A Comprehensive Survey of Distributed Defense Techniques against DDoS Attacks

Distributed Denial of Service Attacks imposes a major threat to the availability of Internet services. Most of the applications like banking, trade, and e-commerce are dependent on availability of Internet. Defending Internet from these attacks has become the need of the hour. A typical DDoS defense comprises of three modules namely traffic monitoring, traffic analysis and traffic filtering. Based on placement of these modules, DDoS defense can be categorized into centralized DDoS defense and distributed DDoS defense. In centralized defense, all modules are placed on single point. Under severe DDoS attack, centralized defense itself succumbs to high volume of traffic. Hence it is itself vulnerable to DDoS attacks. In distributed defense, all of the defense modules are placed at different points and do not succumb to high volume of DDoS attack and can discover the attacks timely as well as fight the attacks with more resources. In this paper first important metrics are identified to evaluate distributed defense techniques. Then a comparative analysis based on identified metrics is done for existing distributed defense techniques. Research gaps are also highlighted in exiting techniques so as pursue research in this problem. Finally a generic defense methodology is proposed to combat DDoS attacks in automated manner.