Facing DDoS bandwidth flooding attacks

TitleFacing DDoS bandwidth flooding attacks
Publication TypeJournal Article
Year of Publication2020
AuthorsFurfaro, A, Pace, P, Parise, A
JournalSimulation Modelling Practice and Theory
Date PublishedJan-09-2019

Distributed Denial of Service (DDoS) attacks are among the most effective cybersecurity threats. In the last few years their diffusion, dimension and complexity have increased to reach critical levels. The devising of robust and scalable defense mechanisms to counteract such attacks is an urgent demand from the cyberspace to ensure its secure operation. This paper proposes a filter-based defense mechanism, derived as an extension of the StopIt technique, which (i) is able to face bandwidth flooding attacks and (ii) works on more realistic scenarios. The effectiveness of the technique, in the context of networking architectures providing Quality of Service (QoS) enforcing policies (e.g. DiffServ), has been evaluated by means of a modular model implemented into the ns-3 simulator. In particular, the performance of the technique, in the context of a video streaming scenario, having high bandwidth demand and stringent QoS constraints, has been assessed.

Short TitleSimulation Modelling Practice and Theory