Abstract
A DDoS attack is known to deny services to legitimate users. IP trace back and attack detection are one of the main components in saving a network from such an attack. One of the key challenges is to reduce the number of packets required for trace back. Also, an attacker can spoof its IP address in order to disguise its identity. In this paper, we propound an entropy variation technique to detect the attack and a random and flow-based scheme to trace back the attack. Our algorithm is meant to deal with DDoS detection and trace back. We have also kept IP spoofing into consideration. We have defined a threshold time to check for an attack. This algorithm shows better space utilization, and works well in separating legitimate from illegitimate traffic. Our paper is divided into four parts—introduction, related work, analysis, and conclusion. Introduction consists of the basic introduction of DoS and DDoS attacks and the techniques used for the prevention, detection, and trace back of such attacks. The next section gives a brief description of the existing methods used for mitigation of such attacks. The third section provides a detailed understanding of the algorithm we are using with a pseudocode of the same. Then, the last topic covers the conclusion of our study.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sagar. A., Joshi B. K., Mathur, N.: A study of distributed denial of service attack in cloud computing (DDoS). In: Edition on Cloud and Distributed Computing: Advances and Applications, vol. 2 (2013)
Belenky, A., Ansari, N.: IP traceback with deterministic packet marking. Commun. Lett. IEEE 7(4), 162–164 (2003)
Saurabh, S., Sairam, A.S.: Linear and Remainder: Packet Marking for Fast IP TraceBack. IEEE. 978-1-4673-0298-2/12/ (2012)
Joshi, B., Joshi, B., Rani, K.: Mitigating data segregation and privacy issues in cloud computing. In: Proceedings of International Conference on Communication and Networks: ComNet 2016, vol. 508, pp. 175. Springer (2017)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network support for IP traceback. IEEE Trans. Netw. 9(3) (2001)
Goodrich, M.T.: Probabilistic packet marking for large-scale IP traceback. IEEE/ACM Trans. Netw. 16(1), 15–24 (2008)
Yu, S., Zhou, W., Doss, R.: Information theory based detection against network. behavior mimicking DDoS attacks. IEEE Commun. Lett. 12(4) (2008)
David, J., Thomas, C.: DDoS attack detection using fast entropy approach on flow-based network traffic. Procedia Comput. Sci. 5, 30–36 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Joshi, B., Joshi, B., Rani, K. (2019). DDoS Attack Mitigation Using Random and Flow-Based Scheme. In: Shukla, R.K., Agrawal, J., Sharma, S., Singh Tomer, G. (eds) Data, Engineering and Applications. Springer, Singapore. https://doi.org/10.1007/978-981-13-6351-1_11
Download citation
DOI: https://doi.org/10.1007/978-981-13-6351-1_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-6350-4
Online ISBN: 978-981-13-6351-1
eBook Packages: Computer ScienceComputer Science (R0)