This action might not be possible to undo. Are you sure you want to continue?

7, October 2010

**A DYNAMIC APPROACH TO DEFEND AGAINST ANONYMOUS DDoS FLOODING ATTACKS
**

Mrs. R. ANUREKHA

Lecturer, Dept. of IT Institute of Road and Transport Technology, Erode, Tamilnadu, India.

Dr. K. DURAISWAMY

Dean, Department of CSE K.S.Rangasamy College of Technology, Tiruchengode, Namakkal, Tamilnadu, India.

A.VISWANATHAN

Lecturer, Department of CSE K.S.R.College of Engineering, Tiruchengode, Namakkal, Tamilnadu, India

Dr. V. P. ARUNACHALAM

Principal, SNS College of Technology, Coimbatore, Tamilnadu, India

A. RAJIV KANNAN

Asst.Prof, Department of CSE K.S.R.College of Engineering, Tiruchengode, Namakkal, Tamilnadu, India.

Abstract: Several IP traceback schemes have been proposed to trace DoS/DDoS attacks that abuse the internet. A mechanism for IP traceback based on the geographic information rather than the traditional IP address information was proposed in [1], for 8 directions is a planar environment. Extension of this two dimensional directed geographical traceback to 2n [n≥ 4] directions is also available [2]. In this paper, the DGT scheme has been generalized to three dimensions, with all routers in a spherical environment in tune with reality. A traceback algorithm, called Direction Ratio Algorithm (DRA) enables IP traceback with robustness and fast convergence. Keywords: IP traceback, spherical environment, DRS (Direction Ratio Set), DRA (Direction Ratio Algorithm).

K. GANESH KUMAR

Lecturer, Department of IT K.S.R.College of Engineering, Tiruchengode, Namakkal, Tamilnadu, India

information, rather than the traditional IP address [1]. This scheme has been extended to 2n (n≥4), directions in a planar environment [2], where all the routers and devices are assumed to be coplanar, which is not always true. In this paper, we have generalized DGT to three dimensions, where the true spherical topology of the geographical globe is taken into consideration for the traceback. All the advantages (like robustness, fast convergence, independence etc.,) of the two dimensional DGT are available in the three dimensional scheme as well. The basic assumptions about the traffic and the network are the same as in [1]. The rest of this paper is organized as follows. In section II, the spherical topology of the routers is introduced in normalized coordinates. Concept of DRS (Direction Ratio Set) & the uniqueness theorem are discussed in sections III & IV. Several options of NDRS (Neighborhood Direction Ratio set) and DRA (Direction Ratio Algorithm) traceback are described in sections V & VI. Limitations are discussed in section VII, while in section VIII conclusions and future prospects are detailed.

1.

INTRODUCTION

DDoS attacks continue to plague the internet, due to the availability of a plethora of attacking tools (TFN, Trin00 and stacheldraht) [3]. Since DDoS attacks rely on anonymity, it follows that a solution must eliminate some of the anonymity of the hosts. Finding the source of the spoofed packets, called the IP traceback problem is one of the hardest security problems needing redressal. Among several traceback schemes, the directed geographical traceback (DGT) is based on geographical

279

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 7, October 2010

2.

GEOGRAPHICAL TOPOLOGY OF THE EARTH:

3.

Referred to rectangular axes, OX, OY, OZ, the earth can be, geographically considered as a sphere, having the equation, X2 + Y 2 + Z2 = a2 (2.1) With points A, B, C having coordinates (a,o,o), (o,a,o) and (o, o, a) respectively

CONCEPT OF DIRECTION RATIO SET (DRS) AT A ROUTER POINT.

The direction of a line in space, is indicated by their direction cosines (Cosα, Cosβ, Cosγ) where α, β, γ are the angles which the line makes with positive directions of the axes. (Refer Fig 3.1). We can show Cos2α + Cos2β + Cos 2γ = 1 for all direction cosines (d.c). (3.1)

Z

The d.c being cumbersome fractions / irrationals in [-1, 1], are not suited for IP traceback.

