Dual-level defense for networks under DDoS attacks
Proceedings of the 2010 ACM Symposium on Applied Computing
Simulation of dynamic honeypot based redirection to counter service level DDoS attacks
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Journal of Intelligent Manufacturing
Dual-Level Attack Detection, Characterization and Response for Networks Under DDoS Attacks
International Journal of Mobile Computing and Multimedia Communications
| Hi-index | 0.00 |
The inherent vulnerabilities in TCP/IP architecture give dearth of opportunities to DDoS attackers. The array of schemes proposed for detection of these attacks in real time is either targeted towards low rate attacks or high bandwidth attacks. Presence of low rate attacks leads to graceful degradation of QoS in the network thus making them further undetectable. In this paper, we propose a scheme that uses three lines of defense. The first line of defense is towards detecting the presence of low rate as well as high bandwidth attacks based on entropy variations in small time windows. The second line of defense identifies and tags attack flows in real time. The last line of defense is redirecting the attack flows to honeypot server that responds in contained manner to the attack flows, thus providing deterrence and maintaining QoS at ISP level. We validate the effectiveness of the approach with simulation in ns-2 on a Linux platform.