AN INIEGRATED APPROACH FOR HANDUNG DisTa DENIAL OF SERVICE ATTACKS

Abstract

Distributed Denial-of-Service (DDoS) attacks are grave and challenging problems. Perpetration requires little effort on the attacker's side, since a vast number of insecure machines provide fertile ground for attack zombies, and automated scripts for exploitation and attack can easily be downloaded and deployed. Prevention of the attack or the response and traceback of perpetrators is extremely difficult due to a large number of attacking machines, the use of source-address spoofing and the similarity between legitimate and attack traffic. Many defense systems' have been designed in the research and commercial communities to counter DDoS attacks, yet the problem remains largely unsolved. This dissertation explores the problem of DDoS defense using integrated approach as follows: Firstly, it presents the design of a rate-limiting scheme used at routers and secondly, it presents the design of analyzer system used at victim to distinguish between the attack crowd and legitimate traffic. By performing successful differentiation between legitimate and attack traffic close to the source, limiting high traffic rate at intermediate routers and analyzing requested source-IP address at victim are crucial building blocks of DDoS solution. Simulations are carried on OMNeT++, an object-oriented modular discrete event simulator. It uses C++ for backend programming and NED for specifying the topology of the network model