INFORMATION CHANGE THE WORLD

International Journal of Computer Network and Information Security(IJCNIS)

ISSN: 2074-9090 (Print), ISSN: 2074-9104 (Online)

Published By: MECS Press

IJCNIS Vol.9, No.3, Mar. 2017

Distributed Defense: An Edge over Centralized Defense against DDos Attacks

Full Text (PDF, 571KB), PP.36-44


Views:63   Downloads:1

Author(s)

Karanbir Singh, Kanwalvir Singh Dhindsa, Bharat Bhushan

Index Terms

DoS;DDoS;Distributed Denial of Service Attacks;Comparison;Distributed Defense;Centralized Defense

Abstract

Distributed Denial of Service (DDoS) attack is a large-scale, coordinated attack on the availability of services of a target/victim system or network resource/service. It can be launched indirectly through many compromised machines on the Internet. The Purpose behind these attacks is exhausting the existing bandwidth and makes servers deny from providing services to legitimate users. Most detection systems depend on some type of centralized processing to analyze the data necessary to detect an attack. In centralized defense, all modules are placed on single point. A centralized approach can be vulnerable to attack. But in distributed defense, all of the defense modules are placed at different points and do not succumb to the high volume of DDoS attack and can discover the attacks timely as well as fight the attacks with more resources. These factors clearly indicate that the DDoS problem requires a distributed solution than the centralized solution. In this paper, we compare both types of defense mechanisms and identify their relative advantages and disadvantages. Later they are compared against some performance metrics to know which kind of solution is best.

Cite This Paper

Karanbir Singh, Kanwalvir Singh Dhindsa, Bharat Bhushan,"Distributed Defense: An Edge over Centralized Defense against DDos Attacks", International Journal of Computer Network and Information Security(IJCNIS), Vol.9, No.3, pp.36-44, 2017.DOI: 10.5815/ijcnis.2017.03.05

Reference

[1]R. Chang, "Defending Against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial", In Telecommunications Network Security, IEEE Communications Magazine, pp. 42-51, October 2002.

[2]Y. Kim, W. Lau, M. Chuah, and H. Chao, " PacketScore: Statistics-based Overload Control against Distributed Denial-of-Service Attacks", IEEE Transactions on Dependable and Secure Computing, Vol. 3, No. 2, pp. 141-155, April-June 2006.

[3]F.Lau, S. Rubin, M. Smith, and L. Trajkovie, "Distributed Denial-of-Service Attack". In Proceedings of IEEE International Conference on Systems, Man, and Cybernetics, Nashville, TN, USA, pp. 2275-2280, October 2000.    [4]"Operation Payback cripples MasterCard site in revenge for WikiLeaks ban", Dec. 8, 2010, [online], http://www.guardian.co.uk/media/2010/dec/08/operation–payback–mastercard–website–wikileaks  licationsConference, Miami, FL, USA, pp. 33-42, December 2006.

[5]T. Kitten, "DDoS: Lessons from Phase 2 Attacks", Jan. 14, 2013, [online] http://www.bankinfosecurity.com/ddos-attacks-lessons-from-phase-2-a-5420/op-1

[6]K. Singh, N. Kaur, and D. Nehra, "A comparative analysis of various deployment based DDoS defense schemes", In proceedings of 9th international conference on Quality, Reliability, Security and Robustness in Heterogeneous Network, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 115, pp. 606-616, January 2013

[7]J. Mirkovic, G. Prier, and P. Reiher, "Attacking DDoS at the source", In Proceedings of the 10th IEEE International Conference on Network Protocols (ICNP), pp. 312–321, 2002

[8]Y. He, W. Chen, W. Peng, and B. Xiao. "An efficient and practical defense method against DDoS attack at the source-end", In Proceedings of the 11th International Conference on Parallel and Distributed Systems, Washington, DC, USA, 2005 Vol. 02, pp. 265–269, July 2005

[9]H. Wang, D. Zhang, and K. Shin, "Detecting SYN flooding attacks", In Proceedings of IEEE INFOCOM, 2002

[10]J. Cheng, W. Haining and K. G. Shin. "Hop-count filtering: An effective defense against spoofed DDoS traffic", In Proceedings of the 10th ACM conference on Computer and communications security, pp. 30–41, October 2003. 

[11]J. loannidis and S. Bellovin, "Implementing Pushback: Router-Based Defense against DDoS Attacks", In Proceedings. of Network and Distributed System Security Symposium, San Diego, California, 2002.

[12]D. Seo, H. Lee, and A. Perrig, "PFS: Probabilistic filter scheduling against distributed denial-of-service attacks", In Proceedings of the IEEE 36th Conference on Local Computer Networks (LCN), Bonn, Germany, pp. 9–17, October 2011.

[13]G. Oikonomou, J. Mirkovic, P. Reiher, and M. Robinson, "A Framework for a Collaborative DDoS Defense", In Proceedings of the 22nd Annual Computer Security Applications Conference, Miami, FL, USA, pp. 33-42, December 2006.

[14]M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker, "DDoS defense by offense", SIGCOMM Computer Communications Review, Vol. 36, no. 4, pp. 303-314, August 2006.

[15]T. M. Gil, and M. Poleto, "MULTOPS: a data-structure for bandwidth attack detection", In Proceedings of 10th Usenix Security Symposium, Washington, DC, pp. 2338, August 2001

[16]J. Mirkovic, J. Martin and P. Reiher, "A taxonomy of DDoS attacks and DDoS defense mechanisms", UCLA CSD Technical Report no. 020018.