SADID: Distributed DoS Attack Mitigation Through Downstream Pattern Recognition and Upstream Packet Filtering
SADID is a DoS detection and mitigation system. It leverages selective routing and traffic profiling to automatically identify and filter DoS packets, while minimizing the need for human intervention. The system consists of two main components: monitoring agents and filtering agents. Monitoring agents are passive network entities that receive a copy of all packets passing through the network gateway. They use ML-based anomaly detection to detect patterns of DoS attacks. When an attack is detected, these agents will use a clustering approach to extract signatures of malicious packets which will be sent to the filtering agents. Filtering agents are active network entities that temporarily replace the network gateway for the duration of the attack. They use the received signatures to actively detect and drop malicious packets, thus alleviating the effect of the DoS attack.