Abstract
Distributed denial of service attack (DDoS) is an attempt by malicious hosts to overload website, network, e-mail servers, applications, network resources, bandwidth, etc. Globally DDoS attacks affected four out of ten organizations (around 41 %) over the past few years. Challenges involved in taking counter measures against DDoS attacks are network infrastructure, identifying legitimate traffic from polluted traffic, attacker anonymity, large problem space, nature of attacks, etc. Several approaches proposed in the past few years to combat the problem of DDoS attacks. These approaches suffer for many limitations. Some of the limitations include: implementing filtering at router (firewall enabled) will create bottleneck, additional traffic, no means of sending alert to an innocent host acting as a bot, etc. Ping flood attack is one kind of DDoS attack. In this paper, ping flood attack is analyzed and a new approach, distributed defence approach (DDA) is proposed to mitigate ping flood attack. Distributed defence is applied with the help of routers connected to network when count of PING request crosses a threshold limit or packet size is greater than normal ping packet size. Concept of the proposed approach is to help the end router by putting less load during filtering attack packets, enhancing the speed of processing and informing the innocent host acting as bot simultaneously making the DDoS attack ineffective.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mirkovic, J., Hussain, A., Wilson, B., Fahmy, S., Reiher, P., Thomas, R., Yao, W., & Schwab, S. (2007). Towards user centric metrics for denial of service measurement. ExpCS’07, San Diego, CA. 13–14, June 2007. Copyright 2007 ACM.
Jin, C., Wang, H., & Shin, K.G. (2003). Hop-count filtering: an effective defense against spoofed DDos traffic. CCS’03, October 27–31, 2003, Washington, DC, USA. Copyright 2003 ACM 1-58113-738-9/03/0010.
Peng, T., Leckie, C., & Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDos problems. ACM Computing Surveys, 39(1), Article 3 (April 2007), p. 42. doi:10.1145/1216370.1216373.
Kumar, S., & Surisetty, S. Microsoft versus apple: resilience against distributed denial-of-service attacks. IEEE Security and Privacy, 10(2).
Jing, Y., Wang, X., Xiao, X., & Zhang, G. (2006). Defending against meek DDos attacks by IP traceback-based rate limiting. Global Telecommunications Conference, 2006. GLOBECOM ‘06. IEEE, November 27 2006–December 1 2006.
Rao, S., & Rao, S. (2011). Denial of service attacks and mitigation techniques: Real time implementation with detailed analysis. This paper is from the SANS Institute Reading Room site©.
Kiran Tupakula, U., & Varadharajan, V. (2006). Analysis of traceback techniques. This paper appeared at the Fourth Australasian Information Security Workshop (AISW-NetSec 2006), Hobart, Australia. Conferences in Research and Practice in Information Technology (CRPIT), vol. 54.
Zhu, Z., Lu, G., Chen, Y., Judy Fu, Z., Roberts, P., & Han, K. (2008). Botnet research survey. Annual IEEE International Computer Software and Applications Conference, © 2008 IEEE.
Kiran Tupakula, U., Varadharajan, V., & Pandalaneni, S. R. (2009). DoSTRACK: a system for defending against DoS attacks. SAC ‘09 Proceedings of the 2009 ACM Symposium on Applied Computing (pp. 47–53). New York, NY, USA: ACM: ©2009.
Yuan, D., & Zhong, J. (2008). A lab implementation of SYN flood attack and defense. SIGITE ‘08 Proceedings of the 9th ACM SIGITE Conference on Information Technology Education (pp. 57–58). New York, NY, USA: ACM ©2008.
Bolz, C., Romney, G. W., & Rogers, B. L. (2004). Safely train security engineers regarding the dangers presented by denial of service attacks. Proceeding CITC5 ‘04 Proceedings of the 5th Conference on Information Technology Education (pp. 66–72) New York, NY, USA: ACM ©2004.
Batham, S., Yadav, V. K., & Kumar Mallik, V. K. (2014). ICSECV: An efficient approach of video encryption. In Proceedings Contemporary Computing (IC3), 2014 Seventh International Conference, 7–9 August 2014, pp. 425–430 (Available at IEEE Xplorer and DBLP, indexed by SCOPUS).
Batham, S, & Yadav,V. K. et al. (2013). A new video encryption algorithm based on indexed based chaotic sequence. In Proceedings Fourth International conference Confluence 2013: The Next Generation Information Technology Summit, September 27–28 (pp. 139–143). Available at IET and IEEE xplorer.
Yadav, V. K., & Batham, S. et al. (2013). Hiding large amount of data using a new approach of video steganography. In Proceedings Fourth International Conference Confluence 2013: The Next Generation Information Technology Summit, Sept 27–28, pp. 337–343 (Available at IET and IEEE xplorer).
Webliography
Acknowledgments
I would like to thanks my guru Dr. B.M. Mehtre whose is also co-author of this paper, for his kind nature, faith and of course the guidance from time-to-time during the fellowship program. I would also like to thanks my parents, whose blessings are constant inspiration to me and also to Varsha Yadav for sharing his valuable time to share her knowledge.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Yadav, V.K., Trivedi, M.C., Mehtre, B.M. (2016). DDA: An Approach to Handle DDoS (Ping Flood) Attack. In: Satapathy, S., Joshi, A., Modi, N., Pathak, N. (eds) Proceedings of International Conference on ICT for Sustainable Development. Advances in Intelligent Systems and Computing, vol 408. Springer, Singapore. https://doi.org/10.1007/978-981-10-0129-1_2
Download citation
DOI: https://doi.org/10.1007/978-981-10-0129-1_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0127-7
Online ISBN: 978-981-10-0129-1
eBook Packages: EngineeringEngineering (R0)