• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

A Pioneer Scheme in the Detection and Defense of DrDoS Attack Involving Spoofed Flooding Packets

Vol. 8, No.5, May 29, 2014
10.3837/tiis.2014.05.013, Download Paper (Free):

Abstract

DDoS (Distributed Denial of Service) has been a continuous threat to the cyber world with the growth in cyber technology. This technical evolution has given rise to a number of ultra-sophisticated ways for the attackers to perform their DDoS attack. In general, the attackers who generate the denial of service, use the vulnerabilities of the TCP. Some of the vulnerabilities like SYN (synchronization) flooding, and IP spoofing are used by the attacker to create these Distributed Reflected Denial of Service (DrDoS) attacks. An attacker, with the assistance of IP spoofing creates a number of attack packets, which reflects the flooded packets to an attacker’s intended victim system, known as the primary target. The proposed scheme, Efficient Spoofed Flooding Defense (ESFD) provides two level checks which, consist of probing and non-repudiation, before allocating a service to the clients. The probing is used to determine the availability of the requested client. Non-repudiation is taken care of by the timestamp enabled in the packet, which is our major contribution. The real time experimental results showed the efficiency of our proposed ESFD scheme, by increasing the performance of the CPU up to 40%, the memory up to 52% and the network bandwidth up to 67%. This proves the fact that the proposed ESFD scheme is fast and efficient, negating the impact on the network, victim and primary target.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Kavisankar L, Chellappan C, Sivasankar P, Ashwin Karthi1 and Srinivas A, "A Pioneer Scheme in the Detection and Defense of DrDoS Attack Involving Spoofed Flooding Packets," KSII Transactions on Internet and Information Systems, vol. 8, no. 5, pp. 1726-1743, 2014. DOI: 10.3837/tiis.2014.05.013

[ACM Style]
L, K., C, C., P, S., Karthi1, A., and A, S. 2014. A Pioneer Scheme in the Detection and Defense of DrDoS Attack Involving Spoofed Flooding Packets. KSII Transactions on Internet and Information Systems, 8, 5, (2014), 1726-1743. DOI: 10.3837/tiis.2014.05.013