A Distributed Mechanism to Protect Against DDoS Attacks

  • Negar Mosharraf
  • Anura P. Jayasumana
  • Indrakshi Ray
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10359)


Distributed Denial of Service (DDoS) attacks remain one of the most serious threats on the Internet. Combating such attacks to protect the victim and network infrastructure requires a distributed real-time defense mechanism. We propose Responsive Point Identification using Hop distance and Attack estimation rate (RPI-HA) that when deployed is able to filter out attack traffic and allow legitimate traffic in the event of an attack. It dynamically activates detection and blocks attack traffic while allowing legitimate traffic, as close to the source nodes as possible so that network resources are not wasted in propagating the attack. RPI-HA identifies the most effective points in the network where the filter can be placed to minimize attack traffic in the network and maximize legitimate traffic for the victim during the attack period. Extensive OPNET\(^{\copyright }\) based simulations with a real network topology and CAIDA attack data set shows that the method is able to place all filtering routers within three routers of the attacker nodes and stop 95% of attack traffic while allowing 77% of legitimate traffic to reach victim node.



The authors gratefully thank Forcepoint LLC for their funding support.


  1. 1.
    Aghaei Foroushani, Z.H.: TDFA: traceback-based defense against DDoS flooding attacks. In: Proceedings of 28th International Conference on Advanced Information Networking and Applications (AINA), Victoria, BC, pp. 710–715. IEEE (2014)Google Scholar
  2. 2.
    Cabrera, J.B.D., Lewis, L., Qin, X.Z., et al.: Proactive intrusion detection and distributed denial of service attacks-a case study in security management. J. Netw. Syst. Manag. 10(2), 225–254 (2002)CrossRefGoogle Scholar
  3. 3.
    Chen, C., Park, J.-M.: Attack diagnosis: throttling distributed denial-of-service attacks close to the attack sources. In: Proceedings of IEEE International Conference on Computer Communications and Networks, pp. 275–280 (2005)Google Scholar
  4. 4.
    Francois, J., Aib, I., et al.: FireCol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Netw. 20(6), 1828–1841 (2012)CrossRefGoogle Scholar
  5. 5.
    Gil, T.M., Poletto, T.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of 10th Conference on USENIX Security Symposium, Washington, D.C., USA (2001)Google Scholar
  6. 6.
    John, A., Sivakumar, T.: DDoS: survey of traceback methods. Int. J. Recent Trends Eng. ACEEE (Assoc. Comput. Electron. Electr. Eng.) 1(2) (2009)Google Scholar
  7. 7.
    Mahajan, R., Bellovin, S.M., et al.: Controlling high bandwidth aggregates in the network. ACM SIGCOMM Comput. Commun. Rev. 32(3), 62–73 (2002)CrossRefGoogle Scholar
  8. 8.
    Mosharraf, N., Jayasumana, A.P., Ray, I.: A responsive defense mechanism against DDoS attacks. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 347–355. Springer, Cham (2015). doi: 10.1007/978-3-319-17040-4_23 Google Scholar
  9. 9.
    Peng, T., Leckie, C., Ramamohanarao, K.: Proactively detecting distributed denial of service attacks using source IP address monitoring. In: Mitrou, N., Kontovasilis, K., Rouskas, G.N., Iliadis, I., Merakos, L. (eds.) NETWORKING 2004. LNCS, vol. 3042, pp. 771–782. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24693-0_63 Google Scholar
  10. 10.
    Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39(1), 1–42 (2007)CrossRefGoogle Scholar
  11. 11.
    RioRey, Inc. 2009-2012: RioRey taxonomy of DDoS attacks, RioReyTaxonomyRev2.32012,2012.
  12. 12.
  13. 13.
  14. 14.
    Yaar, Y., Perrig, A., Song, D.: Pi: a path identification mechanism to defend against DDoS attacks. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, Pittsburgh, PA (2003)Google Scholar
  15. 15.
    Zargar, S., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutorials 15(4), 2046–2069 (2013)CrossRefGoogle Scholar
  16. 16.
  17. 17.
  18. 18.

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  • Negar Mosharraf
    • 1
  • Anura P. Jayasumana
    • 2
  • Indrakshi Ray
    • 3
  1. 1.Forcepoint Security LabsForcepoint LLCSan DiegoUSA
  2. 2.Department of Electrical and Computer EngineeringColorado State UniversityFort CollinsUSA
  3. 3.Department of Computer ScienceColorado State UniversityFort CollinsUSA

Personalised recommendations