Z

C O O A X

α

X

B Y

γ

FIGURE 2.1-TOPOLOGY OF EARTH

Origin is at the centre & ‘a’ is the radius of the earth. Making the transformation X=ax, Y= ay, Z = az Eq. (2.1) gives x2 +y2 +z2 = 1 (2.3) (2.2)

β

Y

FIGURE 3.1 – DIRECTION ANGLES OF A LINE IN SPACE

where the metric unit is the radius of the earth. Alternatively, assuming the ellipsoidal topology of the earth in the form

X 2 Y2 Z2 + + =1 a2 b2 c2

where under the transformation. X=ax, Y = by, Z= cz Eq. (2.4) gives x2 + y2 + z2 = 1

Hence, we use proportional quantities to d.c, called direction ratios (d.r), denoted by (a, b, c) where a, b, c are integers with gcd (a, b, c) = 1 (3.2) Direction Ratio Set (DRS) at a router point Ro, is the set Di of direction ratios Di = {(ai , bi , ci ), ie = 1 to n} (3.3) of its immediate neighbors Ri to Rn from Ro (Refer fig 3.2). Note that all router points Ri for i = 0 to n all lie on the unit sphere.

(2.4)

(2.5) (2.3)

**Hence in our traceback study, the routers Ri are at chosen points P (xi, yi , zi ) on Eq. (2.3) where xi + yi2 + z i 2 = 1 for all i.
**

2

280

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 7, October 2010

In contrast to two dimensional DGT, we can prove that, for any specific direction ratio (ai, bi, ci ) at Ro , there is a unique router Ri on the sphere.

Substituting in Eq. (4.4) and simplifying we get r = -2(ai xo + bi yo + c izo) / (ai2 + bi 2 + c i2) Thus there is a (1-1) correspondence between Di = (ai, bi ,ci ) (the d.r ) and the points (4.5)

R1

R2 R3

Ri = (xi, yi ,zi ) on the sphere except when ai xo + bi yo + c izo = 0 (4.6) when the direction is that of the tangent line at Ro.

R0 ( ai, bi, ci )

.

Ri

This uniqueness makes the three dimensional IP traceback, a robust one, converging on a single packet. 5. NEIGHBORHOOD DIRECTION RATIO SET (NDRS) AT A ROUTER POINT.

In space, from any router point Ro, there are infinite directions, all of which, by uniqueness theorem give distinct, infinitely many, possible router points Ri on the unit sphere.

FIGURE 3.2 – DR SET FROM ROUTER RO

It is needless/ impossible for routers to know the d.r of all its successors. To reduce the router overhead, we introduce the concept of NDRS (Neighborhood Direction Ratio Set) which alone it should know. In general, the direction ratio triad of integers (ai, bi ,ci ) are allowed to take values given by 0 ≤ / ai /, / bi / , / ci / ≤ n, n € N (5.1) then d(n), number of directions from Ro satisfies the inequality (2n)3 < d(n) < (2n +1)3 (5.2) due to the weeding out of redundant direction ratios from the total set. The choice of n, and hence d (n), depends on the field width reserved for each d.r triad in the packet header. It is easily verified that for a field width allotment of 3(m+ 1) bits for a d.r triad, the range is 0 ≤ / ai /, / bi /, / ci / ≤ n where n=2 – 1 and (2n) 3 < d (n) < (2n+1)3 (5.4) Specifically, for a field of 6 bits for a d.r triad (including 3 sign bits),

m

4.

UNIQUENESS THEOREM

A. Statement: If (x0, yo, zo) are the coordinates of router Ro , then there is a unique router Ri (xi , yi, zi) in the directions Ro Ri , with d.r (ai ,bi ,ci ) where x I = xo+a i r, yi =yo + bi r, zi = zo + ci r with r = -2 (ai xo+ bi yo +c izo)/ (a i +b i +c i ) B. Proof: Ri(xi,yi zi) (ai, bi ,ci )

2 2 2

(4.1) (4.2)

(5.3)

Ro (xo ,yo ,zo)

0 ≤ / ai /, / bi /, / ci / ≤ 1 and 8 < d (1) < 27 We can show that d (1) =13 and the 13 d. r. are in Table 5.1 shown below.

