Call for Paper - January 2023 Edition
IJCA solicits original research papers for the January 2023 Edition. Last date of manuscript submission is December 20, 2022. Read More

Mitigating DDoS using Threshold-based Filtering in Collaboration with Capability Mechanisms

International Journal of Computer Applications
© 2014 by IJCA Journal
Volume 96 - Number 10
Year of Publication: 2014
Shubha Mishra
R. K. Pateriya

Shubha Mishra and R K Pateriya. Article: Mitigating DDoS using Threshold-based Filtering in Collaboration with Capability Mechanisms. International Journal of Computer Applications 96(10):49-54, June 2014. Full text available. BibTeX

	author = {Shubha Mishra and R. K. Pateriya},
	title = {Article: Mitigating DDoS using Threshold-based Filtering in Collaboration with Capability Mechanisms},
	journal = {International Journal of Computer Applications},
	year = {2014},
	volume = {96},
	number = {10},
	pages = {49-54},
	month = {June},
	note = {Full text available}


Capability based approaches have been a major area of work since long time. They are robust against address spoofing attacks. However, they are vulnerable to a new type of attack called Denial-of-Capability attack. Also, bandwidth flooding is another serious issue. This article proposed a novel approach for collaboration of capability with a filtering mechanism. Dynamic threshold for traffic monitoring, implemented over underlying basic capability approach is an effective attempt to mitigate these two major vulnerabilities. A detailed framework is discussed in this research work along with estimation of the expected latency. Essential algorithms are provided for implementation of the approach. The approach is an effective key to handle loopholes in capability techniques. Since, no standalone solution exists for DDoS mitigation; this work provides a collaborative defense, thereby, enhancing robustness against them.


  • Garber, L. "Denial-of-service attacks rip the Internet", IEEE Journal on Computer, vol. 33 (4), pp. 12-17, 2000.
  • Scalzo, F. 2006. "Recent dns reactor attacks", VeriSign, [online] http://www. nanog. org/mtg-0606/pdf/frank-scalzo. pdf.
  • Vaughn, R. and Evron, G. 2006. "DNS amplification attacks", [online] http: // www. isotf. org/news/DNS-Amplification-Attacks. pdf.
  • P. Ferguson, and D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks that employ IP source address spoofing, Internet RFC 2827, 2000.
  • Egress Filtering, [online] http: // en. wikipedia. org/wiki/Egress_Filtering.
  • John Ioannidis and Steven M. Bellovin, "Implementing Pushback: Router-Based Defense Against DDoS Attacks", in Proc. of Network and Distributed System Security Symposium, 2002.
  • Xin Liu, Xiaowei Yang and Yanbin Lu, "To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets", ACM SIGCOMM'08, August 17–22, 2008, Seattle, Washington, USA.
  • K. Argyraki and D. R. Cheriton, Scalable network-layer defense against internet bandwidth-flooding attacks, IEEE/ACM Transaction Netw. , 17(4), pp. 1284-1297, August 2009.
  • B. Parno, D. Wendlandt, E. Shi, A. Perrig, B. Maggs, and Y. -C. Hu, "Portcullis:Protecting Connection Setup from Denial-of-Capability Attacks. " , ACM SIGCOMM, 2007.
  • A. Yaar, A. Perrig, and D. Song, "SIFF: a Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks", in Proc. 2004 IEEE Symposium on Security and Privacy, pp. 130-143, May 2004.
  • X. Yang, D. Wetherall, and T. Anderson, "TVA: a DoS-limiting network architecture", IEEE/ACM Trans. Netw. , vol. 16, no. 6, pp. 1267-1280, 2008.
  • "Packet analyzer", [online] http://en. wikipedia. org/wiki/Packet_analyzer.
  • A. John, and T. Sivakumar, "DDoS: Survey of Traceback Methods", International Journal of Recent Trends in Engineering ACEEE, Association of Computer Electronics & Electrical Engineers, vol. 1, no. 2, May 2009.
  • P. Gupta and N. McKeown, Packet classification on multiple fields, in the Proceedings of ACM SIGCOMM'99, ACM, August 1999.
  • R. Guerin, S. Kamat, V. Peris, and R. Rajan, Scalable QoS Provision Through Buffer Management, Proceedings of SIGCOMM'98,
  • "Latency (engineering)", [online] http://en. wikipedia. org/wiki/Latency_(engineering).
  • V. Firoiu, M. Borden, "A Study of Active Queue Management for Congestion Control", INFOCOMM 2000.
  • R. Pan, B. Prabhakar, K. Psounis," CHOKe: A Stateless Active Queue Management Scheme for Approximating Fair Bandwidth Allocation", INFOCOMM'00.
  • X. Yang, A DoS Limiting Network Architecture, [online] http://www. cs. duke. edu/nds/ddos/