Traceback of DDoS Attacks using Entropy

Variations

Aim The main aim of the project is to traceback the attacks using entropy

variation to reduce the tracbacking delay.

Abstract Distributed Denial-of-Service (DDoS) attacks are a critical threat

to the Internet. However, the memory-less feature of the Internet routing

mechanisms makes it extremely hard to trace back to the source of these attacks.

As a result, there is no effective and efficient method to deal with this issue so far.

In this project, we introduce a novel traceback method for DDoS attacks that is

based on entropy variations between normal and DDoS attack traffic, which is

fundamentally different from commonly used packet marking techniques. In

comparison to existing DDoS traceback methods, the proposed strategy

possesses a number of advantages.

Existing System 1) Both the existing strategies PPM (probabilistic packet marking) and DPM

(deterministic packet marking) require routers to inject marks into individual

packets.

2) Moreover, the PPM strategy can only operate in a local range of the Internet

(ISP network) where the defender has the authority to manage. However, this

kind of ISP networks is generally quite small, and we cannot traceback to the

attack sources located out of the ISP network.

3) The DPM strategy requires all the Internet routers to be updated for packet

marking. However, with only 25 spare bits available in as IP packet, the

scalability of DPM is a huge problem. Moreover, the DPM mechanism poses an

extraordinary challenge on storage for packet logging for routers. Therefore, it

is infeasible in practice at present.

4) Further, both PPM and DPM are vulnerable to hacking, which is referred to as

packet pollution

Proposed System 1) In comparison to existing DDoS traceback methods, the proposed strategy

possesses a number of advantages - it is memory non-intensive, efficiently

scalable, robust against packet pollution and independent of attack traffic

patterns.

2) This strategy requires very few seconds to traceback the attacker. Our

experiments show that accurate traceback is possible within 20 seconds

(approx.) in a large scale attack network with thousands of zombies.

3) The proposed algorithms can be used as additional software. So there is no

need to modify the existing software.

Modules

GUI Design Network Establishment DDoS Attack and Traceback

GUI Design This module represents the graphical user interface architecture of this

project. This module dictates the overview of the project.

Network Establishment This module is the backbone of this project. In this module, we establish

the network. So the nodes can transceive the data over the network.

DDoS Attack and Traceback In this module the DDoS attackers attack into the network. We use

flooding (one of the main DDoS attack in network) as the attack in our project.

And, packets are monitored whether they are attack packets. We implement the

“Flow Monitoring Algorithm” to monitor the flow (the packets crossed via

routers). This algorithm detect whether the attack is injected. We also

implement the “IP Traceback Algorithm” to find the original attacker. These

two algorithms can be deployed in routers as the extra software, so there is no

need to modify the existing software.

Software Requirements

o Windows XP service pack 2o Jdk1.6.0_15o Netbeans 6.9.1 (in-built JavaFX 1.3.1)o Ethernet Network Adapter

Hardware Requirements

o Hard Disk: 40GB and above.o RAM: 512MB and above.o Processor: Pentium4 and above.

Architecture Diagram

Internet

- End Host - Edge Router

- Router