FIGURE 4.1 – (1 – 1) CORRESPONDENCE OF (ai, bi , ci) AND Ri

The point Ri in parametric form is xi = xo + ai r, yi = y o + bi r , zi = zo + ci r and lies on x2 + y2 + z2 = 1 (4.3) (4.4)

6.

THREE DIMENSIONAL TRACEBACK PROCEDURES.

∴x i +y i + z i= 1

2 2 2

Assuming that for every router the NDRS has been uniformly chosen, So that a Uniform field width is needed for the d.r marking, the traceback procedure is as follows: (for 13 directions, we need 6 bits/d.r).

281

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 7, October 2010

Let Di = (ai , bi ,ci ) be the D.R triad at router R of direction RRi .Then the Direction Ratio Algorithm (DRA) is as follows:

TABLE 5.1 DIRECTION RATIOS OF D (1)

Di D1 D2 D3 D4 D5 D6

Directional Ratios (1,0,0) (0,1,0) (0,0,1) (1,1,0) (-1,1,0) (1,0,1)

D7 D8 D9 D10 D11 D12 D13

(-1,0,1) (0,1,1) (0,-1,1) (1,1,1) (-1,1,1) (1,-1,1) (1,1,-1)

B. QUALITATIVE COMPARISON OF DGT 16 WITH OTHER TRACEBACK SCHEMES Due to the totally different nature of DGT and other well known traceback schemes, involving packet marking or packet logging techniques, quantitative comparison of the various schemes is not possible. Hence in this section, we first present a qualitative comparison between DGT and other well known traceback schemes. Success of any traceback scheme is determined by four key factors – computational overhead involved for packet marking, memory requirement for packet logging, scalability of the proposed scheme and the need for cooperation between other do mains. The overhead of the DGT presented here is very light; The DGT scheme is also scalable. No Cooperation between different ISPs is required. Furthermore unlike PPM and SPIE, the scheme can be used to mitigate the effect of the attack while the attack is ragging on. The comparison summary is in Table 7.1.The result as reported in table proves the superiority of directed geographical IP Traceback with respect to computational load, scalability and mitigation capability parameters over all other previously proposed schemes. C. LIMITATIONS OF DRA DRA is both robust and extremely quick to converge (on a single packet) and is independent. For 13 directions/router, the field /d.r is as small as 6 bits per hop. Yet there are limitations. Apart from the router overhead incurred by appending data to packets in flight, since the length of the path is not known apriori, it is impossible to ensure that there is sufficient unused space in the packet for the complete list of d.r of the path. This problem can be addressed by d.r sampling by the routers on the path, one at a time, instead of recording the entire path list of d.r.

A. Marking procedure at router R For each packet w, append Di to w. B. Path reconstruction at victim V For any packet w from attacker, extract D.R list (D1, D2…) from the suffix of w. Unique traceback is now possible using the results (4.1) and (4.2). If (Dn-1, Dn-2…Do) are the n suffixes of w during the n hops from Rn to R0 then the path is constructed as in fig 6.1

R

D

R

D

R

D

R

8. Dn-1 A CONCLUSION We have generalized the ideal, two dimensional DGT, to real three dimensional DGT on a unit sphere. Concepts of DR, DRS and NDRS along with the uniqueness theorem have been introduced. The DRA traceback is qualitatively robust, with fast convergence and independence. The storage issue is addressed through the DRSA traceback, (d.r sampling algorithm) which will be reported with further work, so as to make 3 dimensional, multidirectional, Geographical traceback more useful.

V

FIGURE 6.1 – TRACEBACK CONSTRUCTION

7.

PERFORMANCE COMPARISON

A. COMPARISON OF DGT 16 WITH DGT 8 DGT 16 and DGT 8 being like schemes (the former, removing the directional constraints of the latter) they have equivalent advantages with respect to computational burden, scalability and mitigation capability of the attack, except for the fact that 16 directions are available now, with nil or negligible additional computations.

