Adaptive Response System for Distributed Denial-of-Service Attacks

This dissertation presents a Distributed denial-of-service Adaptive ResponsE (DARE) system, capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integration of distributed modules for both signature-based and anomaly-based detection. Additionally, the innovative design of DARE's individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. The distributed components work together interactively to adapt detection and response according to the attack types. Experiments on DARE show that the attack detection and mitigation were successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests was maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. The dissertation is available at http://pubs.doc.ic.ac.ukNrizlynnThing-PhD-Thesis-2008/VrizlynnThing-PhD-Thesis-2008.pdf.