The rapid evolution of cyber threats such as distributed denial of service (DoS) and distributed denial of service (DDoS) attacks have become a ubiquitous concern within contemporary information technology landscape. This paper presents a comprehensive framework for detection and mitigation of DoS/DDoS attacks by particularly focusing on SYN and ICMP flood variants in resource constrained edge systems. The detection module acts as the analytical core, using traffic data to identify anomalies, which achieves a detection accuracy of 98.0%. as highlighted in Eq. 1. This component also demonstrates a low false positive rate (FPR) which is 2.91 % as indicated in Eq. 2 maintaining the integrity of the system during normal traffic spikes. The Mitigation module swiftly responds to identified threat by blocking malicious IP addresses in real time. This takes 20 to 50 s (s) after detection which minimize potential service disruption. The system incorporates real time monitoring capabilities and automated mitigation response. This approach highlights significant promise in enhancing network security resilience against DoS/DDoS attacks that have shown a significant increase compared to previous years.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Detection and Mitigation of DoS/DDoS Attacks: A Threshold-Based Lightweight Security Framework for Edge Systems

  • Mikiyas Alemayehu,
  • Istteffanny Araujo,
  • Alexandros Chrysikos

摘要

The rapid evolution of cyber threats such as distributed denial of service (DoS) and distributed denial of service (DDoS) attacks have become a ubiquitous concern within contemporary information technology landscape. This paper presents a comprehensive framework for detection and mitigation of DoS/DDoS attacks by particularly focusing on SYN and ICMP flood variants in resource constrained edge systems. The detection module acts as the analytical core, using traffic data to identify anomalies, which achieves a detection accuracy of 98.0%. as highlighted in Eq. 1. This component also demonstrates a low false positive rate (FPR) which is 2.91 % as indicated in Eq. 2 maintaining the integrity of the system during normal traffic spikes. The Mitigation module swiftly responds to identified threat by blocking malicious IP addresses in real time. This takes 20 to 50 s (s) after detection which minimize potential service disruption. The system incorporates real time monitoring capabilities and automated mitigation response. This approach highlights significant promise in enhancing network security resilience against DoS/DDoS attacks that have shown a significant increase compared to previous years.