Resilient Network Design Against Distributed Denial-of-Service (DDoS) Attacks
DOI:
https://doi.org/10.15662/IJARCST.2019.0206001Keywords:
Distributed Denial-of-Service, DDoS mitigation, resilient network design, anomaly detection, network segmentation, software-defined networking, traffic filteringAbstract
Distributed Denial-of-Service (DDoS) attacks pose a significant threat to the availability and reliability of networked systems worldwide. These attacks overwhelm targeted networks, servers, or services by flooding them with excessive traffic from multiple compromised sources, making legitimate access impossible. As DDoS attacks have grown in scale, complexity, and frequency, designing resilient networks capable of mitigating their impact has become imperative. This paper explores the key principles and techniques involved in resilient network design aimed at defending against DDoS attacks. We analyze architectural strategies such as network segmentation, redundancy, and traffic filtering, alongside detection and mitigation mechanisms including anomaly detection, rate limiting, and blackholing. A comprehensive literature review highlights various defense frameworks and their effectiveness in realworld scenarios. The research methodology combines a critical review of existing network designs and simulationbased performance evaluations to identify strengths and weaknesses. Key findings indicate that multi-layered defense strategies incorporating proactive detection and adaptive mitigation provide superior resilience. Furthermore, the integration of software-defined networking (SDN) enhances network flexibility and dynamic response capabilities. The workflow for resilient network design involves continuous monitoring, attack detection, traffic analysis, and adaptive response to minimize service disruption. While these approaches improve robustness, challenges remain in balancing security, network performance, and cost. The study concludes with recommendations for future research focused on machine learning-based anomaly detection, collaborative defense frameworks, and scalable architectures to handle emerging large-scale DDoS threats. This work provides a comprehensive foundation for network administrators, researchers, and designers to develop robust systems that sustain service availability under DDoS conditions.
References
1. Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39-53.
2. Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. IEEE Symposium on Security and Privacy, 305-316.
3. Garcia, S., Grill, M., Stiborek, J., & Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45, 100-123.
4. Kambourakis, G., Anagnostopoulos, C., Mylonas, A., & Gritzalis, S. (2011). On the design of efficient DDoS mitigation mechanisms. IEEE Communications Magazine, 49(8), 58-64.
5. Kreutz, D., Ramos, F., Verissimo, P., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S. (2015). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1), 14-76.
6. Yu, S., Liu, J., Zhao, J., & Xiao, Y. (2013). A survey of collaborative defense for DDoS attacks. IEEE Communications Surveys & Tutorials, 15(4), 1923-1946.
