Simulation of dynamic honeypot based redirection to counter service level DDoS attacks

DDOS attacks generate flooding traffic from multiple sources towards selected nodes which may be targets of opportunity or targets of choice. The latter reflects service level attacks aimed to disrupt services. Array of schemes have been proposed for defense against DDOS attacks in real time. Low rate DDOS attacks lead to graceful degradation while high rate attacks leave network functionally unstable. Our scheme uses three lines of defense. The first line of defense detects the presence of attacks. The second line of defense identifies and tags attack flows in real time. As the last line of defense, a model for dynamic honeypot routing and redirection has been proposed in response to identified attacks that triggers the automatic generation of adequate nodes to service client requests and required number of honeypots that interact with attackers in contained manner. The judicious mixture of servers and honeypots at different time intervals provide stable network functionality at ISP level. We validate the effectiveness of the approach with analytical modeling on Internet type topology and simulation in ns-2 on a Linux platform.