Portal de Periódicos da CAPES

DDoS Attacks—Analysis and Prevention

2018; Springer International Publishing; Linguagem: Inglês

10.1007/978-981-10-8201-6_1

2367-3370

G. Dayanandam, T. Venkat Narayana Rao, D. Bujji Babu, S. Durga,

Network Packet Processing and Optimization

Distributed Denial-of-Service (DDoS) attacks overwhelm the critical resources of a target server in order to reject its services to the legitimate clients and attack mainly on the availability in the Confidentiality Integrity Availability (CIA) triad in Internet-based applications. In this paper, we analyze three major components of DDoS defense mechanisms such as DDoS detection, DDoS mitigation, and IP traceback. In the first step, we need to detect all DDoS attacks using any intrusion detection system to pinpoint the exact packet characteristics of the attack. We classify the attack traffic based on packet characteristics. The classification can lead to mitigate an attack. Mitigation scheme uses rate limits and filters the malicious packets. IP traceback is capable of tracing IP packets to their sources without depending upon source address field of the IP header. IP traceback mechanisms are used to identify true source address and to refuse spoofed IP addresses. Finally, in this paper we proposed a novel mechanism to defend DDoS attacks at network layer and application layer.