Using selective, short‐term memory to improve resilience against DDoS exhaustion attacks

Distributed denial of service (DDoS) attacks originating from botnets can quickly bring normally effective web services to a screeching halt. This paper presents SESRAA (selective short‐term randomized acceptance algorithms), an adaptive scheme for maintaining web service despite the presence of multifaceted attacks in a noisy environment. In contrast to existing solutions that rely upon ‘clean’ training data, we presume that a live web service environment makes finding such training data difficult if not impossible. SESRAA functions much like a battlefield surgeon's triage: focusing on quickly and efficiently salvaging good connections with the realization that the chaotic nature of the live environment implicitly limits the accuracy of such detections. SESRAA employs an adaptive k ‐means clustering approach using short‐term extraction and limited centroid evolution to defend the legitimate connections in a mixed attack environment. We present the SESRAA approach and evaluate its performance through experimental studies in a diverse attack environment. The results show significant improvements against a wide variety of DDoS configurations and input traffic patterns. Copyright © 2008 John Wiley & Sons, Ltd.