PROTECTION MECHANISM TO COUNTER DDOS ATTACKS

Abstract

Distributed Denial of service (DDOS) attacks are a threat to anyone who relies on the internet for computer based business or services. These attacks can deny users from accessing the services by making internet based systems unavailable and have the potential to cause great economic loss. DDOS attacks are launched from distributed networks of machines. These attacks exploit vulnerabilities in computer systems, protocol behavior and software logic. DDOS attacks can be launched by anyone due to the availability of DDOS attack tools, which use automated processes and employ a variety of attack methods. The large number of attacking machines and the use of source IP address spoofing used in these attacks make the trace back impossible. This dissertation investigates effective methods for the detection and protection against DDOS attacks. It first presents characteristics of DDOS attacks, different attacks existing and emerging trends in the DDOS field. A new protection mechanism for DDOS attacks is proposed and compared with the existing pushback mechanism. The proposed scheme uses controller-agent mechanism for protecting against the attacks and the results were encouraging. How the IP Spoofing technique is used in DDOS attacks and how it can be mitigated using ingress filtering method is also demonstrated here. Different types of topologies with varying no of nodes were considered in the simulation. The simulation software is developed using NS2 and is tested on Linux 9 platform. The languages used in the simulation are C++ and TCL