DDA: An Approach to Handle DDoS (Ping Flood) Attack

Distributed denial of service attack (DDoS) is an attempt by malicious hosts to overload website, network, e-mail servers, applications, network resources, bandwidth, etc. Globally DDoS attacks affected four out of ten organizations (around 41 %) over the past few years. Challenges involved in taking counter measures against DDoS attacks are network infrastructure, identifying legitimate traffic from polluted traffic, attacker anonymity, large problem space, nature of attacks, etc. Several approaches proposed in the past few years to combat the problem of DDoS attacks. These approaches suffer for many limitations. Some of the limitations include: implementing filtering at router (firewall enabled) will create bottleneck, additional traffic, no means of sending alert to an innocent host acting as a bot, etc. Ping flood attack is one kind of DDoS attack. In this paper, ping flood attack is analyzed and a new approach, distributed defence approach (DDA) is proposed to mitigate ping flood attack. Distributed defence is applied with the help of routers connected to network when count of PING request crosses a threshold limit or packet size is greater than normal ping packet size. Concept of the proposed approach is to help the end router by putting less load during filtering attack packets, enhancing the speed of processing and informing the innocent host acting as bot simultaneously making the DDoS attack ineffective.

[1]  Yan Chen,et al.  Botnet Research Survey , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[2]  Dongqing Yuan,et al.  A lab implementation of SYN flood attack and defense , 2008, SIGITE '08.

[3]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[4]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[5]  Clayton Bolz,et al.  Safely train security engineers regarding the dangers presented by denial of service attacks , 2004, CITC5 '04.

[6]  Virendra Kumar Yadav,et al.  ICSECV: An efficient approach of video encryption , 2014, 2014 Seventh International Conference on Contemporary Computing (IC3).

[7]  Vijay Varadharajan,et al.  Analysis of traceback techniques , 2006, ACSW.

[8]  Yinan Jing,et al.  NIS04-5: Defending Against Meek DDoS Attacks By IP Traceback-based Rate Limiting , 2006, IEEE Globecom 2006.

[9]  Virendra Kumar Yadav,et al.  Hiding large amount of data using a new approach of video steganography , 2013 .

[10]  Sanjeev Kumar,et al.  Microsoft vs. Apple: Resilience against Distributed Denial-of-Service Attacks , 2012, IEEE Security & Privacy.

[11]  Saumya Batham,et al.  A New Video Encryption Algorithm Based on Indexed Based Chaotic Sequence , 2013 .

[12]  Sonia Fahmy,et al.  Towards user-centric metrics for denial-of-service measurement , 2007, ExpCS '07.

[13]  Vijay Varadharajan,et al.  DoSTRACK: a system for defending against DoS attacks , 2009, SAC '09.