CFP last date
22 April 2024
Reseach Article

Mitigating DDoS using Threshold-based Filtering in Collaboration with Capability Mechanisms

by Shubha Mishra, R. K. Pateriya
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 96 - Number 10
Year of Publication: 2014
Authors: Shubha Mishra, R. K. Pateriya
10.5120/16833-6597

Shubha Mishra, R. K. Pateriya . Mitigating DDoS using Threshold-based Filtering in Collaboration with Capability Mechanisms. International Journal of Computer Applications. 96, 10 ( June 2014), 49-54. DOI=10.5120/16833-6597

@article{ 10.5120/16833-6597,
author = { Shubha Mishra, R. K. Pateriya },
title = { Mitigating DDoS using Threshold-based Filtering in Collaboration with Capability Mechanisms },
journal = { International Journal of Computer Applications },
issue_date = { June 2014 },
volume = { 96 },
number = { 10 },
month = { June },
year = { 2014 },
issn = { 0975-8887 },
pages = { 49-54 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume96/number10/16833-6597/ },
doi = { 10.5120/16833-6597 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:21:25.460971+05:30
%A Shubha Mishra
%A R. K. Pateriya
%T Mitigating DDoS using Threshold-based Filtering in Collaboration with Capability Mechanisms
%J International Journal of Computer Applications
%@ 0975-8887
%V 96
%N 10
%P 49-54
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Capability based approaches have been a major area of work since long time. They are robust against address spoofing attacks. However, they are vulnerable to a new type of attack called Denial-of-Capability attack. Also, bandwidth flooding is another serious issue. This article proposed a novel approach for collaboration of capability with a filtering mechanism. Dynamic threshold for traffic monitoring, implemented over underlying basic capability approach is an effective attempt to mitigate these two major vulnerabilities. A detailed framework is discussed in this research work along with estimation of the expected latency. Essential algorithms are provided for implementation of the approach. The approach is an effective key to handle loopholes in capability techniques. Since, no standalone solution exists for DDoS mitigation; this work provides a collaborative defense, thereby, enhancing robustness against them.

References
  1. Garber, L. "Denial-of-service attacks rip the Internet", IEEE Journal on Computer, vol. 33 (4), pp. 12-17, 2000.
  2. Scalzo, F. 2006. "Recent dns reactor attacks", VeriSign, [online] http://www. nanog. org/mtg-0606/pdf/frank-scalzo. pdf.
  3. Vaughn, R. and Evron, G. 2006. "DNS amplification attacks", [online] http: // www. isotf. org/news/DNS-Amplification-Attacks. pdf.
  4. P. Ferguson, and D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks that employ IP source address spoofing, Internet RFC 2827, 2000.
  5. Egress Filtering, [online] http: // en. wikipedia. org/wiki/Egress_Filtering.
  6. John Ioannidis and Steven M. Bellovin, "Implementing Pushback: Router-Based Defense Against DDoS Attacks", in Proc. of Network and Distributed System Security Symposium, 2002.
  7. Xin Liu, Xiaowei Yang and Yanbin Lu, "To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets", ACM SIGCOMM'08, August 17–22, 2008, Seattle, Washington, USA.
  8. K. Argyraki and D. R. Cheriton, Scalable network-layer defense against internet bandwidth-flooding attacks, IEEE/ACM Transaction Netw. , 17(4), pp. 1284-1297, August 2009.
  9. B. Parno, D. Wendlandt, E. Shi, A. Perrig, B. Maggs, and Y. -C. Hu, "Portcullis:Protecting Connection Setup from Denial-of-Capability Attacks. " , ACM SIGCOMM, 2007.
  10. A. Yaar, A. Perrig, and D. Song, "SIFF: a Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks", in Proc. 2004 IEEE Symposium on Security and Privacy, pp. 130-143, May 2004.
  11. X. Yang, D. Wetherall, and T. Anderson, "TVA: a DoS-limiting network architecture", IEEE/ACM Trans. Netw. , vol. 16, no. 6, pp. 1267-1280, 2008.
  12. "Packet analyzer", [online] http://en. wikipedia. org/wiki/Packet_analyzer.
  13. A. John, and T. Sivakumar, "DDoS: Survey of Traceback Methods", International Journal of Recent Trends in Engineering ACEEE, Association of Computer Electronics & Electrical Engineers, vol. 1, no. 2, May 2009.
  14. P. Gupta and N. McKeown, Packet classification on multiple fields, in the Proceedings of ACM SIGCOMM'99, ACM, August 1999.
  15. R. Guerin, S. Kamat, V. Peris, and R. Rajan, Scalable QoS Provision Through Buffer Management, Proceedings of SIGCOMM'98,
  16. "Latency (engineering)", [online] http://en. wikipedia. org/wiki/Latency_(engineering).
  17. V. Firoiu, M. Borden, "A Study of Active Queue Management for Congestion Control", INFOCOMM 2000.
  18. R. Pan, B. Prabhakar, K. Psounis," CHOKe: A Stateless Active Queue Management Scheme for Approximating Fair Bandwidth Allocation", INFOCOMM'00.
  19. X. Yang, A DoS Limiting Network Architecture, [online] http://www. cs. duke. edu/nds/ddos/
Index Terms

Computer Science
Information Sciences

Keywords

Capability and Filtering based mechanisms Bandwidth flooding attack.