Towards a distributed reputation-based DDoS mitigation architecture

Thesis

Distributed denial of service (DDoS) attacks are network attacks that leverage distributed attacking agents to cause excessive resource consumption such that legitimate users are denied access. Since their first documented occurrence in 1998, DDoS attacks have grown in magnitude and prevalence to being named the biggest threat to communication service provider (CSP) customers. Exponential growth of the Internet of things (IoT) has compounded the issue and has led researchers to conclude that the current mitigation strategies are unsustainable. We address this problem through the proposition of a distributed defence of service (DiDoS) architecture that harnesses the power of collaboratively maintained sender reputations to enable victim networks to make quick informed prioritization decisions on a per-packet granularity to alleviate the impact of DDoS attacks. The DiDoS architecture is evaluated both theoretically and empirically, via simulation in NS3, and is shown to eliminate the in-attack packet loss experienced by adopting clients even for low overall DiDoS adoption percentages.

Since the DDoS problem is vast, spanning many networks and organisations, much research agrees that a cooperative distributed defence is needed. The realization of such solutions requires collaboration between corporate, government, academic and Internet organisations; and such collaboration would be greatly aided by a method to commensurably compare the effectiveness of different defences. However, prior work evaluated defences in isolation, which is inconducive to commensurable comparison, or used benchmarking, which produces evaluation conclusions of limited value and longevity due to the limitations of the attacker strategies and capabilities captured in the static benchmarks.

We address this challenge by the proposition of a framework for the comparative evaluation of DDoS defences (CED3). CED3 introduces the notion of true effectiveness, which changes the paradigm of defence evaluation from asking whether a defence can withstand a particular attack to asking what it would take to overcome that defence, which boosts longevity of evaluation conclusion. Furthermore, CED3 leverages a defence map, which enables visual comparison between defences in a way that highlights both strengths and weaknesses. We apply the CED3 method to the comparative evaluation of four DDoS defences including the DiDoS framework, which is shown to possess the greatest true effectiveness and the second greatest ranking of adoptability (second to the defence of increasing the network capacity of a victim service).

Authors: Otung, A

• DOI: 10.5287/ora-yrekbkokj
• Type of award: DPhil
• Level of award: Doctoral
• Awarding institution: University of Oxford
• Language: English
• Keywords: effectiveness; evaluation; commensurable comparison; DiDoS; performance; reputation-based system; defence; CED3; cybersecurity; denial of service; collaborative mitigation; architecture; DDoS; network; distributed denial of service
• Subjects: Denial of service attacks; Network computers; Computer crimes; Computer security; Cyberinfrastructure; Autonomous distributed systems; Network performance (Telecommunication)