A Source-end Defense System against DDoS Attacks
Distributed denial-of-service (DDoS) attacks are emerging as threat to the stability of the Internet recently. In last few years, many approaches have been proposed to prevent DDoS attack. However, these approaches either have high false alarm rate, or poor performance for response. To address both issues, we proposed a source-end DDoS defense system that offers high accuracy of detection and effectiveness of response system to prevent the attack traffic from forwarding to the victim. The detection scheme determines the degree of DDoS attacks based on distribution, congestion, and continuity. Subsequently, the response scheme limits the allowed bandwidth of attack traffic in proportion to its behavior. Moreover, it can efficiently recover the limited rate if the flow becomes compliant. According to our simulation, the test results validate that our performance is better than existed scheme.