A novel marking-based detection and filtering scheme against distributed denial of service attack

Abstract

The Denial of Service (DoS) attack, including Distributed Denial of Service (DDoS) Attack, has become one of the major threats to the Internet today. The victim's resources are exhausted so that its services are disrupted under the DoS attack. Spoofed packets, in which the source IP addresses are forged, are usually used by attackers to implement the attacks or disguise their actual locations. In this thesis, we investigate DoS attack, analyze some existing defense mechanisms, and compare their strengths and weaknesses. Then, we present a novel Marking-based DDoS Attack Detection and Filtering (MDADF) scheme. The MDADF system can distinguish and filter out spoofed IP packets by maintaining a record of the legitimate users and their markings. The system also functions as a DDoS attack detector. We evaluate the performance of this under various conditions in a simulated environment. The results demonstrate that the system is effective in defending against massive DDoS attacks, even when only 20% of the routers on the Internet participate in the marking process. The system is specially effective against IP-spoofed attacks, which are the most difficult to control, although it works well even under randomized attacks. Moreover, the system detects the occurrence of an attack quite quickly and precisely.