The document discusses DDoS attacks and categorizes various types, including SYN flooding, ICMP flooding, and others, alongside mitigation techniques. It describes rule-based detection methods, load balancing using NAT, and techniques for pushback attack information to reduce traffic to the victim. Additionally, it emphasizes the importance of network security and offers multiple approaches to handle DDoS attacks.

1. DDOS Attack & Mitigation Techniques
Atul S. Sawant NDNS 1604006

2. Content
1. What is DDoS attack?
2. Types of DDoS attack
3. Rule Based DDoS Detection and mitigation technique
a) Attack detection
b) Load balancing
c) Push back attack information
d) Attack mitigation
4. DDoS attack detection method and mitigation using pattern
of the flow
a) Flow entries pattern detection
b) Handling mechanism
5. Conclusion
6. References

3. VICTIM
ATTACKER
SERVER
ZOMBIES/SLAVES

4. Type of DDOS attacks
1. SYN Flooding.
2. ICMP Flooding
3. Smurf attack.
4. Low-rate Denial-of-Service Attack.
5. TCP Flooding.

5. Rule Based DDoS Detection and
Mitigation
Technique

6. 1. Router detects the DDoS attack by monitoring continuously the
traffic pattern.
2. Perform load balancing on victim machine by replicating
servers using the NAT(Network Address Translator)
3. Attack recognition:
• Smurf attack(TransportProtocol=ICMP)^(DestinationIP=
Broadcast)
• ICMP Flooding(TransportProtocol=ICMP)^(Packet
Count>δPC)^(FlowRate>δFR)
• TCP Flooding(Transport Protocol=TCP)^(Source IP =
Destination IP)^( Packet count>δPC) ^ (FlowRate>δFR)
Attack Detection

7. Load Balancing
1. Multiple Servers
2. Load Balancing Using Network address translator

8. Pushback attack information
1. Passing the attack information to upstream routers.
2. The router which receives the attack signature limits the traffic
in the outgoing line through which it got the attack information
and it further forwards the attack signature to its upstream
routers.
3. The attack information is pushed deep enough so that the
traffic is reduced towards the victim machine.

9. 1. The Attack Signature specified in Table is
sent by destination router to upstream
routers to mitigate the attack
2. identify the source of attack and send the
attack signature to the upstream routers and
to discard the packets from these source
machines.
3. Transport protocol
Pushback attack information

10. Attack Mitigation

11. Using pattern of the flow
1. Pattern of flow entries is implemented on a router or switch
2. Handling mechanism is in the form of firewall

12. Three steps DDoS attack detection using pattern of the flow are
as follows:
1. Take the required data from the flow table. Perform detection
using flow header based on model of normal flow.
2. Perform detection based on pattern of DDoS flow, if detected,
then execute the next step.
3. Perform handling mechanism using layered firewall
against packet that coming from the second step.
Flow entries pattern detection

13. Handling mechanism
Layered Firewall: (double layered)

14. Comparison
Parameters Rule base detection Pattern of flow
Type of Attacks Smurf attack, ping of
death, TCP flooding, ICMP
flooding
SYN flooding, Low-rate
Denial of Service attack,
ICMP flooding
Detection Technique Deep packet inspection
mechanism using router
router or switch that
became a
liaison between the botnet
and server
Mitigation technique Using Network Address
translator and multiple
server
Multilayered Firewall
Mechanism Pushback Packet filtering

15. Other mitigation techniques
1. DDoS Attack Traceback and Mitigation System (DATMS)
2. Flooding DDoS Mitigation and Traffic Management with
Software Defined Networking

16. Conclusion
1. In comparison of both the papers, we see different techniques
used for deadlock detection and mitigation.
(1) Rule based detection and mitigation
(2) Detection and mitigation using pattern of flow
2. Technique (1) uses NAT for detection and mitigation while
technique (2)uses routers, switches and multilayered firewall.
3. Since it is completely difficult to avoid DDoS attack different
mitigation ways are available.
4. It is important to preserve the principles of network security.

17. Questions?

18. References
[1] Khamruddin, Md, and Ch Rupa. "
A rule based DDoS detection and mitigation technique." In 2012 Nirma University
International Conference on Engineering (NUiCONE), pp. 1-5. IEEE, 2012.
[2] Sanmorino, Ahmad, and Setiadi Yazid. "Ddos
attack detection method and mitigation using pattern of the flow." In Information and
Communication Technology (ICoICT), 2013 International Conference of, pp. 12-16.
IEEE, 2013
[3] 2016. [Online]. Available: Anon. Confidentiality, Integrity, Availability: The three
components of the CIA Triad. Retrieved November 4, 2016 from
http://security.blogoverflow.com/2012/08/confidentiality-integrity-availability-the-
three-components-of-the-cia-triad/. [Accessed: 04- Nov- 2016].
[4] Cisco Systems. (2014, January). Defeating DDos attack. [Online]. Available:
http://www.cisco.com/c/en/us/products/collateral/security/traffic-anomaly-detector-xt-5
600a/prod_white_paper0900aecd8011e927.html

19. Thank you