A mechanism for detection and prevention of distributed denial of service attacks

Authors:
Jaydip Sen;Piyali Roy Chowdhury;Indranil Sengupta
Affiliations:
Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India;Department of Computer Science and Engineering, Future Institute of Engineering and Management, Kolkata, India;Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India
Venue:
ICDCN'06 Proceedings of the 8th international conference on Distributed Computing and Networking
Year:
2006

Citing 1
Cited 0

Tracing Anonymous Packets to Their Approximate Source

LISA '00 Proceedings of the 14th USENIX conference on System administration

Quantified Score

Hi-index	0.00

Visualization

Abstract

With several critical services being provided over the Internet it has become imperative to monitor the network traffic to prevent malicious attackers from depleting the resources of the network. In this paper, we propose a mechanism to protect a web-server against a Distributed Denial of Service (DDoS) attack. Incoming traffic to the server is continuously monitored to immediately detect any abnormal rise in the inbound traffic. This detection activates a traffic-filtering rule that pushes down the network traffic to an acceptable level by discarding packets according to measured relative traffic levels of each of the active sources. The proposed mechanism does not affect legitimate users and is thus more effective and robust. We have presented simulation results to demonstrate the effectiveness of the proposed mechanism.