Filtering based defense mechanisms against DDOS attacks for core networks

Abstract

In this thesis, we present filtering based defense mechanisms against Distributed Denial of Service (DDoS) attacks for core networks. Initially, several filtering techniques are analyzed and their advantages and disadvantages are presented. A comparative classification of these methods is provided for security analysts. Classification results suggest that there are a few filtering methods that are both proactive and collaborative. Proactivity provides prevention of attacks before it spreads whereas collaboration enables getting knowledge about di↵erent points of the network and deciding filters together. Thus, we proposed a proactive and collaborative model called ScoreForCore. It is a statistical packet based defense mechanism that selects the most appropriate attributes for current attack traffic. Our results suggest that the success of the system’s behavior on legal and attack packets increased considerably. This strategy is also convenient for current emerging technology for core networks, called Software Defined Networking (SDN). It has several problems related to security that are largely induced by the centralized control paradigm. In that regard, DDoS attacks are specifically valid for SDN environment. Several defense mechanisms in SDN environment are analyzed and comparative classification is provided for rendering the current state of the art in the literature. Then, our defense strategy is applied on SDN environment with capable switches. This mechanism’s(SDNScore) results suggest that it gives perfect results for several known attacks and 84% success for an unknown attack. Since there is a trade-o↵ between SDN paradigm and capable switches in SDNScore, we improved it and proposed another model called Joint Entropy based Scoring for SDN (JESS) that carries all burden to the controller and does not need capable switches. The results suggest that it is an elegant defense method for SDN environment.