D-FAC: A novel ϕ-Divergence based distributed DDoS defense system

A Distributed Denial of Service (DDoS) attack is an austere menace to extensively used Internet-based services and applications. Despite the presence of enormous DDoS defense solutions, the in-time detection of DDoS attacks poses a stiff challenge to network security professionals. The problem turns further crucial when such attacks are amalgamated with behaviorally similar flash events (FEs) wherein a large number of legitimate users starts accessing a particular service concurrently leading to the denial of service. This paper proposes an anomaly based distributed defense system called D-FAC that not only detect different type of DDoS attacks with efficacy but also efficiently mitigate their impact. D-FAC computes the information distance between legitimate and anomalous network traffic flows using information theory-based ϕ-Divergence metric to detect different types of DDoS attacks and efficiently discriminate them from FEs. D-FAC distribute the computational and storage complexity of computing ϕ-Divergence detection metric to the nearest point of presence (PoP) routers. D-FAC has been validated in an emulation based DDoSTB testbed using real DDoS attack tools and traffic generators. The results clearly show that D-FAC has outperformed existing Entropy and divergence based DDoS defense systems on various detection metrics like detection accuracy, classification rate, FPR, precision and F-measure.