Tracebacking.ppt
-
Upload
santhosh-kumar -
Category
Documents
-
view
425 -
download
1
Transcript of Tracebacking.ppt
Traceback of DDoS Attacks using Entropy
Variations
Aim The main aim of the project is to traceback the attacks using entropy
variation to reduce the tracbacking delay.
Abstract Distributed Denial-of-Service (DDoS) attacks are a critical threat
to the Internet. However, the memory-less feature of the Internet routing
mechanisms makes it extremely hard to trace back to the source of these attacks.
As a result, there is no effective and efficient method to deal with this issue so far.
In this project, we introduce a novel traceback method for DDoS attacks that is
based on entropy variations between normal and DDoS attack traffic, which is
fundamentally different from commonly used packet marking techniques. In
comparison to existing DDoS traceback methods, the proposed strategy
possesses a number of advantages.
Existing System 1) Both the existing strategies PPM (probabilistic packet marking) and DPM
(deterministic packet marking) require routers to inject marks into individual
packets.
2) Moreover, the PPM strategy can only operate in a local range of the Internet
(ISP network) where the defender has the authority to manage. However, this
kind of ISP networks is generally quite small, and we cannot traceback to the
attack sources located out of the ISP network.
3) The DPM strategy requires all the Internet routers to be updated for packet
marking. However, with only 25 spare bits available in as IP packet, the
scalability of DPM is a huge problem. Moreover, the DPM mechanism poses an
extraordinary challenge on storage for packet logging for routers. Therefore, it
is infeasible in practice at present.
4) Further, both PPM and DPM are vulnerable to hacking, which is referred to as
packet pollution
Proposed System 1) In comparison to existing DDoS traceback methods, the proposed strategy
possesses a number of advantages - it is memory non-intensive, efficiently
scalable, robust against packet pollution and independent of attack traffic
patterns.
2) This strategy requires very few seconds to traceback the attacker. Our
experiments show that accurate traceback is possible within 20 seconds
(approx.) in a large scale attack network with thousands of zombies.
3) The proposed algorithms can be used as additional software. So there is no
need to modify the existing software.
Modules
GUI Design Network Establishment DDoS Attack and Traceback
GUI Design This module represents the graphical user interface architecture of this
project. This module dictates the overview of the project.
Network Establishment This module is the backbone of this project. In this module, we establish
the network. So the nodes can transceive the data over the network.
DDoS Attack and Traceback In this module the DDoS attackers attack into the network. We use
flooding (one of the main DDoS attack in network) as the attack in our project.
And, packets are monitored whether they are attack packets. We implement the
“Flow Monitoring Algorithm” to monitor the flow (the packets crossed via
routers). This algorithm detect whether the attack is injected. We also
implement the “IP Traceback Algorithm” to find the original attacker. These
two algorithms can be deployed in routers as the extra software, so there is no
need to modify the existing software.
Software Requirements
o Windows XP service pack 2o Jdk1.6.0_15o Netbeans 6.9.1 (in-built JavaFX 1.3.1)o Ethernet Network Adapter
Hardware Requirements
o Hard Disk: 40GB and above.o RAM: 512MB and above.o Processor: Pentium4 and above.
Architecture Diagram
Internet
- End Host - Edge Router
- Router