Authors: Qingxia Li; Wenhong Wei; Ming Tao; Qian Chen
Addresses: Department of Computer, City College of Dongguan University of Technology, Dongguan 523419, China ' School of Computer, Dongguan University of Technology, Dongguan 523808, China ' Engineering and Technology Institute, Dongguan University of Technology, Dongguan 523808, China ' School of Computer, Dongguan University of Technology, Dongguan 523808, China
Abstract: In distributed denial of service (DDoS) attack, the detection techniques have existed for a relatively longer period of time than defence mechanisms, researchers have categorised almost all the existing and expected forthcoming attacks. However, techniques for defence are still nurturing. Researchers have explored that there could be diverse ways of launching DDoS attacks. Consequently, need of defence scheme that adapts and responds autonomously to these variety of attacks is imperative. This paper proposed a distributed defence scheme based on two-stage traffic flow control against DDoS attacks that present the most serious threats to the internet. The defence using this scheme deploys two kinds of coordinated modules through specific mechanism to protect internet servers. And the performance of the scheme was evaluated by network simulation. Simulation results show that the proposed scheme can greatly increase the throughput of legitimate traffic and reduce the attack traffic during DDos attacks, and it performs well even when it is only partially deployed.
Keywords: distributed DOS; denial of service; DDoS attacks; traffic flow control; network simulation; intrusion detection; network security; internet security.
International Journal of Communication Networks and Distributed Systems, 2014 Vol.13 No.3/4, pp.290 - 300
Received: 02 Aug 2013
Accepted: 18 Apr 2014
Published online: 30 Aug 2014 *