Fusion of Detection, Traffic Control and Traceback Technique for DDoS attacks r

Denial-of-Service (DoS) and Distributed Denial-of- Service (DDoS) attacks typically generate huge amount of adverse traffic to a target server and make the server unavailable for services. Several works had put lots of efforts to find novel and effective techniques to detect and prevent such attacks. However, most studies were conducted using offline data or via simulation. Only a few studies address the issues of server survivability when under DDoS attacks and perform real experiments to measure the effectiveness of filtering such malicious traffic since capturing and analyzing real attacking traffic on the fly would be an enormous task. This paper proposes a model to measure the effectiveness of filtering malicious traffic while actual attacks aim at a target server. The model performs a simple anomaly detection using the rates of input traffic which is classified into normal, suspicious and malicious traffic based on the pre-defined threshold values. If the input traffic is regarded as suspicious or malicious, the model will substantially drop part of the input traffic to an acceptable level so that only the small amount of traffic is allowed to pass and reach the target server. As a result, the server survives the attacks. When packets marked as normal and suspicious are allowed passing through then we employ a recursive based IP traceback method used to locate the original source node producing malicious packets. These packets could be produced by attackers deliberately or by Botnets and Zombies which are autonomously driven software producing malicious packets in the traffic.

[1]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[2]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[3]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[4]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[5]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[6]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[7]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[8]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[9]  Kotagiri Ramamohanarao,et al.  Protection from distributed denial of service attacks using history-based IP filtering , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[10]  Otto Carlos Muniz Bandeira Duarte,et al.  Towards Stateless Single-Packet IP Traceback , 2007, 32nd IEEE Conference on Local Computer Networks (LCN 2007).

[11]  Craig Partridge,et al.  Hardware support for a hash-based IP traceback , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[12]  Kotagiri Ramamohanarao,et al.  Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring , 2004, NETWORKING.

[13]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[14]  Rafael P. Laufer,et al.  Generalized Bloom Filters , 2007 .

[15]  Jun Xu,et al.  IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[16]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[17]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[18]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[19]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.