282

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

TABLE 7.1 PERFORMANCE COMPARISON OF VARIOUS TRACEBACK SCHEMES

Scheme

Author

Memory Requirements at Routers High Fair NIL NIL NIL NIL NIL

Traceback Computational Burden Scalability Time required Low Low Fair Medium Fair Fair Fair Fair Negligible Negligible Number of packets required Traced each packet Low High Low Low Fair Fair Fair Traced each packet Traced each packet

SPIE Logging Distributed‐Log‐based Scheme for IP Traceback ID‐Based PPM for IPT ERPPM Flexible Deterministic Packet Marking (FDPM) Pi: A Path Identification Mechanism A Real‐Time Traceback Scheme ‐ DDoS Attacks Marking and Logging for Marking and Logging forIPT 2D 16 directional DGT DGT 3D multi‐directional DGT

Strayer, et.al Jing , et.al Tseng, et.al LIU , et.al Xiang , et.al Yaar, et.al Huang , et.al Al‐ Duwairi, et.al Kannan, et.al Kannan, et.al

High High High High Medium Light Medium

Poor Good Good Good Good Good Good Good Good Good

PPM

DPM

Other Approaches

Medium

Medium

NIL NIL

Light Light

9.

REFERENCES

AUTHORS PROFILE: ANUREKHA R received B.E. and M.E degrees, from Madras University.and Anna University in 1998 and 2004 respectively . She is currently working as a Lecturer in the Department of Information Technology at Institute of Road and Transport Technology, affiliated to Anna University. Her research interest includes Network and Security. She is also a member of ISTE. DR.K.DURAISWAMY received the B.E., M.Sc. and Ph.D. degrees, from the University of Madras and Anna Univ. in 1965,1968 and 1987 respectively. After working as a Lecturer (from 1968) in the Dept. of Electrical Engineering in Government College of Engineering, Salem affiliated to Anna Univ. and as an Asst. professor (from 1983) in Government College of Technology, Coimbatore(Anna Univ. ),and as a Professor and Principal (from 1995) at K.S.Rangasamy College of Technology (Anna Univ.). He has been working as a Dean in the Dept. of Computer Science and Engineering at K.S.Rangasamy College of Technology, Anna University since 2005. His research interest includes Mobile Computing, Soft Computing, Computer Architecture and Data Mining. He is a Sr. member of ISTE, SIEEE, CSI. A.VISWANATHAN received the B.E., degree from the Anna University, Chennai and M.E degree from Anna University, Coimbatore. He is doing his research in Network Security. His area of interest includes Operating Systems and Object Analysis and Design. He is a student member of ISTE.

[1]. Zhiqiang Gao and Nirwan Ansari (2005), “Directed Geographical Traceback”.,IEEE transactions , IEEE paper 221-224. [2]. A.Rajiv Kannan, Dr.K.Duraiswamy (2008),”16 directional DGT with generalization to 2n (n>4) directions”.,IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.11. [3]. CERT, “Computer emergency response team, CERT advisory ca-20002001: Denial-ofservice development http://www.cert.org/advisorees/CA-2000-01,html,2000. [4]. S.Savage, D.Wetherall (2001), “Pratical network support for IP Traceback” IEEE/ACM transactions on Networking Vol 9-pp 226237. [5]. V.Padmanahan. (2001), “Determining the geographic location of internet hosts,” ACMSIGMETRICS ’01; Cambridge, MA., pp 324325. [6]. V.Padmnabham. (2001), “An investigation of geographic mapping techniques for internet hosts”., ACM SIGCOMM’01.,San Diego., CA., pp 173-185. [7]. P.Ferguson (1998), “Network ingress filtering: defeating DOS attacks which employ IP source address spoofing”, RFC 2267. [8]. R.Govindan (2000), “Heuristics for internet map discovery”, Proceedings of IEEE INFOCOM conference.,Tel Aviv.,Israel. [9]. B.Al-Duwairi and T.E.Daniala (2004), “Topology based marking”., IEEE int. conf on computer comm. and networks.,(ICCCN). [10]. T.Baba and S.Matsuda (2002), “Tracing network attacks to their sources “., Proe .conf IEEE internet computing., Vol 6., No:2,pp 2026.

