DDoS Attack Mitigation Using Random and Flow-Based Scheme
A DDoS attack is known to deny services to legitimate users. IP trace back and attack detection are one of the main components in saving a network from such an attack. One of the key challenges is to reduce the number of packets required for trace back. A
- PDF / 434,867 Bytes
- 10 Pages / 439.37 x 666.142 pts Page_size
- 13 Downloads / 199 Views
1 Introduction Distributed denial-of-service attacks are a critical threat to the internet. DDoS attackers generate a huge amount of requests to victims through compromised computers (zombies), with the aim of denying normal service or degrading of the quality of services [1]. Internet was primarily designed to facilitate communication and was not designed in a way to give security to such communications. Hence, the network has a lot of scope of being attacked. DoS attacks are growing at a rapid speed, and they are becoming distributed and highly sophisticated. The astounding fact to know is that a DDoS attack can be launched at a minimum of $20. With the help of botnet, DDoS attack can be implemented by sending a few packets by each compromised system. It, hence, becomes difficult to differentiate between legitimate and illegitimate traffic. There are many schemes to tackle these attacks like DPM, PPM, FDPM, and information theory. Several detection schemes exist. Like a technique which prioritizes packets based on a score which estimates its legitimacy given the attribute values it carries and based on this score, selective packet discarding is carried out [2].
B. Joshi (B) · K. Rani Jaypee Institute of Information Technology, Noida, India e-mail: [email protected] K. Rani e-mail: [email protected] B. Joshi Swami Rama Himalayan University, Dehradun, India e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2019 R. K. Shukla et al. (eds.), Data, Engineering and Applications, https://doi.org/10.1007/978-981-13-6351-1_11
119
120
B. Joshi et al.
Another method was the one in which traffic is analyzed only at the edge routers of an Internet service provider (ISP) network [3, 4]. This framework is able to detect any source-address-spoofed DDoS attack, no matter whether it is a low-volume attack or a high-volume attack. We will be discussing about information theory and linear packet marking technique in this paper and its advantages over conventional DPM and PPM. We will also talk about some of the techniques from which we can prevent our system to be a part of the botnet. Entropy can measure the variations of randomness of flows on a given local router [5]. Based on such variations, a DDoS attack can be detected. If the difference between the entropy and mean is greater than a threshold value, then there is an attack.
2 Related Work 2.1 Node Append This is the simplest method of marking to trace the attacker. In this method, we continue appending the information about the router in the header of the packet. The disadvantage is the overhead on the packet header and insufficient space to accommodate so many routers [5].
2.2 Node Sampling This was introduced to solve the problem of storage overhead. The packets are marked depending on the probability chosen at random [5]. Either 0 or 1, can be chosen, so the probability is 0.5. A node once marked is not marked again. The problem lies when it becomes difficult to know which node will mark the packet and a high number of packets are r
Data Loading...
