Abstract Frequent attacks on network infrastructure using various forms of denial of service (DoS) attacks and distributed denial of service (DDoS) attacks, have led to an increased need for developing means for preventing those attacks. Several theories have been proposed in an effort to resolve the problems inherent in DDoS. Recently, the detection of both DDoS and the discovery of a DDoS attacking signature have meant the traffic measurement analysis method could be used for defense at a protocol level.It remains a great challenge to accurately determine the symptom of attack. The problem becomes more complicated if the transmission speed is very high, even perhaps in the vicinity of 1 Gbps. A logical starting point is to ask how that level of flow can be maintained. Since it is difficult to find the exact signature of the attack, another issue would be how to identify the onset of the attack and determine the malicious flows blocking them in future. Currently, there has been no standardized DDoS protection method or countermeasure that is able to deal with DDoS attacks based on the transmission of the malicious packets at the flow rate of 1 Gbps.In this thesis, we have designed and implemented a DDoS countermeasure capable to handle a flow rate of 64.000 Gbps, while simultaneously identifying legitimate and malicious flows, and applying filtering in order to suppress malicious traffic while providing guaranteed QoS to legitimate traffic. In the proposed architecture, DAG technology has been used to deal with the main issues related to packet handling and filtering.

The results show that proposed DDoS countermeasure is able to handle all incoming traffic, identifying the onset of the malicious activity, effectively suppressing it while maintaining legitimate connections.

Timurs_Thesis_f01.pdf