Facing DDoS bandwidth flooding attacks
|Title||Facing DDoS bandwidth flooding attacks|
|Publication Type||Journal Article|
|Year of Publication||2020|
|Authors||Furfaro, A, Pace, P, Parise, A|
|Journal||Simulation Modelling Practice and Theory|
Distributed Denial of Service (DDoS) attacks are among the most effective cybersecurity threats. In the last few years their diffusion, dimension and complexity have increased to reach critical levels. The devising of robust and scalable defense mechanisms to counteract such attacks is an urgent demand from the cyberspace to ensure its secure operation. This paper proposes a filter-based defense mechanism, derived as an extension of the StopIt technique, which (i) is able to face bandwidth flooding attacks and (ii) works on more realistic scenarios. The effectiveness of the technique, in the context of networking architectures providing Quality of Service (QoS) enforcing policies (e.g. DiffServ), has been evaluated by means of a modular model implemented into the ns-3 simulator. In particular, the performance of the technique, in the context of a video streaming scenario, having high bandwidth demand and stringent QoS constraints, has been assessed.
|Short Title||Simulation Modelling Practice and Theory|