detection and elimination of distributed reflection dos (dr-dos) attack using rank correlation detection (rcd) algorithm

Shewale Chetan S.,Patil Chetan M.,Pawar Sushil S,Jadhav Shirish S.,Seema Shabadi.

Published in International Journal of Advanced Research in Computer Networking,Wireless and Mobile Communications

ISSN: 2320-7248          Impact Factor:1.8         Volume:2         Issue:1         Year: 09 April,2015         Pages:125-131

International Journal of Advanced Research in Computer Networking,Wireless and Mobile Communications

Abstract

DDoS represent Denial of service in Distributed system and presents a serious threat into the Internet, when it incepts. In Distributed Reflection DoS (DRDoS), attackers may try to make fool innocent servers while flushing massive packets to victim. But most of current DRDoS detection mechanisms are available which contain own protocol and doesn’t work on other than specific protocol. In DDoS attcks it is found that because of attacking flow and normal flow from server have relation between different packets. While taking this consideration, the Rank Correlation Detection algorithm is comes under the picture. RCD is most efficient algorithm to finding a difference between massive packets and normal packets. It finds the rank of each packets and if it is found as massive then, it discard from the router. RCD can find the difference between reflection flows from legal clients. It is most efficient as well as effectively algorithm for DRDoS, it is used as a indicator in DRDoS.

Kewords

Rank Correlation, RCD, Distributed Reflection, DoS, Denial of Service

Reference

[1] Wei Wei, Feng Chen, Yingjie Xia, and Guang Jin, “A Rank Correlation Based Detection against Distributed Reflection DoS Attacks,” IEEE Communications Letters, VOL. 17, NO. 1, January 2013. [2] Zhiyuan Tan, Aruna Jamdagni, Xiangjian He‡,Priyadarsi Nanda and Ren Ping Liu, “A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis,” IEEE Transactions on Parallel and Distributed Systems VOL:25 NO:2 Year 2014 [3] L. Zhang, S. Yu, D. Wu, P. Watters, “A survey on latest botnet attack and defense,” in Proc. 2011 IEEE Conf. on Trust, Security and Privacy in Computing and Communications, pp. 53–60. [4] V. Paxson, “An analysis of using reflectors for distributed denial-ofservice attacks,” ACM Computer Commun. Rev., vol. 31, no. 3, pp. 38–47,2001. [5] P. Ferguson and D. Senie, “Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing.” [6] “Stateful Inspection Technology (the industry standard for enterprise class network security solutions).” Available: http://www.checkpoint.com/products/downloads/StatefulInspection.pdf. [7] G. V. Rooij, “Real stateful TCP packet filtering in IP filter,” in Proc. 2001 USENIX Security Symposium. [8] T. Hiroshi, O. Kohei, and Y. Atsunori, “Detecting DRDoS attacks by asimple response packet confirmation mechanism,” Computer Commun., vol. 31, no. 14, pp. 3299–3306, 2008. [9] S. Yu, W. Zhou, W. Jia, S. Guo, Y. Xiang, and F. Tang, “Discriminating DDoS attacks from flash crowds using flow correlation coefficient,” IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 6, pp. 1073–1080, 2012. [10] G. E. P. Box, G. M. Jenkins, and G. C. Reinsel, Time Series Analysis: Forecasting and Control, 3rd edition. Prentice Hall, 1994. [11] S. Yu, W. Zhou, and R. Doss, “Information theory based detection against network behavior mimicking DDoS attacks,” IEEE Commun. Lett., vol. 12, no. 4, pp. 319–321, 2008.