|Author:||R. Bauer, H. Heseding, M. Flittner||links:||Bibtex|
|Source:||The 42nd IEEE Conference on Local Computer Networks (LCN), Singapore, Singapore, October 2017|
While many DDoS mitigation approaches utilize the flexibility of software-defined infrastructures in a decentralized fashion, most of them assume that the infrastructure as a whole is willing and capable of mitigating all incoming packets of an attack. Those approaches cannot be used out of the box, if the attack overburdens the infrastructure or the monetary budget for mitigation is limited. Therefore we present EarlyDrop, a trade-off driven DDoS defense mechanism based on transparent blackbox monitoring. With EarlyDrop, operators can choose to drop undifferentiated traffic before it is forwarded to the mitigation system in order to reduce the load onto the infrastructure – a trade-off between mitigation cost (resources, money) and return of mitigation.