ICTACT Journal on Communication Technology

T. Subbulakshmi
Department of Information Technology, Sethu Institute of Technology, India

P. Parameswaran
Tata Consultancy Services, India

C. Parthiban
Tata Consultancy Services, India

M. Mariselvi
Department of Computer Science and Engineering, Thiagarajar College of Engineering, India

J. Adlene Anusha
Department of Computer Science and Engineering, Thiagarajar College of Engineering, India

G. Mahalakshmi
Department of Computer Science and Engineering, Thiagarajar College of Engineering, India

Abstract

Distributed Denial of Service (DDoS) attacks were considered to be a tremendous threat to the current information security infrastructure. During DDoS attack, multiple malicious hosts that are recruited by the attackers launch a coordinated attack against one host or a network victim, which cause denial of service to legitimate users. The existing techniques suffer from more number of false alarms and more human intervention for attack detection. The objective of this paper is to monitor the network online which automatically initiates detection mechanism if there is any suspicious activity and also defense the hosts from being arrived at the network. Both spoofed and non spoofed IP's are detected in this approach. Non spoofed IP's are detected using Enhanced Support Vector Machines (ESVM) and spoofed IP's are detected using Hop Count Filtering (HCF) mechanism. The detected IP's are maintained separately to initiate the defense process. The attack strength is calculated using Lanchester Law which initiates the defense mechanism. Based on the calculated attack strength any of the defense schemes such as Rate based limiting or History based IP filtering is automatically initiated to drop the packets from the suspected IP. The integrated online monitoring approach for detection and defense of DDoS attacks is deployed in an experimental testbed. The online approach is found to be obvious in the field of integrated DDoS detection and defense.

Keywords