Modelling and Simulation of a Defense Strategy to Face Indirect DDoS Flooding Attacks

TitleModelling and Simulation of a Defense Strategy to Face Indirect DDoS Flooding Attacks
Publication TypeBook Chapter
Year of Publication2014
AuthorsFurfaro, A, Pace, P, Parise, A, Molina, L
Book TitleInternet and Distributed Computing Systems
Series TitleLecture Notes in Computer Science
Volume8729
Pagination263-274
PublisherSpringer International Publishing
ISBN Number978-3-319-11691-4
Abstract

Distributed Denial of Service (DDoS) flooding attack is one of the most diffused and effective threat against services and applications running over the Internet. Its distributed and cooperative nature makes it complicated to prevent and/or to counteract. StopIt is a robust, filter-based defence mechanism which is able to deal with various types of massive DDoS flooding attacks but which fails when the DDoS is achieved indirectly, i.e. by congestion of a link shared with the victim. This paper introduces an extension of StopIt which makes it able to cooperate with capability-based mechanisms for defeating indirect attacks. The enhanced version of the protocol has been implemented into the ns-3 simulator and its effectiveness has been evaluated under different scenarios.

URLhttp://dx.doi.org/10.1007/978-3-319-11692-1_23
DOI10.1007/978-3-319-11692-1_23