechanism for DDoS defense. In this paper, various DDoS defense mechanisms are reviewed and compa...
متن کاملA Comprehensive Taxonomy of DDoS Attacks and Defense Mechanism Applying in a Smart Classification
-A Distributed denial of service (DDoS) attack uses multiple machines operating in concern to attack a network or site. It is the most important security problem for IT managers. These attacks are very simple organized for intruders and hence so disruptive. The detection and defense of this attack has specific importance among network specialists. In this paper a new and smart taxonomy of DDoS ...
متن کامل