SymSDN: A DRDoS Attack Prevention Approach

Abstract

Distributed Denial of Service (DDoS) attacks are hostile attempts toward the normal functioning of a system. The attacker exploits vulnerabilities present in various systems to convert them into botnets or bots. These bots generate massive amount of internet traffic towards the victim, choking its bandwidth, and disrupting its connectivity to the internet. Distributed Reflection Denial of Service (DRDoS) attack, a type of DDoS attack, exploit vulnerable servers to generate huge attack traffic towards the target by source IP spoofing, making them even worse. In this paper, we present a mechanism to defend against DRDoS attacks. The mechanism is based on symmetric routing that forces response packets to take the same path as that of request packets. This causes the attack to divert back to the attacker, saving the client from it and also hampering the attacker’s ability to launch further attacks. The proposed methodology, SymSDN, also optimizes flow entries to deal with the overflow of routing tables by DDoS attacks. The percentage of packet loss and the throughput calculation in the result section prove the authenticity of our proposed approach.