Defense of DDoS Attacks Using Traffic Analysis at Router Level
Efficient Distributed Denial-of-Service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria were selected to highlight commonalities and important features of attack strategies, that defines challenges and dictate the design of countermeasures. The authors propose a novel trace back method for DDoS attacks that is based on entropy variations between normal and DDoS attack traffic, which is fundamentally different from commonly used packet marking techniques, results are graphically represented, the proposed model out performs the existing models in a significant way.