Two Layer Defending Mechanism against DDoS Attacks
Kiruthika Subramain, Preetha Gunasekaran, and Mercy Selvaraj
Department of Computer Science and Engineering, Thiagarajar College of Engineering,
Affiliated to Anna University, India
Abstract: Distributed Denial of Service (DDoS) attackers make a service unavailable for intended users. Attackers use IP spoofing as a weapon to disguise their identity. The spoofed traffic follows the same principles as normal traffic, so detection and filtering is very essential. Hop-Count Filtering (HCF) scheme identifies packet whose source IP address is spoofed. The information about a source IP address and its corresponding hops from a server (victim) recorded in a table at the victim. The incoming packet is checked against this table for authenticity. The design of IP2HC table reduces the amount of storage space by IP address clustering. The proposed work filters majority of the spoofed traffic by HCF-SVM algorithm on the network layer. DDoS attackers using genuine IP is subjected to traffic limit at the Application layer. The two layer defense approach protects legitimate traffic from being denied, thereby mitigating DDoS effectively. HCF - SVM model yields 98.99% accuracy with reduced false positive rate and the rate limiter punishes the aggressive flows and provides sufficient bandwidth for legitimate users without any denial of service. The implementation of the proposed work is carried out on an experimental testbed.
Keywords: DDoS, hop-count, IP2HC table, clustering, IP spoofing, testbed.
Received November 9, 2012; acceped April 29, 2013