IP Address-Based Mitigation Against Denial-of-Service Flooding Attacks

Denial-of-service attacks have grown bigger and sophisticated over the years. The alarming number of online services became the targets of DDoS attacks. Emergence of Internet of Things (IOT) has made the situations devastating for the organizations. The flooding attacks are frequently launched by attackers. These attacks consume vital resources of the target resulting into degradation in quality of service and huge financial losses. Hence, it became necessary to design lightweight detection and mitigation approach. In this paper, the presented approach is based on IP address. The IPs are classified as known and unknown based on lists maintained at the target end. The packet filtering decisions are taken based on arrival of known/unknown source IP addresses, volume of incoming requests from these IPs and CPU utilization threshold of the target. The approach mitigates the attack impact for different patterns of attacks. The performance evaluation of the proposed mechanism is done using qualitative and quantitative parameters.