Search icone
Search and publish your papers

A framework for detection of distributed denial of service attacks

Or download with : a doc exchange

About the author


About the document

Published date
documents in English
term papers
6 pages
0 times
Validated by
0 Comment
Rate this document
  1. Abstract
  2. Introduction
  3. Related work
    1. Protocol reordering and protocol enhancement
    2. Stateless protocols
    3. Network ingress filtering
    4. ICMP traceback
    5. Deterministic packet marking (DPM)
    6. Probabilistic packet marking (PPM)
    7. Client side puzzle and other pricing algorithms
  4. Network traffic characteristics
  5. The major systems components and algorithms
    1. Traffic model and attacked model
    2. The interface module
    3. Algorithms of the interface module
    4. Algorithm for checking the success of attack traffic disruption
  6. Simulations and results
    1. Parameter setting for simulation
    2. Simulation 1
    3. Simulation 2
  7. Conclusion
  8. References

The increasing popularity of web-based applications has led to several critical services being provided over the Internet. This has made it imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. In this paper, we have proposed a mechanism for protecting a web-server against a Distributed Denial of Service (DDoS) attack. Incoming traffic to the server is continuously monitored and any abnormal rise in the inbound is immediately detected. This detection activates a traffic-filtering rule that pushes down the traffic level to an acceptable level by discarding packets according to the measured relative traffic levels of each of the active sources. The proposed mechanism does not affect legitimate traffic and is thus more effective and robust compared to some other mechanisms that exist in the literature. We have also presented some simulation results to demonstrate the effectiveness of the proposed method. Keywords? Distributed Denial of Service (DDoS), Traffic flow, Buffer, Poisson arrival, passion arrival

[...] CONCLUSION In this paper, we have presented a mechanism for detection and prevention of distributed denial of service attacks launched on a server. We have discussed the ways to detect the attack by inbound traffic analysis on the server. We have described a simplified yet robust model on this problem, and presented all the methods and algorithms needed to deploy such protection mechanism. Our approach does not require any modification of any network element except the server, and also minimizes the number of legitimate clients denied of server resources in the event of an attack on the server. [...]

[...] Case For a global portal server, there can be a very large number of legal clients, say = 10000. In this situation, it is not possible for that attacker to easily estimate the required number of attacking hosts. We assume that the attacker chooses = 5000 and opts for a very high attacking rate: ?a = ?n*10. In this situation, we have: > A(t). In the first simulation, we have chosen a large number of hosts to test the effectiveness of the proposed mechanism on a large system. [...]

[...] The latter is referred to as Distributed Denial of Service (DDoS) attack and owing to its distributed nature, is very difficult to detect. It has become highly critical to be able to detect such attacks as quickly as possible. It is a fairly easy task to launch a DDoS attack. Various pre-written tools are available on the Internet. Protection against DDoS attacks highly depends on the model of the network and the type of attack. Although several solutions and methods have been proposed, most of them have weaknesses and fail under certain circumstances. [...]

Similar documents you may be interested in reading.

Cyber law in India

 Law & contracts   |  Other law subjects   |  Case study   |  03/05/2009   |   .doc   |   33 pages

The financial crisis: The need for a new system

 Economics & finance   |  Economics   |  Thesis   |  02/07/2011   |   .pdf   |   54 pages

Recent documents in computer science category

Net neutrality in United States

 Science & technology   |  Computer science   |  Presentation   |  10/02/2018   |   .doc   |   3 pages

Reconstructing householder vectors from tall-skinny QR

 Science & technology   |  Computer science   |  Presentation   |  04/21/2017   |   .doc   |   4 pages