Network System Protection Against Internet Protocol Spoofing Based Distributed Denial Of Services Attacks During Socket Based Packet Transmission
Keywords:
Distributed Denial of Service (DDoS), Time to Live(TTL), Round Trip Time (RTT), Distributed Probabilistic HCFAbstract
In this paper, DPHCF-RTT technique has been implemented and analysed for variable number of hops. Goal is to improve limitations of Conventional HCF or Probabilistic HCF techniques by maximizing detection rate of illegitimate packets and reducing computation time. It is based on distributed probabilistic HCF using RTT. It has been used in an intermediate system. It has advantage for resolving problems of network bandwidth jam and host resources exhaustion. MATLAB 7 has been used for simulations. Mitigation of DDoS attacks have been done through DPHCF RTT technique. It has been shown a maximum detection rate up to 99% of malicious packets. IP spoofing based DDoS attack that relies on multiple compromised hosts in network to attack victim. In IP spoofing, IP addresses can be forged easily, thus, makes it difficult to filter illegitimate packets from legitimate one out of aggregated traffic. A number of mitigation techniques have been proposed in literature by various researchers. Conventional Hop Count Filtering or probabilistic Hop Count Filtering based research work indicates problems related to higher computational time and low detection rate of illegitimate packets.
References
Krishna Kumar, P.K. Kumar, R. Sukanesh, "Hop Count Based Packet Processing Approach to Counter DDoS Attacks," International Conference on Recent Trends in Information, Telecommunication and Computing, PET Engineering College, Thirunelvelli, India, pp. 271-273, 12-13, March,2010.
R. Swain, B. Saboo, "Mitigating DDoS attack and Saving Computational Time using a Probabilistic approach and HCF method," IEEE International Conference on Advance Computing,NIT, Rourkela, pp. 1170-1172,6-7, March 2009.
Mukaddam, I. H. Elhajj, "Hop count variability," 6th IEEE International Conference on Internet Technology and Secured Transactions, American University of Beirut, Lebanon,pp. 240-244, 11-14, December ,2011.
F. Zhang, J. eng, Z. Qin, M. Zhou, "Detecting DDoS Attacks Based on SYN proxy and Hop-Count Filter," IEEE International Conference on Communications, Circuits and Systems, University of Electronic Science and Technology, China,pp. 457-461,11-13,July,2007.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2015 International Journal for Research Publication and Seminar
This work is licensed under a Creative Commons Attribution 4.0 International License.
Re-users must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. This license allows for redistribution, commercial and non-commercial, as long as the original work is properly credited.