T-CAD: A threshold based collaborative DDoS attack detection in multiple autonomous systems

摘要

DDoS attack has emerged as a security threat to the services provided by internet service providers. The DDoS attack creates a huge danger to the availability of internet resources and services to legitimate users. Regardless of the presence of many defense mechanisms, the availability of bandwidth, security of computing resources are the challenges of on-going research. The increased rate of legitimate traffic flow and its similarity with the attack traffic flow made the DDoS problem more crucial. This paper proposed a distributed attack detection mechanism system called T-CAD that detects and mitigates the influence of DDoS attacks by observing traffic on the edge routers of autonomous systems. T-CAD computes the normalized router entropy and compares it to the various thresholds to efficiently discriminate between legitimate traffic, DDoS attack and flash events. The proposed attack detection system has been validated by performing simulation experiments with OMNeT++ and INET. The outcome of the simulation experiments shows that the T-CAD defense system has outperformed many existing thresholds and entropy-based DDoS attack detection mechanisms on several performance measures.