A Framework for Collaborative DDoS Defense

George Oikonomou
University of Delaware

Jelena Mirkovic
University of Delaware

Peter Reiher

Max Robinson
The Aerospace Corporation

Flooding distributed denial-of-service (DDoS) attacks are a top
security threat for critical Internet services.
The distributed nature of DDoS suggests that a distributed defense mechanism
is necessary.
Three main defense functionalities --- attack detection, rate limiting
and traffic differentiation ---
are most effective when performed at the victim-end, core and source-end respectively.
Secure collaboration between defenses at different locations would
allow them to complement their weaknesses with strengths of other participants,
achieving better, synergistic defense.

Many existing systems are successful in one aspect of defense, such as
attack detection, traffic differentiation or distributed defense in a specific
scenario, but none offers a comprehensive solution and none has seen a
wide deployment. We propose to harvest the strengths of existing defenses
by organizing them into a collaborative overlay, called DefCOM,
and augmenting them with communication
and collaboration functionalities. Nodes collaborate
during the attack to spread alerts and recognize and protect legitimate
while rate limiting the attack. DefCOM can accommodate many existing
defenses, provide synergistic response to attacks and naturally lead to an Internet-wide response
to DDoS threat.

Keywords: DDoS, distributed defense, flooding, collaborative defense

Read Paper Read Paper (in PDF)