CFP last date
20 January 2025
Reseach Article

DDoS Attack Detection and Attacker Identification

by Brajesh Kashyap, S. K. Jena
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 42 - Number 1
Year of Publication: 2012
Authors: Brajesh Kashyap, S. K. Jena
10.5120/5658-7549

Brajesh Kashyap, S. K. Jena . DDoS Attack Detection and Attacker Identification. International Journal of Computer Applications. 42, 1 ( March 2012), 27-33. DOI=10.5120/5658-7549

@article{ 10.5120/5658-7549,
author = { Brajesh Kashyap, S. K. Jena },
title = { DDoS Attack Detection and Attacker Identification },
journal = { International Journal of Computer Applications },
issue_date = { March 2012 },
volume = { 42 },
number = { 1 },
month = { March },
year = { 2012 },
issn = { 0975-8887 },
pages = { 27-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume42/number1/5658-7549/ },
doi = { 10.5120/5658-7549 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:30:23.589803+05:30
%A Brajesh Kashyap
%A S. K. Jena
%T DDoS Attack Detection and Attacker Identification
%J International Journal of Computer Applications
%@ 0975-8887
%V 42
%N 1
%P 27-33
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

DDoS attack is a form of DoS attack in which attacker uses authorized user IP address to attack on a particular victim. Of the two types of attack it falls in the active category. The main aim of the attacker is to jam the resources in order to deny services to the recipient. The attacker can use several strategies to achieve this goal, one of which is by flooding the network with bogus requests. The attack is distributed because the attacker is using multiple computers to launch the denial of service attack. In this paper we have first identified the types of DoS and DDoS attack. Then we have provided the solution for those attacks on the basis of attacker's identification. Main focus of this paper is to identify the actual attacker, who has performed attack by sitting behind a forged System. For that purpose first we prevent IP forgery by using sender authentication process, then calculate TCP flow rate and from it we identify whether packets are nor- mal packet or malicious packet. We detect attack on receiver proxy server by using entropy and normalize entropy calculation on receiver proxy server. If attack is detected then we drop packets, get their mark value and trace them back to the source. Finally we use the concept of ISP and IANA to identify the actual attacker. NS2 has been used to simulate the proposed methods.

References
  1. Yang-Seo Choi, Jin-Tae Oh, Jong-Soo Jang,Jae-Cheol Ryou. Integrated DDoS Attack Defense Infrastructure for Effective Attack Prevention. Information Technology Convergence and Services (ITCS), 2010 2nd International Conference, pages 1 - 6, 23 September 2010.
  2. Yao Chen, Shantanu Da, Pulak Dhar, Abdulmotaleb El Saddik, and Amiya Nayak Detecting and Preventing IP-spoofed Distributed DoS Attacks International Journal of Network Security,Vol. 7, No. 1,, pages 70 - 81, July 2008.
  3. Tao Peng, Defending Against Distributed Denial of Service Attacks IEEE 2002.
  4. Mopari, I. B. ; Pukale, S. G. ; Dhore, M. L. . Detection and defence against DDoS attack with IP spoofing. Computing, Communication and Networking, 2008. ICCCn 2008. International Conference, pages 1 – 5 , 24 February 2009.
  5. Wei-Tsung Su ; Tzu-Chieh Lin ; Chun-Yi Wu ; Jang-Pong Hsu ; Yau-Hwang Kuo . An On-line DDoS Attack Trace back and Mitigation System Based on Network Performance Monitoring. Advanced Communication Technology, 2008. ICACT 2008. 10th International Conference, pages 1467 - 1472, 22 April 2008.
  6. Arun Raj Kumar, P. and S. Selvakumar Distributed Denial-of-Service (DDoS) Threat in Collaborative Environment - A Survey on DDoS Attack Tools and Trace back Mechanisms 2009 IEEE International Advance Computing Conference (IACC 2009), pages 1275 - 1280 ,Patiala, India, 6-7 March 2009.
  7. Jie Wang ; Phan, R. C. -W. ; Whitley, J. N. ; Parish, D. J. DDoS attacks traffic and Flash Crowds traffic simulation with a hardware test center platform . Internet Security (WorldCIS), 2011 World Congress on, pages 15 - 20, 21-23 Feb. 2011.
  8. Jieren Cheng; Jianping Yin ; Yun Liu ; Zhiping Cai ; Chengkun Wu. DDoS Attack Detection Using IP Address Feature Interaction. 2009 International Conference on Intelligent Networking and Collaborative Systems , pages 113 - 118 ,4-6 Nov. 2009 .
  9. El Defrawy, K. ; Markopoulou, A. ; Argyraki, K. Optimal Allocation of Filters against DDoS Attacks . Information Theory and Applications Workshop, 2007, pages 140 - 149 , Jan. 29 2007 Feb. 2 2007 .
  10. Xiang„ Yang ; Li, Zhongwen . An Analytical Model for DDoS Attacks and Defense. International Multi-Conference on Computing in the Global Information Technology . , page 66,Aug. 2006
  11. Wanlei Zhou . Keynote III: Detection and Traceback of DDoS attacks . 8th IEEE International Conference on Computer and Information Technology, page 3,8-11 July 2008.
  12. Thing, V. ; Sloman, M. ; Dulay, N. Network domain entry point /path determination for DDoS attacks . Network Operations and Management Symposium, 2008. NOMS 2008. IEEE, pages 57 - 64, 7-11 April 2008.
  13. Shui Yu and Wanlei Zhou. Entropy-Based Collaborative Detection of DDOS Attacks on Community Networks Sixth Annual IEEE International Conference on Pervasive Computing and Communications, pages 566 - 571 ,17-21 March 2008 .
Index Terms

Computer Science
Information Sciences

Keywords

Denial Of Service (dos) Distributed Denial Of Service (ddos) Internet Assign Number Authority (iana) Internet Service Provider (isp)