Integrated DDoS Attack Defense Infrastructure for Effective Attack Prevention

Abstract

Currently attackers are trying to paralyze servers and networks with various types of DDoS attacks. For example, on 7th July in 2009, a DDoS attack occurred against 48 web sites in South Korea and U.S.A. In this attack, the attack traffic pattern and the botnet construction methods are different from that of previous version. Due to the differences of the attack patterns, the 7.7 DDoS attack was not detected easily. These days, such new types of sophisticated attacks occur and it???s not easy to detect those attacks effectively. In fact, it???s been more than ten years since DDoS attacks discovered in late 1990s. However, DDoS attack is still one of the biggest threats in Internet infrastructure and IT environment. It is because almost all the DDoS defense techniques are not focused on general characteristics and infrastructure but on specific characteristics in each attack. In order to develop a general purpose DDoS defense technology, all the attack process and general characteristics should be analyzed. Furthermore, based on the each attack phases and location of network topology also have to be analyzed. For that, in this paper, we show a general DDoS attack process and each phase in this process. For each phase, we propose DDoS attack prevention requirements and finally suggest the integrated DDoS attack defense infrastructure. For the detailed explanation, we classify attack detection techniques into three categories.