Visible to the public Proactive DDoS attack detection and isolation

TitleProactive DDoS attack detection and isolation
Publication TypeConference Paper
Year of Publication2017
AuthorsKansal, V., Dave, M.
Conference Name2017 International Conference on Computer, Communications and Electronics (Comptelix)
ISBN Number978-1-5090-4708-6
KeywordsAttack proxy, composability, Computer crime, computer network security, Cyber Attacks, cyber threat, Data processing, DDoS attack detection, distributed denial of service, early detection-and-isolation policy, EDIP, Human Behavior, Insider-assisted DDoS attack, insider-assisted DDoS attack mitigation, IP networks, legitimate clients, load balancing, Load management, Metrics, Migration, Monitoring, MTD, proactive DDoS attack detection, proactive DDoS attack isolation, proxy level, pubcrawl, Resiliency, resource allocation, security controls, Servers

The increased number of cyber attacks makes the availability of services a major security concern. One common type of cyber threat is distributed denial of service (DDoS). A DDoS attack is aimed at disrupting the legitimate users from accessing the services. It is easier for an insider having legitimate access to the system to deceive any security controls resulting in insider attack. This paper proposes an Early Detection and Isolation Policy (EDIP)to mitigate insider-assisted DDoS attacks. EDIP detects insider among all legitimate clients present in the system at proxy level and isolate it from innocent clients by migrating it to attack proxy. Further an effective algorithm for detection and isolation of insider is developed with the aim of maximizing attack isolation while minimizing disruption to benign clients. In addition, concept of load balancing is used to prevent proxies from getting overloaded.

Citation Keykansal_proactive_2017