Mitigation of TCP and UDP Based Distributed Denial of Service Attacks

Abstract

Denial of Service (DoS) attacks are serious threats to information availability as they deny users access to computer network or system, which can be very damaging to organizations. Although DoSattacks cannot be completely stopped, various defense mechanisms have been proposed and implemented. These mechanisms are anomaly-based detection techniques that use the concept of a baseline for network behavior. Any deviation from this established baseline is considered as an anomaly. These solutions are usually deployed on routers to protect internal computer network because detection at the victim end is easily achieved. However, most of these solutions only detect attacks, while administrators usually deploy the response and countermeasure manually. Detection alone may be useful in alerting human administrators for the presence of an attack and notifying upstream (closer to attack sources) devices, but unable to stop the attack automatically. For Distributed Denial of Service (DDOS) attacks, lack of an automated solution to mitigate the attack can cause serious consequences due to the high frequency and volume of traffic generated from malicious attackers against the target before manual countermeasures are applied. This research work presents a system that uses behavioral signatures to detect and mitigate DDOS attacks. It also compares the proposed system to an off-the-shelf solution (SNORT) in order to assess efficiency.