defending against distributed denial of service 1

8/2/2019 Defending Against Distributed Denial of Service 1

1/23

Defending Against Distributed

Denial Of Service

Guided By:

Mr. Velmurugan (ME)

Programmed By:

Vigneshwaran.U

Arun.V.S

Arulmani.M.A

Balaji.S

Rajkiran.R


2/23

ABSTRACT

A DDOS(Distributed Denial Of Service) attack is a

sophisticated attack created by a large number of compromised

host that are instructed to send useless packets to jam a victimserver and hence the sever gets overhead and hence it cant

manage the resources due to DDOS attack.


3/23

INTRODUCTION(1/2)

Network Security:

Network security is a very vital concept in this scenario .

Security of network can be made useless by breaking the

secrecy, authentication, also when message integrity is not

available.


4/23

(2/2)

There are three aspects on information security:

Security attack :

Any action that compromises the security information

owned by an organization.

Security mechanism:A mechanism that is designed to detect, prevent or

recover from a security attack.

Security services:

A service that enhances the security of the data

processing systems and the information transfers of

an organization


5/23

SYSTEM REQUIREMENTS

HARDWARE REQUIREMENTS:

i. 128 MB RAM

ii. 20 GB HDD

iii. Color Monitor

iv. 101 Keyboard

v. Mouse


6/23

SOFTWARE REQUIREMENTS:

i. Windows XP

ii. Java

iii. Swing

iv. JPCap


7/23

Background Information: Denial of

Service Attacks

DoS Attacks Affect:

i. Software Systems

ii. Network Routers/Equipment/Servers

iii. Servers and End-User PCs


8/23

MODULE

Pre Analyzer

Dos Attacker Controller

Initiative Server


9/23

PRE ANALYSER :

Pre analyzer is implemented inside the server, it measuresthe current traffic load level of the Network by capturingpackets using JPCAP tool.

JPCAP JPCap is a Java Class package that allows JavaApplication to capture or send packets to the network.

In this module we split files into packets and send theminto the server for testing the traffic load level.

A log table is created at the Pre-analyzer that keeps theinformation about the incoming packets(packet size , IPaddress, type)

Initiative server looks up into this log table and retrievesthe information


10/23

DOS ATTACKER :

The Dos Attacker is the attacker, who sends multipleredundant packet using many compromised system to the

target system.

In this module the splitted files are sent to the server by

two modes of attack. One by normal mode and another by

assail mode

In normal mode we send the packet normally without any

redundancy.

In assail mode we generally send the redundant files of

size equals to the server capacity or the size above the

server capacity.


11/23


12/23

CONTROLLER :

The Controller plays a major role in dropping the

redundant packets when it receives signal from the

server.

The Controller is used to control the flow of packets.

In this module when the throttle is activated the

controller keeps track of all incoming packets and the

host IP address in the byte array.


13/23

Packet sent Control to check for throttle

undropped packets

Packets that are legal

Throttle signal

Data from

user ControllerWith or

without

throttling

Server / receiver

Receives or accepts the

data

Algorith m

dropped


14/23

INITIATIVE SERVER :

Initiative Server module implements the throttle

algorithm when it identifies the load crossing max-min

limit.


15/23

CONTROLLER DIAGRAM:


16/23

ALGORITHM

We represent the throttle algorithm in which traffic is

throttled by dropping a function of the traffic.

It is used to control the flow of the traffic to the server.

Throttle Dropping a fraction of the traffic.

Throttle has to be invoked when either:

The current server loads(measures as traffic arrival rate to cross

over the limit).

A throttle is in effect and the current server loads drop below limit.


17/23

Fair Throttle Algorithm:

Algorithm fair_throttle

last :== -;

while (1)multicast current rate-rs throttle to R(k);

monitor traffic arrival rate for time window w;

if ( > Us) /* throttle not strong enough */

/* further restrict throttle rate*/

rs :== rs/2;

elif ( < Ls) /* throttle too strong */

if (- last

< )

remove rate throttle from R(k);

break;

else

/* try relaxing throttle by additive step */

last :== ;rs:== rs + ;

fi;

elsebreak;

fi;

end while;


18/23

EXISTING SYSTEM

IP TRACE backmechanism:

This mechanism traces the IP packets that enters in to

the network. The IP address of incoming packets is compared

with the log table which maintains the IP addresses of the DOS

attacker hosts. But this mechanism is not highly effective for

DDOS attacks.

Drawbacks:

Detecting the attackers is very difficult and time

consuming.


19/23


20/23

PROPOSED SYSTEM

DefendingAgainst DDOS attack Using Throttle Algorithm:

The throttle mechanism is highly effective in preferentially

dropping attacker traffic over good user traffic.

Throttling can regulate the experienced server load to below

its design limit, so that the server can remain operational

during a DDOS attack

It is cost effective since the algorithm is implemented at the

router


21/23

ADVANTAGE

The Throttle mechanism is highly effective in

preferentially dropping attackers traffic over good user

traffic.

Throttle can regulate the server load below its designlimit in the presence of user level of the throttle is

dynamic.

So a server can remain operational during DDOS attack.

It is Cost effective since algorithm is implemented at therouter.


22/23

CONCLUSION

The DDOS attacks can be rectified by using these four

modules, They are Pre Analyzer, DOD Attacker, Controller

and Initiative Server.

To Avoid this DDOS attack a throttle algorithm is used,

which is used to control the flow of traffic to the server.


23/23

defending against distributed denial of service 1

Documents