Abstract:

Defense of DDoS attacks at their sourceend networks is a kind of proactive defense to detect and block DDoS traffic. A comparative study was made on the detectability of constant rate DDoS attacks and grouped DDoS attacks based on the discrepancy in the number of packets sent to and received from a specific destination. Simulation results show that (1) there is a tradeoff between detectability of constant rate attacks and their destruction, and decreasing attack rate is not an ideal solution to enhance concealment of the attacks; (2) detectability of grouped attacks can be reduced by flexible group configurations with no loss of the attack destruction, among which increasing attack groups and attack sources is an effective solution.

Key words: DDoS; source-end defense; traffic sending mode; attack detection