Cargando…
Design and analysis of DDoS mitigating network architecture
Distributed Denial of Service (DDoS) attacks have emerged as the top security threat with the rise of e-commerce in recent years. Volumetric attacks are the most common DDoS attacks that aim to overwhelm the victim’s bandwidth. The current mitigation methods use reactive filtering techniques that ar...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer Berlin Heidelberg
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9713101/ https://www.ncbi.nlm.nih.gov/pubmed/36471814 http://dx.doi.org/10.1007/s10207-022-00635-1 |
| _version_ | 1784841938398085120 |
|---|---|
| author | Swati Roy, Sangita Singh, Jawar Mathew, Jimson |
| author_facet | Swati Roy, Sangita Singh, Jawar Mathew, Jimson |
| author_sort | Swati |
| collection | PubMed |
| description | Distributed Denial of Service (DDoS) attacks have emerged as the top security threat with the rise of e-commerce in recent years. Volumetric attacks are the most common DDoS attacks that aim to overwhelm the victim’s bandwidth. The current mitigation methods use reactive filtering techniques that are not magical and straightforward solutions. In this paper, we propose a network architecture based on the capability to address the threat of DDoS attacks. Physically Unclonable Functions (PUFs) have emerged as a promising solution in security. Motivated by the capability approach, we put forward a network architecture where the routers use Transient Effect Ring Oscillator PUF to generate and verify capabilities. This novel hardware-based solution, to address the problem, has reduced the computational overhead of capability generation. Additionally, the destination has complete control over the incoming traffic in the proposed architecture, resulting in uninterrupted communication with the legitimate clients regardless of the attacker traffic. The large-scale simulation on an open-source Network Simulator (NS-3) has shown that the proposed architecture efficiently mitigates DDoS attacks to a large extend. With our proposed architecture, the throughput was hardly affected when attacker traffic was varied from 10 to 80%. |
| format | Online Article Text |
| id | pubmed-9713101 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | Springer Berlin Heidelberg |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-97131012022-12-01 Design and analysis of DDoS mitigating network architecture Swati Roy, Sangita Singh, Jawar Mathew, Jimson Int J Inf Secur Regular Contribution Distributed Denial of Service (DDoS) attacks have emerged as the top security threat with the rise of e-commerce in recent years. Volumetric attacks are the most common DDoS attacks that aim to overwhelm the victim’s bandwidth. The current mitigation methods use reactive filtering techniques that are not magical and straightforward solutions. In this paper, we propose a network architecture based on the capability to address the threat of DDoS attacks. Physically Unclonable Functions (PUFs) have emerged as a promising solution in security. Motivated by the capability approach, we put forward a network architecture where the routers use Transient Effect Ring Oscillator PUF to generate and verify capabilities. This novel hardware-based solution, to address the problem, has reduced the computational overhead of capability generation. Additionally, the destination has complete control over the incoming traffic in the proposed architecture, resulting in uninterrupted communication with the legitimate clients regardless of the attacker traffic. The large-scale simulation on an open-source Network Simulator (NS-3) has shown that the proposed architecture efficiently mitigates DDoS attacks to a large extend. With our proposed architecture, the throughput was hardly affected when attacker traffic was varied from 10 to 80%. Springer Berlin Heidelberg 2022-11-30 2023 /pmc/articles/PMC9713101/ /pubmed/36471814 http://dx.doi.org/10.1007/s10207-022-00635-1 Text en © The Author(s), under exclusive licence to Springer-Verlag GmbH, DE 2022, Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Regular Contribution Swati Roy, Sangita Singh, Jawar Mathew, Jimson Design and analysis of DDoS mitigating network architecture |
| title | Design and analysis of DDoS mitigating network architecture |
| title_full | Design and analysis of DDoS mitigating network architecture |
| title_fullStr | Design and analysis of DDoS mitigating network architecture |
| title_full_unstemmed | Design and analysis of DDoS mitigating network architecture |
| title_short | Design and analysis of DDoS mitigating network architecture |
| title_sort | design and analysis of ddos mitigating network architecture |
| topic | Regular Contribution |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9713101/ https://www.ncbi.nlm.nih.gov/pubmed/36471814 http://dx.doi.org/10.1007/s10207-022-00635-1 |
| work_keys_str_mv | AT swati designandanalysisofddosmitigatingnetworkarchitecture AT roysangita designandanalysisofddosmitigatingnetworkarchitecture AT singhjawar designandanalysisofddosmitigatingnetworkarchitecture AT mathewjimson designandanalysisofddosmitigatingnetworkarchitecture |