The increasing popularity of web-based applications has led to several critical services being provided over the Internet. This has made it imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. In this paper, we have proposed a mechanism for protecting a web-server against a Distributed Denial of Service (DDoS) attack. Incoming traffic to the server is continuously monitored and any abnormal rise in the inbound is immediately detected. This detection activates a traffic-filtering rule that pushes down the traffic level to an acceptable level by discarding packets according to the measured relative traffic levels of each of the active sources. The proposed mechanism does not affect legitimate traffic and is thus more effective and robust compared to some other mechanisms that exist in the literature. We have also presented some simulation results to demonstrate the effectiveness of the proposed method.
Keywords— Distributed Denial of Service (DDoS), Traffic flow, Buffer, Poisson arrival, passion arrival
[...] CONCLUSION In this paper, we have presented a mechanism for detection and prevention of distributed denial of service attacks launched on a server. We have discussed the ways to detect the attack by inbound traffic analysis on the server. We have described a simplified yet robust model on this problem, and presented all the methods and algorithms needed to deploy such protection mechanism. Our approach does not require any modification of any network element except the server, and also minimizes the number of legitimate clients denied of server resources in the event of an attack on the server. [...]
[...] Case For a global portal server, there can be a very large number of legal clients, say = 10000. In this situation, it is not possible for that attacker to easily estimate the required number of attacking hosts. We assume that the attacker chooses = 5000 and opts for a very high attacking rate: λa = λn*10. In this situation, we have: > A(t). In the first simulation, we have chosen a large number of hosts to test the effectiveness of the proposed mechanism on a large system. [...]
[...] As as an estimate of mean aggregate traffic level of the legal sources in time interval + and we derive an estimate for the mean aggregate traffic level of the attacking sources ( follows: λ as The identification algorithm produces as output a set which is a subset of the set Z and very closely approximates the set Za. [...]
[...] In fact, a trade-off can be identified between the ability to hide and the efficiency of the attack. B. The Interface Module A DDoS Interface module is attached to the server from the network side. This Interface can be a software component of the server, special-purpose hardware in the server host, or an independent autonomous hardware component attached to the server. The incoming traffic enters a FIFO buffer. For the purpose of modelling and analysis discrete time model is assumed. [...]
[...] “WaDes: A Tool for Distributed Denial of Service Attack Detection.” Thesis at Texas A&M University, August 2002. Cryptology Conference, LNCS Springer-Verlag Volume 740, pp 139147, Santa Barbara, CA, August 1992. Jakobsson, M. and Juels, A. Proof of Work and Bread Pudding Protocols.” In Proceedings of the IFIP TC7 and TC11 Joint Working Conference on Communications and Multimedia Security (CMS '99), pp 258-272, Leuven, Belgium, September 1999, Kluwer. Juels, A. and Brainard, J. Client Puzzles: A Cryptographic CounterMeasure Against Connection Depletion Attacks.” In Proceedings of the 1999 Network and Distributed System Security Symposium (NDSS '99), pp. [...]
APA Style reference
For your bibliographyOnline reading
with our online readerContent validated
by our reading committee
