A Hybrid Defense Technique for ISP Against the Distributed Denial of Service Attacks

As malicious traffic from botnets now threatens the network infrastructure of Internet Service Providers (ISPs), the importance of controlling botnets is greater than ever before. However, it is not easy to handle rapidly evolving botnets efficiently because of the highly evolved detection avoidance techniques used by botnet makers. Further, nowadays, Distributed Denial of Service (DDoS) attacks can compromise not only specific target sites but also the entire network infrastructure, as high-bandwidth Internet services are now being provided. Thus, ISPs are deploying their own defense systems to prevent DDoS attacks and protect their network infrastructure. However, the new problem ISPs confront is that botnet masters also try to destroy their defense systems to make their attack successful. ISPs can mitigate DDoS through botnet-specific management by taking preemptive measures, such as the proactive reverse engineering of suspicious code and the use of honeypots. This paper illustrates an advanced DDoS defense technique for the use of ISPs with a real case study of the technique’s implementation. This technique was proven very effective method for controlling botnets, and we could confirm this effectiveness in a real ISP environment.