A Clustering Defense Against Distributed Denial of Service Attacks

Distributed Denial of Service (DDoS) attacks can quickly bring normally effective web services to a screeching halt. While there has been a significant amount of research conducted on DoS and DDoS attacks in the literature, the vast majority of the solutions focus on isolating the perceived static signature or static set of attackers. However, the noisy nature of Internet traffic coupled with sophisticated dynamic attacks negates the effectiveness of most solutions. This thesis presents Randomized Algorithms for Packet InferencE and Rejection (RAPIER), an adaptive scheme for maintaining web service despite the presence of multifaceted attacks in a noisy environment. In contrast to existing solutions that rely upon 'clean' training data, a live web service environment makes finding such training data difficult if not impossible. Thus, RAPIER focuses on quickly and efficiently salvaging good connections with the realization that the chaotic nature of the live environment necessitates implicitly limits the accuracy of such detections. RAPIER employs an adaptive k-means clustering approach co-located with the load balancer to defend the legitimate connections in a mixed attack environment. I present the RAPIER approach and evaluate its performance through initial simulation surveys, which are explored further through experimental studies in a diverse attack environment ranging from SYN floods to flash crowds to zombie wget loops.