Modelling and Simulation of a Defense Strategy to Face Indirect DDoS Flooding Attacks

摘要

Distributed Denial of Service (DDoS) flooding attack is one of the most diffused and effective threat against services and applications running over the Internet. Its distributed and cooperative nature makes it complicated to prevent and/or to counteract. StopIt is a robust, filter-based defence mechanism which is able to deal with various types of massive DDoS flooding attacks but which fails when the DDoS is achieved indirectly, i.e. by congestion of a link shared with the victim. This paper introduces an extension of StopIt which makes it able to cooperate with capability-based mechanisms for defeating indirect attacks. The enhanced version of the protocol has been implemented into the ns-3 simulator and its effectiveness has been evaluated under different scenarios.