Distributed Denial of service (DDoS) attacks are one of the complex problems in the current Internet. TCP SYN and Reflection DDoS attacks have some distinct features which make them more difficult to deal with compared to the direct flooding DDoS attacks. In this paper, we analyze the TCP SYN and Reflection DDoS attacks and propose a hybrid model which comprises an enhanced automated model integrated with selected existing techniques to counteracting the above mentioned DDoS attacks efficiently. The hybrid model is invoked only during the attack times. In addition to dealing with the direct flooding aspect of TCP SYN and Reflection DDoS attacks, our model also drops the packets that are root cause for these attacks. Our model enables the victim to differentiate between the traffic that is originating from benign and malicious networks. Hence the victim can provide better services to the networks from which good traffic is originating and completely eliminate or provide limited service to the networks from which attack traffic is originating. The novelty of hybrid model lies in making efficient usage of the advantages present in different proposed techniques and minimizing their disadvantages, thereby making it more practical for the model to be deployed in the Internet. We describe a prototype implementation of the hybrid model with HP OpenView Network Node Manager (NNM) and analyse the results. The results indicate the potential usefulness of the proposed model in counteracting DDoS attacks in practice.
|Number of pages||14|
|Journal||Computer Systems Science and Engineering|
|Publication status||Published - May 2008|