Correlation based approach with a sliding window model to detect and mitigate DDoS attacks

Abstract

DDoS attacks have become very popular since the turn of this millennium and has stayed in the headlines due to ever increasing and sometimes devastating attacks on popular web servers. In this study, we deal with DDoS attacks by proposing a correlation based approach with a sliding window model to detect and mitigate DDoS attack. The proposed scheme identifies malicious traffic flow towards a target system based on the volume of traffic flowing towards the victim machine and uses a correlation based approach with a sliding window model to detect and isolate malicious hosts. Rate limiting is applied individually on each malicious flow based on the volume of malicious traffic generated by the attacking hosts rather than a collective rate limiting on the total malicious flow towards victim. The results observed in simulation shows that the proposed approach detects the onset of the attacks very early and reacts to the threat by rate limiting the malicious flow based on the volume of attack traffic generated by each attacking hosts. The approach also adapts quickly to any changes in the rate of flow. The proposed system can be successfully implemented at critical points in the network as autonomous defense systems to limit the volume of malicious packet flow towards the target system.