Collaborative Framework for Detection, Prevention, and Traceback of Flooding Attacks Using Marking and Filtering

  • Authors:

  • S. Malliga;A. Tamilarasi

  • Affiliations:

  • Kongu Engineering College, Perundurai, Tamil Nadu, India;Kongu Engineering College, Perundurai, Tamil Nadu, India

  • Venue:
  • Information Security Journal: A Global Perspective
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

The basis of denial of service (DoS)/distributed DoS (DDoS) attacks lies in overwhelming a victim's computer resources by flooding them with enormous traffic. This is done by compromising multiple systems that send a high volume of traffic. The traffic is often formulated in such a way that it consumes finite resources at abnormal rates either at victim or network level. In addition, spoofing of source addresses makes it difficult to combat such attacks. This paper adopts a twofold collaborative mechanism, wherein the intermediate routers are engaged in markings and the victim uses these markings for detecting and filtering the flooding attacks. The markings are used to distinguish the legitimate network traffic from the attack so as to enable the routers near the victim to filter the attack packets. The marked packets are also helpful to backtrack the true origin of the spoofed traffic, thus dropping them at the source rather than allowing them to traverse the network. To further aid in the detection of spoofed traffic, Time to Live (TTL) in the IP header is used. The mappings between the IP addresses and the markings along with the TTLs are used to find the spurious traffic. We provide numerical and simulated experimental results to show the effectiveness of the proposed system in distinguishing the legitimate traffic from the spoofed. We also give a statistical report showing the performance of our system.