DEFENDING- D oS ATTACKS USING TRAFFIC LEVEL MEASUREMENTS

Abstract

A major threat to the internet information economy is Distributed denial-of-service (DDoS) attacks. These attacks are highly prevalent despite the widespread deployment of perimeter-based countermeasures. Therefore, more effective approaches are required to counter the threat. This requires distributed and scalable mechanism for effective early detection and prevention of DDoS attacks at the router level within a network infrastructure. Recent events show that distributed denial-of-service (DDoS) attack imposes great threat to availability of Internet services. In this work "Defending DDoS attacks using Traffic level measurements" are studied, evaluated, and proposed an integrated approach to DDoS attack detection and tolerance. It is very difficult to distinguish the, difference between the attack traffic and legitimate traffic. In fact, this difference can only be observed from analyzing the data in the packet header. The DDoS attacks show anomalies in the characteristics of the selected packet attributes. Based on the simulation results, a more complete and effective DDoS countermeasure solution has been built to achieve DDoS attack detection and tolerance. When an attack has impact on a system parameter, then the parameter can be used as attack detection metric. In this work, the impact of DOS attacks on three simple system parameters - request arrival rate, Goodput and response time are qualitatively and. quantitatively analyzed. Here arrival rate of packets is used as a parameter for detection and Goodput and response time are used to evaluate the effectiveness of 'characterization and tolerance. The aim of this solution is to maximize the Normal Packet Survival Ratio that has been achieved by stopping the attack traffic at the edge routers of the ISP. The Simulations are carried on Network Simulator-2. 111