BotFilter - An Approach to Defend Application Layer Distributed Denial of Service Attacks

Distributed Denial of service attacks flood the victim with huge traffic originating from different sources. Application layer DDoS attacks aim on denying application services by mimicking flash crowds. An efficient defense system that can detect the attack at the earliest while posing limited or no overhead to normal users is necessary to minimize losses. Botnet is a collection of nodes connected together for malicious purposes. DDoS attacks are usually carried out using botnets. An effective approach namely, BotFilter is proposed in this paper to detect and mitigate these attacks. The proposed defense system has two phases. Filter phase makes use of dual bloom filter and sketch data structure to filter out the malicious requests by verifying it against the hosts that were detected in previous cycles. Capture phase calculates the dissimilarity between two consecutive sketches using Hellinger distance. This avoids the computation intensive task of calculating the IP address from the sketches. BotFilter is an effective defense system against DDoS attacks posing negligible impact to legitimate users.