CFP last date
20 January 2025
Reseach Article

Controlling IP Spoofed DDoS Attacks by Encrypted Marking based Detection and Filtering (EMDAF)

Published on August 2011 by Parag R. Sali
journal_cover_thumbnail
National Technical Symposium on Advancements in Computing Technologies
Foundation of Computer Science USA
NTSACT - Number 4
August 2011
Authors: Parag R. Sali
fb103a88-bb4a-4e39-b392-7cc83d6cb7ee

Parag R. Sali . Controlling IP Spoofed DDoS Attacks by Encrypted Marking based Detection and Filtering (EMDAF). National Technical Symposium on Advancements in Computing Technologies. NTSACT, 4 (August 2011), 22-24.

@article{
author = { Parag R. Sali },
title = { Controlling IP Spoofed DDoS Attacks by Encrypted Marking based Detection and Filtering (EMDAF) },
journal = { National Technical Symposium on Advancements in Computing Technologies },
issue_date = { August 2011 },
volume = { NTSACT },
number = { 4 },
month = { August },
year = { 2011 },
issn = 0975-8887,
pages = { 22-24 },
numpages = 3,
url = { /proceedings/ntsact/number4/3206-ntst027/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 National Technical Symposium on Advancements in Computing Technologies
%A Parag R. Sali
%T Controlling IP Spoofed DDoS Attacks by Encrypted Marking based Detection and Filtering (EMDAF)
%J National Technical Symposium on Advancements in Computing Technologies
%@ 0975-8887
%V NTSACT
%N 4
%P 22-24
%D 2011
%I International Journal of Computer Applications
Abstract

Distributed Denial of Service (DDoS) attacks are the major threat to the current internet world. Source IP Address spoofing is one of the approach to perform Distributed Denial of Service (DDoS) attacks. In this scenario the packet true origin is difficult to identify. Thus the defense against the Distributed Denial of Service (DDoS) attack is very complex to handle. We propose a novel scheme which is based on a firewall. This firewall can distinguish the attack packets from the packets sent by legitimate users based on the marking value on the packet, and thus filter out most of the attack packets. Compared to other packet-marking based solutions, our scheme is very effective and has a very low deployment cost. In the implementation of this scheme we would require the cooperation of only about 10% of the Internet routers in the marking process, and server to generate encrypted marking for secured transmission. The scheme allows the firewall to Detected a

References
  1. A. Belenky and N. Ansari, “IP traceback with deterministic packet marking” IEEE Communications Letters, vol. 7, no. 4, pp. 162–164, Apr. 2003.
  2. A. Yaar, A. Perrig, and D. Song, “Pi: A path identification mechanism to defend against DDoS attacks” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 93–109, May 2003.
  3. D. Dean, M. Franklin, and A. Stubblefield, “An algebraic approach to IP trackback” in Proceedings of the 2001 Network and Distributed System Security Symposioum, pp. 3–12, Feb. 2001.
Index Terms

Computer Science
Information Sciences

Keywords

Distributed denial of service attack firewalls IP address spoofing Packet filtering Encryption