Active DDoS Attack Mitigation and Secure Threat Intelligence Sharing
Abstract
The DDoS (Distributed Denial of Service) attacks are increasing by each passing day on networks. There is a need to mitigate or prevent the networks from these types of attacks. To mitigate the DDoS active attack there are too many entities involved for sending signals and messages securely.This incident information is shared with the help of DoSTS (Denial of Service Open Threat Signaling). The DOTS framework provides a separate path along with DOTS clients and DOTS server for the process of information-sharing regarding active DDoS attack on attack target. For detection and mitigation of DDoS attack or any other malicious traffic on the network there is a need for continuous monitoring and automate all this process. Security Automation and Continuous Monitoring is deployed, with this, the incident threat information will be shared securely. The detection of active DDoS attacks, tracing of source, and mitigation is processed with the help of Managed Incident Lightweight Exchange. These incident messages are shared with the modified XML (Extensible Markup Language) or JSON (JavaScript Object Notation) function for security and privacy of network information on the attack target. With the help of a service provider or a third party, the active DDoS attack will be mitigated. These three frameworks are proposed by the standard body IETF (Internet Engineering Task Force). In this paper, we have proposed to combine these three frameworks for good results. Due to these frameworks, the existing devices and protocol are used to share the threat information and mitigate the active DDoS attack also. Due to this, the action against the malicious traffic on the network will be taken timely for detection and mitigation. And also, the services of attack targets for their customers will remain offline for a short period of time.