A Novel Distributed Detection Scheme against DDoS Attack

A novel detection scheme against DDoS attack is proposed from a distributed perspective. The distributed end-hosts in the Internet are organized into a P2P network by Chord protocol for detection. The detection algorithm based on CUSUM and space similarity is deployed at each node in the P2P detection network. The P2P-based detection network is adopted, which makes the scheme be able to scale to the situation with a large number of detection nodes. CUSUM-based detection at the end-host can detect the slight change at the host. Thus it implements the early detection against DDoS attack, and relieves the detection burden at the victim end. It also can prevent the DDoS attack from forging and randomly changing the IP address, so it can locate the real attack hosts. Node trust is introduced for abnormal information broadcast, which can prevent network from congestion caused by malicious broadcast from malicious nodes. Abnormality detection among nodes based on space similarity can improve the detection accuracy. The experimental results indicate that the proposed scheme has better performance than CUSUM and time similarity algorithm individually deployed. It can reach as high as 96.1% detection rate and only 6.9% false positive rate. This P2Pbased scheme can be applied to resolve the communication problem in other distributed application system.