You are on page 1of 23

Defending Against Distributed Denial Of Service

Guided By: Mr. Velmurugan (ME)

Programmed By: Vigneshwaran.U Arun.V.S Arulmani.M.A Balaji.S Rajkiran.R

A DDOS(Distributed Denial Of Service) attack is a sophisticated attack created by a large number of compromised host that are instructed to send useless packets to jam a victim server and hence the sever gets overhead and hence it cant manage the resources due to DDOS attack.

INTRODUCTION (1/2) Network Security: Network security is a very vital concept in this scenario . . Security of network can be made useless by breaking the secrecy. also when message integrity is not available. authentication.

prevent or recover from a security attack. Security mechanism: A mechanism that is designed to detect. Security services: A service that enhances the security of the data processing systems and the information transfers of an organization ‡ ‡ .(2/2) There are three aspects on information security: ‡ Security attack : Any action that compromises the security information owned by an organization.

SYSTEM REQUIREMENTS HARDWARE REQUIREMENTS: i. v. ii. iii. 128 MB RAM 20 GB HDD Color Monitor 101 Keyboard Mouse . iv.

iii.SOFTWARE REQUIREMENTS: i. ii. Windows XP Java Swing JPCap . iv.

Network Routers/Equipment/Servers iii.Background Information: Denial of Service Attacks DoS Attacks Affect: i. Servers and End-User PCs . Software Systems ii.

MODULE ‡ ‡ ‡ ‡ Pre Analyzer Dos Attacker Controller Initiative Server .

IP address. type) ‡ Initiative server looks up into this log table and retrieves the information . ‡ In this module we split files into packets and send them into the server for testing the traffic load level. ‡ JPCAP JPCap is a Java Class package that allows Java Application to capture or send packets to the network. it measures the current traffic load level of the Network by capturing packets using JPCAP tool. ‡ A log table is created at the Pre-analyzer that keeps the information about the incoming packets(packet size .PRE ANALYSER : ‡ Pre analyzer is implemented inside the server.

who sends multiple redundant packet using many compromised system to the target system. ‡ In this module the splitted files are sent to the server by two modes of attack. One by normal mode and another by assail mode ‡ In normal mode we send the packet normally without any redundancy. ‡ In assail mode we generally send the redundant files of size equals to the server capacity or the size above the server capacity.DOS ATTACKER : ‡ The Dos Attacker is the attacker. .


‡ The Controller is used to control the flow of packets. . ‡ In this module when the throttle is activated the controller keeps track of all incoming packets and the host IP address in the byte array.CONTROLLER : ‡ The Controller plays a major role in dropping the redundant packets when it receives signal from the server.

Packet sent Control to check for throttle Controller Data from user With or without throttling undropped packets Packets that are legal Throttle signal Algorith m dropped Server / receiver Receives or accepts the data .

INITIATIVE SERVER : ‡ Initiative Server module implements the throttle algorithm when it identifies the load crossing max-min limit. .


‡ It is used to control the flow of the traffic to the server. ‡ Throttle Dropping a fraction of the traffic. ‡ Throttle has to be invoked when either:  The current server loads(measures as traffic arrival rate to cross over the limit). .  A throttle is in effect and the current server loads drop below limit.ALGORITHM ‡ We represent the throttle algorithm in which traffic is throttled by dropping a function of the traffic.

. fi. if ( > Us) /* throttle not strong enough */ /* further restrict throttle rate*/ rs :== rs/2. fi. end while.Fair Throttle Algorithm: Algorithm fair_throttle last :== .last < ) remove rate throttle from R(k). else /* try relaxing throttle by additive step */ last :== . while (1) multicast current rate-rs throttle to R(k). else break. elif ( < Ls) /* throttle too strong */ if ( . break. monitor traffic arrival rate for time window w. rs:== rs + ..

But this mechanism is not highly effective for DDOS attacks.EXISTING SYSTEM IP TRACE back mechanism: This mechanism traces the IP packets that enters in to the network. The IP address of incoming packets is compared with the log table which maintains the IP addresses of the DOS attacker hosts. . Drawbacks: Detecting the attackers is very difficult and time consuming.


so that the server can remain operational during a DDOS attack ‡ It is cost effective since the algorithm is implemented at the router .PROPOSED SYSTEM Defending Against DDOS attack Using Throttle Algorithm: ‡ The throttle mechanism is highly effective in preferentially dropping attacker traffic over good user traffic. ‡ Throttling can regulate the experienced server load to below its design limit.

‡ Throttle can regulate the server load below its design limit in the presence of user level of the throttle is dynamic. ‡ So a server can remain operational during DDOS attack.ADVANTAGE ‡ The Throttle mechanism is highly effective in preferentially dropping attackers traffic over good user traffic. ‡ It is Cost effective since algorithm is implemented at the router. .

Controller and Initiative Server. . which is used to control the flow of traffic to the server. They are Pre Analyzer. DOD Attacker. ‡ To Avoid this DDOS attack a throttle algorithm is used.CONCLUSION ‡ The DDOS attacks can be rectified by using these four modules.