A ROBUST MECHANISM TO MITIGATE DDOS ATTACK USING ENTROPY VARIATION

Reddybathini Durga Siva Prasad, P.R.Krishna Prasad

Abstract


In the scenario of attack of Distributed Denial-of-Service, the flows by means of destination as the victim consist of legitimate flows and a grouping of flows of attack and legitimate flows. To commence an attack of Distributed Denial-of-Service, the attacker initially set up a network of computers that are used to produce the enormous traffic amounts that are essential to reject services to the legitimate users of the victim. The volumes of various flows augment considerably in an extremely small time period in the attack of Distributed Denial-of-Service when compared with the cases of non attack. The use of flow entropy variation was introduced in this paper. Once an attack of Distributed Denial-of-Service has been recognized, the victim commences the succeeding process of pushback to spot the location of zombies. Additionally this process is repetitive in a fashion of parallel and distributed mode until it reaches the source of attack otherwise the limit of discrimination connecting the flows of attack and lawful flows is fulfilled.


Keywords


Distributed Denial-of-Service; Legitimate flow; Flow entropy variation; Push back; Attack Mitigation; NAT; Network Security

References


M. Sung et al., “Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Information-Theoretic Foundation,” IEEE/ACM Trans. Networking, vol. 16, no. 6, pp. 1253-1266, Dec. 2008.

Y. Xiang, W. Zhou, and M. Guo, “Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks,” IEEE Trans. Parallel and Distributed Systems, vol. 20, no. 4, pp. 567-580, Apr. 2009.

R. Chen, J. Park, and R. Marchany, “A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks,” IEEE Trans. Parallel and Distributed Systems, vol. 18, no. 5, pp. 577- 588, May 2007.

Z. Duan, X. Yuan, and J. Chandrashekar, “Controlling IP Spoofing through Interdomain Packet Filters,” IEEE Trans. Dependable and Secure Computing, vol. 5, no. 1, pp. 22-36, Jan.-Mar. 2007.

T.K.T. Law, J.C.S. Lui, and D.K.Y. Yau, “You Can Run, But You Can’t Hide: An Effective Statistical Methodology to Traceback DDoS Attackers,” IEEE Trans. Parallel and Distributed Systems,vol. 16, no. 9, pp. 799-813, Sept. 2005

Y. Kim et al., “PacketScore: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks,” IEEE Trans. Dependable and Secure Computing, vol. 3, no. 2, pp. 141-155, Apr.-June 2006.

S. Yu, W. Zhou, and R. Doss, “Information Theory Based Detection against Network Behavior Mimicking DDoS Attacks,” IEEE Comm. Letters, vol. 12, no. 4, pp. 318-321, Apr. 2008

C. Gong and K. Sarac, “A More Practical Approach for Single- Packet IP Traceback Using Packet Logging and Marking,” IEEE Trans. Parallel and Distributed Systems, vol. 19, no. 10, pp. 1310- 1324, Oct. 2008

J. Mirkovic et al., “Testing a Collabotative DDoS Defense in a Red/Blue Team Exercise,” IEEE Trans. Computers, vol. 57, no. 8, pp. 1098-1112, Aug. 2008.

J. Xu and W. Lee, “Sustaining Availability of Web Services under Distributed Denial of Services Attacks,” IEEE Trans. Computers, vol. 52, no. 2, pp. 195-208, Feb. 2003.

B. Al-Duwairi and M. Govindarasu, “Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback,” IEEE Trans. Parallel and Distributed Systems, vol. 17, no. 5, pp. 403-418, May 2006.

S. Yu and W. Zhou, “Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks,” Proc. Sixth Ann. IEEE Int’l Conf. Pervasive Computing and Comm., pp. 566-571, 2008.

Y. Chen and K. Hwang, “Collaborative Detection and Filtering of Shrew DDoS Attacks Using Spectral Analysis,” J. Parallel and Distributed Computing, vol. 66, pp. 1137-1151, 2006.

“Lincoln Laboratory Scenario (DDoS) 1.0,” MIT,http://www.ll.mit.edu/mission/

communications/ist/corpora/ideval/data/2000/LLS_DDOS_1.0.html, 2010.

D. Dean, M. Franlin, and A. Stubblefield, “An Algebraic Approach to IP Traceback,” ACM Trans. Information and System Security, vol. 5, no. 2, pp. 119-137, May 2006.

“Information, Computer and Network SecurityTerms GlossaryandDictionary,”

http://www.javvin.com/networksecurity/SignatureDetection.html

D. Whyte, E. Kranakis, and P. Van Oorschot, “DNS-based Detection of Scanning Worms in an Enterprise Network,” Proceeding of the Network and Distributed Systems Symposium (NDSS), 2005.

P. Barford, J. Kline, D. Plonka, and R. Amos, “A Signal Analysis of Network Traffic Anomalies,” Proceeding of the ACM SIGCOMM Internet Measurement Workshop, Marseilles, France, November 2002.

M. Basseville, and I. V. Nikiforov, Detection of Abrupt Changes: Theory and Application, Prentice Hall, 1993.

Mahoney, M, and P.K. Chan, PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic, Florida Tech. Technical Report (2001-04).


Full Text: PDF

Refbacks

  • There are currently no refbacks.




Copyright © 2012 - 2021, All rights reserved.| ijitr.com

Creative Commons License
International Journal of Innovative Technology and Research is licensed under a Creative Commons Attribution 3.0 Unported License.Based on a work at IJITR , Permissions beyond the scope of this license may be available at http://creativecommons.org/licenses/by/3.0/deed.en_GB.