ON PREVENTION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS

Abstract

Large number of users takes advantage of the available services of the Internet at both personal and professional levels. The interconnectivity among computers do not provide for security from malicious users who attempt to exhaust the network resources and launch Denial-of-Service (DoS) attacks against them Distributed Denial of Service (DDoS) attack is a challenging security threat. It affects the functioning of a network. The distributed attack is generally aimed at depleting the resources of a node or a network by overwhelming them with enormous and useless traffic. Sometime the degradation in service of the users also becomes the motive of these attacks. A great amount of research has been carried out to detect, characterize and mitigate these attacks but there is still scarcity of effective preventive strategy that provide defense against these attacks. The existing defense mechanisms are also proving to be insufficient. The attackers discover methods to overcome these mechanisms or they exploit them to generate false alarms and to cause catastrophic consequences. Thus one of the major tasks is to identify the strategies prevalent in the direction at one platform and compare them to find the shortcomings of each. In this work "On Prevention of Distributed Denial of Service Attacks", study of existing prevention strategies, capability based strategy in particular, is done. A novel 'Extended Capability' based strategy is proposed which deals with prevention of the attack. Both attacker's and colluder's effect is reduced such that they become ineffective. The Bottleneck link is treated as a resource and attack on it is also reduced. In the proposed framework, an innovative technique for reducing flooding attack on bottleneck link is used. The novel idea of decision making by the router according to the policy established, is introduced. The effectiveness of the approach is validated with simulation in ns-2.