MAfIc: Adaptive packet dropping for cutting malicious flows to push back DDoS attacks

Abstract

In this paper, we propose a new approach called MAFIC (MAlicious Flow Identification and Cutoff) to support adaptive packet dropping to fend off DDoS attacks. MAFIC works by judiciously issuing lightweight probes to flow sources to check if they are legitimate. Through such probing, MAFIC would drop malicious attack packets with high accuracy while minimizes the loss on legitimate traffic flows. Our NS-2 based simulation indicates that MAFIC algorithm drops packets from unresponsive potental attack flows with an accuracy as high as 99% and reduces the loss of legitimate flows to less than 3%. Furthermore, the false positive and negative rates are low-only around 1% for a majority of the cases.