DyProSD: a dynamic protocol specific defense for high-rate DDoS flooding attacks

High-rate distributed denial of service (HDDoS) flooding attacks pose as a major threat to the Internet. Most present solutions based on machine learning approach are inept for detecting the attacks in real time due to high processing overhead. In this paper, we present a defense solution referred to as DyProSD that combines both the merits of feature-based and statistical approach to handle HDDoS flooding attacks. The statistical module marks the suspicious traffic and forwards to an ensemble of classifiers for ascertaining the traffic as malicious or normal. Our method filters the attack traffic protocol specifically by allocating various protocol specific filter engines dynamically. As and when DDoS attack occurs and the load of a filter engine reaches beyond its capable limit, a new filter engine is recruited dynamically from the idle resource pool for filtering, thus guaranteeing the quality of service for legitimate users concurrently. We establish the effectiveness of DyProSD through several experimental analysis and real-world dataset experiments and the results indicate enough confidence in favour of our solution.