Dynamic denial of service attack prevention using a Multi-Level IP Shedding Defense Mechanism

Abstract

Distributed Denial of Service (DDoS) attacks continue to evolve in scale and sophistication, overwhelming traditional defenses that struggle to distinguish malicious traffic from legitimate users. This dissertation proposes a novel Multi-Level IP Shedding Defense Mechanism (MLISDM) to dynamically mitigate DDoS threats through real-time IP reputation analysis and granular geographic zoning. By correlating IP addresses with localized zones (e.g., towns, regions) via WHOIS database insights, the system enforces adaptive, tiered restrictions (Levels 0–6) to block malicious traffic while minimizing disruption to legitimate users. The framework integrates a behavior-based Intrusion Detection System (IDS) and Prevention System (IPS), enabling real-time traffic analysis and firewall rule adjustments during attacks. Unlike static Access Control Lists (ACLs), this approach reduces collateral damage by leveraging geographic intelligence and IP reputation scoring to prioritize high-risk zones. Prototype testing on a private network testbed demonstrated the system’s ability to neutralize simulated DDoS attacks with over 90% accuracy while maintaining service availability for legitimate users. Key innovations include the novel integration of profitability metrics with granular user location data. This synergy refines defense precision by enabling business-value-driven traffic prioritization—a capability often absent in conventional, technically-focused DDoS mitigation techniques—which in turn ensures critical assets receive prioritized protection during attacks. The results highlight MLISDM’s scalability, adaptability, and reduced reliance on manual intervention, offering a proactive defense against evolving DDoS tactics. This work advances information security by bridging gaps in current mitigation strategies, providing a blueprint for intelligent, context-aware cybersecurity frameworks.

Keywords: DDoS mitigation, IP reputation, geographic zoning, adaptive access control, intrusion prevention.