International Journal of Advanced Science and Engineering Research www.ijaser.in Volume: 1, Issue: 1, June 2016 ISSN: 2455-9288

DETECTION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS USING THE NETWORK PARAMETERS VARIATION Mr. R. Thoufiq Ahamed, Department Of Computer Science And Engineering , Al-Ameen Engineering College, Erode-638102, Tamil Nadu, India

Abstract: Distributed Denial of service is the term which describes the blocking of service provided by the server or a network system to its valuable users available in the network. Many researches are in progress to analyze the network resources availability and its allocation to users without any delay and in efficient manner. The main task includes the detection of network traffic and identification of the source of attack responsible for the blocking of service provision to the users. The proposed system describes the detection process with statistical parameters which makes the analysis process efficient and time being. It possesses various advantages like efficiency, scalable and independent of attack traffic. It helps to improve the resource utilization and the network performance.

Keywords: DDoS Attack, Attack Analysis,Entropy

I.INTRODUCTION Denial of Service attack is the term which describes the event that makes the user to pay their attention towards it. An event helps to prevent the authorized user from utilizing the available resources in the network is termed as Denial of Service. Many organizations face most of these kinds of problems. These types of attacks are to be performed by the system as an individual or in a group. Individual System can carry out the attack for the prevention of accessibility is called as Denial of Service attack and group / many numbers of compromised systems involved is termed as Distributed Denial of Service attack. Nowadays many numbers of systems are affected with the DDoS attacks. These types of attacks are very much difficult to categorize from the normal traffic in the network, due to its various levels of non authenticated transfers. Many numbers of researches are in progress to eradicate this problem. The current network topology is very much complicated for identifying the external unauthorized access to the internal resources available. It is due to the number of systems connected to the network. Copyright © 2016 by the Authors. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

822

International Journal of Advanced Science and Engineering Research www.ijaser.in Volume: 1, Issue: 1, June 2016 ISSN: 2455-9288

1. NEED OF NETWORK TRAFFIC FLOW ANALYSIS To improve the performance of the network, the process of monitoring the network is essential. Network flow analysis is the process of analyzing the incoming packets in numbers and find out whether it is accountable by the concerned network heads. The monitoring process is important in order to provide efficient service to the user community. Many numbers of threats are available in the network for the resources owned by many organizations. These threats are to be handled without affecting the resources. The performance parameters can be noted with the help of the packet transmission ratio. It is the ration of number of packets transmitted successfully without errors to the number of packets received. The Performance parameter can be denoted with the equation,

Various parameters are available to measure the performance of the network. They are number of packets processed successfully by an individual router, size of the packet information arrived and destination address to which the particular packets are sent. These are analyzed in order to identify whether there is any harm to the system in the network. To improve the network quality and its efficient service, the flow analysis is examined. Huge number of threats is available in order to break the efficiency of the system. To examine the performance, the network is to be monitored and check, if there are threats that associate its performance. It improves the visibility of the network and the performance of the router. The network flow analysis can be carried out based on two types of analysis. A. Depth First Analysis The analysis is made when the problem about the network is depicted clearly with its description. This method is adopted only when the list of possibilities is known. B. Breadth First Analysis Breadth first analysis is made when the network problem is not clearly mentioned. Need to take more sophisticated and expensive tools to verify the network analysis. The Security analysis can be made in two

different domains such as time domain and frequency

domain. Copyright © 2016 by the Authors. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

823

International Journal of Advanced Science and Engineering Research www.ijaser.in Volume: 1, Issue: 1, June 2016 ISSN: 2455-9288

A. Time Domain This is the most commonly used technique for finding out the strength of the security system. It helps to verify the information in a periodic manner states the happenings in the network rather than depicting the history about the individual. B. Frequency Domain The technique which monitors how often an event occurred based on a certain metric such as host, subnet, protocol and interface. 2. DETECTION OF UNEXPECTED TRAFFIC FLOW / DDOS ATTACKS DDoS attack is the primary attack happens in the present communication system. It focuses mainly on the loop hole available in the security system to steal the valuable information transmitting over the network.

U1, U2- Legitimate User, A1, A2 - Attacker, V- Victim

Fig. 1 Distributed Denial of Service Attack The above figure depicts the involvement of various systems in order to block the resource organized with a single system. The identification of the DDoS attack in the system is the difficult process because of its serious effect and the techniques it adopts to hack the system and its resources. When there is a valuable resource in the system, it must be prevented by assigning high security parameters to promote its access. It enhances the information security and increases the efficiency of the service provided to the users in the network. C. Fixation of Threshold Value

Copyright © 2016 by the Authors. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

824

International Journal of Advanced Science and Engineering Research www.ijaser.in Volume: 1, Issue: 1, June 2016 ISSN: 2455-9288

