vioft2nntf2t|tblJournal|Abstract_paper|0xf4ff4a3500000000d245000001000500
Distributed Denial of service is a major threat to the availability of internet services. Due to the distributed, large scale nature of the Internet makes DDoS (Distributed Denial-of-Service) attacks stealthy and difficult to counter. Defense against Distributed Denial- of -Service attacks is one of the hardest security problems on the Internet. Recently these network attacks have been increasing. Therefore more effective countermeasures are required to counter the threat. This requirement has motivated us to propose a novel mechanism against DDoS attack. This paper presents the design details of a distributed defense mechanism against DDoS attack. In our approach, the egress routers of the intermediate network coordinate with each other to provide the information necessary to detect and respond to the attack. Thus, a detection system based on single site will have either high positive or high negative rates. Unlike the traditional IDSs (Intrusion Detection System) this method has the potential to achieve high true positive ratio. This work has been done by using consensus algorithms for exchanging the information between the detection systems. So the overall detection time would be reduced for global decision making.