MITIGATING AND RESOLVING DISTRIBUTED DENIAL-OF-SERVICE ATTACKS WITH ENHANCED RANDOM ANONYMOUS PATH IDENTIFIERS

Abstract

A Distributed Denial of Service flooding attack in the network performed implicitly and as well as explicitly by the attacker or victim. This attempt is performed to overload the server, generate malicious traffic or interrupting the service. This issue crashes the host and the host's service will be unavailable to the legitimate users. The flexible nature of the network always suffers from DDoS flooding, spoofed source address, and packet or content forgery. Although several defense systems have been proposed by researchers, the problem remains largely unresolved and unreliable for many attacks. Very few researches are interests in using path identifiers (PID) to mitigate the DDoS flooding attacks in the network. But, the existing PIDs are static. The static PIDs are also insecure. To address the above issue, in this paper, we developed the design, implementation, and evaluation of DSPID, a framework that uses dynamic secure PIDs (DSPID) verified with every packet to avoid the DDoS flooding, forgery and spoofing attacks. The proposed system also avoids the selective flooding attack by providing anonymous node id for every node in the network. The proposed system comprises three aspects such as Detect the attack, mitigates the effects of attack and resolves the attack by tracing the source of attack. The proposed mechanism successfully identifies and authenticates the node by the DSPID and anonymous node id. And the system responds to the threat by applying a discriminative rate limit on the malicious traffic flow towards the victim, based on the severity of the attack traffic from each machine and the duration of attack persistence. The proposed system is simple but highly effective in detecting and mitigating distributed denial of service flooding, forgery and spoofing attacks. The experiments and results shows the proposed system achieved better result in terms of several QOS parameters.