283

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

A.RAJIVKANNAN received the B.E. and M.E degrees, from Periyar Univ.and Anna Univ. in 2002 and 2004,respectively . After working as a Lecturer( from 2004) and he has been a Senior lecturer in the Dept. Of Computer Science and Engineering at K.S.R. College of Engineering affiliated to Anna Univ. since June 2008. His research interest includes Network and its Security especially in IP traceback & DDoS . Other areas include Operating Systems and MANET. He is a member of ISTE. One of his research paper was published in International Journal of Computer Science and Network Security in November 2008.

K. GANESH KUMAR received the B.Tech., degree from the Anna University, Chennai His Research Area includes Computer Networks and security in 2006and M.E degree from Anna University, Coimbatore., Operating Systems and Object Analysis and Design. He is a student member of ISTE.

284

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

- Journal of Computer Science IJCSIS March 2016 Part II
- Journal of Computer Science IJCSIS March 2016 Part I
- Journal of Computer Science IJCSIS April 2016 Part II
- Journal of Computer Science IJCSIS April 2016 Part I
- Journal of Computer Science IJCSIS February 2016
- Journal of Computer Science IJCSIS Special Issue February 2016
- Journal of Computer Science IJCSIS January 2016
- Journal of Computer Science IJCSIS December 2015
- Journal of Computer Science IJCSIS November 2015
- Journal of Computer Science IJCSIS October 2015
- Journal of Computer Science IJCSIS June 2015
- Journal of Computer Science IJCSIS July 2015
- International Journal of Computer Science IJCSIS September 2015
- Journal of Computer Science IJCSIS August 2015
- Journal of Computer Science IJCSIS April 2015
- Journal of Computer Science IJCSIS March 2015
- Fraudulent Electronic Transaction Detection Using Dynamic KDA Model
- Embedded Mobile Agent (EMA) for Distributed Information Retrieval
- A Survey
- Security Architecture with NAC using Crescent University as Case study
- An Analysis of Various Algorithms For Text Spam Classification and Clustering Using RapidMiner and Weka
- Unweighted Class Specific Soft Voting based ensemble of Extreme Learning Machine and its variant
- An Efficient Model to Automatically Find Index in Databases
- Base Station Radiation’s Optimization using Two Phase Shifting Dipoles
- Low Footprint Hybrid Finite Field Multiplier for Embedded Cryptography

Sign up to vote on this title

UsefulNot usefulSeveral IP traceback schemes have been proposed to trace DoS/DDoS attacks that abuse the internet. A mechanism for IP traceback based on the geographic information rather than the traditional IP ad...

Several IP traceback schemes have been proposed to trace DoS/DDoS attacks that abuse the internet. A mechanism for IP traceback based on the geographic information rather than the traditional IP address information was proposed in [1], for 8 directions is a planar environment. Extension of this two dimensional directed geographical traceback to 2n [n≥ 4] directions is also available [2]. In this paper, the DGT scheme has been generalized to three dimensions, with all routers in a spherical environment in tune with reality. A traceback algorithm, called Direction Ratio Algorithm (DRA) enables IP traceback with robustness and fast convergence.

- Ijcsi Paper 14
- ACL Introduction
- An Enhanced Ip Traceback Mechanism for Tracking the Attack Source Using Packet Marking
- IEEE- small group multicast
- Network Basics
- EIGRP_Pract
- Modul 2 - Paket Ruting dan Forwading.ppt
- trhyu
- Chapter 5 - OSI Network Layer
- Wireshark Self Notes
- 1211 WP NetworkTroubleshooting
- Cis185 Mod5 EIGRP
- Nt 2 Lecture 2 Eigrp
- Cisco CCNA Security Module 2
- 1800 Router Setup File
- Sw Skills
- 890_cvo.doc
- spie-ton
- CCNA Security Module 2
- Chap 5 Practice Testanswers
- A Precise Termination Condition of the Probabilistic Packet Marking Algorithm
- 6.4.1.2 Packet Tracer - Configure Initial Router Settings Instructions
- 01 Switching
- CCNA Security Ch02 Quiz Answers
- Switching
- 2011
- Configuring EIGRP Cisco
- 2013
- TW MX3D PacketWalkthrough
- Backbone Cheatsheet
- A Dynamic Approach To Defend Against Anonymous DDoS Flooding Attacks