A Security Framework for DDoS Detection In MANETs
Mobile Ad-hoc Network (MANET) adopts distributed wireless communication without a centralised control. It is more vulnerable to Denial of Service and Distributed Denial of Service attacks due to dynamic topology, limited physical security and decentralized approach. These attacks may collapse the entire communication networks. The detection of such attacks will improve the network security. This paper produces some clarification and a framework based on the Cluster Analysis to identify and to isolate the attacker from the network for detecting DDoS attack. The traffic is involved for XOR Marking to differentiate legitimate and non-legitimate data packets. Thus origin nodes of DDoS attacks are traced and isolated. Preliminary experiments are done with 2000 DARPA Intrusion Detection Scenario Specific Data Set to evaluate our method. The experimental results show that the proposed system is effective and efficient to identify DDoS attack.
KeywordsDDoS attack DDoS detection Cluster analysis XOR marking Security framework
This work is supported by All India Council for Technical Education under Career Award for Young Teachers Scheme, with File No.1-51/FD/CA/13/2008-09 Dated 29.01.2009.
- 1.Cabrera et al (2001) Proactive detection of distributed denial of service attacks using MIB traffic variables—A feasibility study. In: 7th IFIP/IEEE international symposium on integrated network management, Seattle, pp 1–14Google Scholar
- 3.Mirkovic J, Reiher P (2005) D-ward: a source-end defense against flooding denial-of-service attacks. IEEE T Depend Secure Comput 2(3):216–232Google Scholar
- 4.Jeong WL et al (2006) An effective DDoS attack detection and packet filtering scheme. IEICE T Commun E89-B(7):2033–2042Google Scholar
- 5.Jung J, Krishnamurthy B (2002) Flash crowds and denial of service attacks: characterization and implications for CDNs and websites. In: ACM conference on Computer and Communications Security, pp 30–41Google Scholar
- 6.Gowadia V et al (2005) PAID: a probabilistic agent-based intrusion detection system. Comput Security 24 (7):529–545Google Scholar
- 7.Ioannidis J, Bellovin S (2002) Implementing pushback: router-based defense against DDoS attacks. In: Network and distributed system security symposium, NDSS 2002, San Diego, Feb 2002Google Scholar
- 8.Serwadda A, Phoha V, Rai A (2010) Size based scheduling: a recipe for DDoS. In: 17th ACM conference on computer and communication security, CCS 10, pp 729–731Google Scholar
- 9.Wu Q, Ferebee D, Lin Y, Dasgupta D (2009) Monitoring security events using integrated correlation based techniques. In: 5th Annual workshop on cyber security and information intelligence research: cyber security and information intelligence challenges and strategies, CSIIRW 09, pp 47:1–47:4Google Scholar
- 10.Liao Y, Vemuri VR (2001) Use of K-nearest neighbor classifier for intrusion detection. Comput Security 21(7):439–448Google Scholar
- 12.Shannon CE, Weaver W (1963) The mathematical theory of communication. University of Illinois Press, ChampaignGoogle Scholar
- 13.Tariq U, Hong M, Lhee K (2005) PMS an expeditious marking scheme to combat with the DDoS attack. In: 9th International multi-topic conference, IEEE INMIC 2005, pp 1–4Google Scholar