Detection of traffic is understood only when we keep the traffic as an important parameter and check with the default threshold values. There are three ways in which the threshold value for the flow analysis is fixed. Type 1: Network Capacity Fix a value based on the number of packets processed by the network router termed as the network processing capacity. It helps to identify the maximum number of packets processed successfully by a router can be identified. It helps to analyze the capacity of the router and decides that it manage the situation when the packet arrival is within the processing limit. Type 2: Packet Arrival Ratio The number of packets receives and processes by each router can be analyzed and the maximum number of packets received by a router can be marked as its threshold value. Type 3: Statistical Data Method Using distribution with the statistical data obtained from the past history, prediction of the threshold value is achieved. The past historical data includes the previous history of the flow analysis made for this particular network. 3. Packet Flow Handling When the number of packet arrives to the network increases, the flow of packets are analyzed based on the Size of the packet receives in the network.More Number of packets received from particular sender or more number of senders sends packet to a particular receiver. When the network traffic increases, the flow analysis is begin. The situation when the above two conditions satisfied, the chances of attack in the network increases. Entropy is an important concept of information theory, which is a measure of the uncertainty or randomness associated with a random variable. In this case, it is used to measure the data coming over the network. The value of sample entropy lies in range [0, log n]. The entropy value is smaller when the class distribution is pure (i.e.,) belongs to one class. The entropy value is larger when the class distribution is impure (i.e.,) class distribution is more even. Hence comparing the value of entropy of some sample of packet header fields to that of another sample of Copyright © 2016 by the Authors. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

825

International Journal of Advanced Science and Engineering Research www.ijaser.in Volume: 1, Issue: 1, June 2016 ISSN: 2455-9288

packet header fields provides a mechanism for detecting changes in the randomness. This measure helps us to distinguish the attack packets from the trusted packet flow in the network. The Entropy measure can be denoted using the below formula. The entropy H (X) of a random variable X with possible values x1, x2,...., xn and distribution of probabilities P = p1, p2, . . . , pn with n elements, where 0 ≤ pi ≤ 1 and Σpi = 1 can be calculated as.

4. PERFORMANCE ANALYSIS WITH THE OTHER MECHANISM The performance of the attack detection mechanism is carried out by using the various parameters such as efficiency, time consumption, throughput, etc., The performance of the proposed system in attack detection involves identification of the unexpected traffic flow in the network, network capacity analysis and the number of packets travelled per second.The performance of the network parameter variation techniques is comparatively improved upto 3 percent. Table 1: Performance Comparison of Various Detection Schemes

Scheme

Network Parameter

Memory Usage

Number of Scalability

Packets

Computational Load

Required

Minimum

Good

Low

Light

Distributions

Fair

Fair

Medium

Medium

Threshold Value Fixation

Fair

Fair

Low

Medium

Variation

CONCLUSION In this paper we have proposed a new detection scheme based on the historical information DDoS attack detection. We have also used the concept of threshold value fixation to identify the actual attacker who is sitting behind forged systems. In fact, all the mentioned requirements have to be developed and applied to current information technology environment. Otherwise, DDoS attack will remain a perennial threat to information technology.

Copyright © 2016 by the Authors. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

826

International Journal of Advanced Science and Engineering Research www.ijaser.in Volume: 1, Issue: 1, June 2016 ISSN: 2455-9288

REFERENCES [1] Yang-Seo Choi, Jin-Tae Oh, Jong-Soo Jang,Jae-Cheol Ryou, Integrated DDoS Attack Defense Infrastructure for Effective Attack Prevention. Information Technology Convergence and Services (ITCS), 2010 2nd International Conference, pages 1 - 6, 23 September 2010. [2] Yao Chen, Shantanu Da, Pulak Dhar, Abdulmotaleb El Saddik, and Amiya Nayak Detecting and Preventing IP spoofed Distributed DoS Attacks International Journal of Network Security,Vol.7, No.1,, pages 70 - 81, July 2008. [3] Tao Peng, Defending Against Distributed Denial of Service Attacks IEEE 2002. [4] Mopari, I.B. ; Pukale, S.G. ; Dhore, M.L. . Detection and defence against DDoS attack with IP spoofing. Computing, Communication and Networking, 2008. ICCCn 2008.International Conference, pages 1 – 5 , 24 February 2009. [5] Wei-Tsung Su ; Tzu-Chieh Lin ; Chun-Yi Wu ; Jang-Pong Hsu ; Yau-Hwang Kuo . An On-line DDoS Attack Trace back and Mitigation System Based on Network Performance Monitoring. Advanced Communication Technology, 2008. ICACT 2008. 10th International Conference, pages 1467 - 1472, 22 April 2008. [6] Arun Raj Kumar, P. and S. Selvakumar Distributed Denial-of-Service (DDoS) Threat in Collaborative Environment - A Survey on DDoS Attack Tools and Trace back Mechanisms 2009 IEEE International Advance Computing Conference (IACC 2009), pages 1275 - 1280 ,Patiala, India, 6-7 March 2009. 7] Jie Wang ; Phan, R.C.-W. ; Whitley, J.N. ; Parish, D.J. DDoS attacks traffic and Flash Crowds traffic simulation with a hardware test center platform . Internet Security (WorldCIS), 2011 World Congress on, pages 15 - 20, 21-23 Feb. 2011. [8] Jieren Cheng; Jianping Yin ; Yun Liu ; Zhiping Cai ; Chengkun Wu. DDoS Attack Detection Using IP Address Feature Interaction. 2009 International Conference on Intelligent Networking and Collaborative Systems , pages 113 - 118 ,4-6 Nov. 2009 . [9] El Defrawy, K. ; Markopoulou, A. ; Argyraki, K. Optimal Allocation of Filters against DDoS Attacks . Information Theory and Applications Workshop, 2007, pages 140 - 149 , Jan. 29 2007 Feb. 2 2007 . [10] Xiang„ Yang ; Li, Zhongwen . An Analytical Model for DDoS Attacks and Defense. International Multi-Conference on Computing in the Global Information Technology ., page 66,Aug. 2006.

Copyright © 2016 by the Authors. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

827