First passes through a network analyze it and
methodology that will be used for
spoofed IP address detection is “packet sniffing”20.
Packet sniffer or analyzer can be viewed as a software or computer hardware
that looks at the traffic passing over a network. in other terms it captures
the data that passes through a network analyze it and convert it in human
readable form. Usually computer looks at the packet addressed to it and ignores
rest of traffic on the networks but packet sniffer looks at each of the packet
on network. fig1 shows the packet sniffing process, where a network analyzer,
analyzes all the packets over a network. It helps in identifying packets from
malicious users and legitimate users. The
tool that will be used for packet sniffing is “WireShark”.Second
technique to detect spoofed IP address is Double-TCP mechanism21.
Some DDOS attackers send large number of connection requests and never complete
them. These are called Half open connections. Fig 1 shows the half open connection
where the attackers consume the bandwidth and makes the server busy by sending
half open connections.
TCP connection not only solves the problem of
Half open connection but also spoofed IP address detection. Double TCP
connection not only solves the problem of
Half open connection but also spoofed IP address detection. While
spoofing IP address the attacker duplicates the IP address of legitimate user
and sends request through that. This method helps in identifying that also. Fig
2 shows the Double TCP connection process.
Client initiates connection process by
sending SYN request to server.
receives the request from client and sends the ACK message to IP address of
packet source along with 16 bit identity filed.
IP address is not spoofed, client will receive the message from server and may
or may not send final ACK message. Final ACK is ignored by server. In case of
spoof IP address, client will not receive the message.
Now, Client again establishes the
connection with server by sending SYN message with 16 bit identity field
previously received from server to.
Server then checks the IP address and
identity field value, if value is correct then server sends ACK message to
client otherwise the it will drop the request.
After receiving ACK message from server,
client then sends the final ACK message and the connection will be successfully
his techniques, the problem of half open connection can be avoided and spoofed
IP address can be detected as well.
problem to be solved is detection of DDOS attacks that are within the threshold
level. For example if a source is sending 60 requests in a minute and threshold
is set to 40 request per minute then the system will drop these request and
will block the source. Now if requests from attackers are within the threshold
level, it will try to keep the server busy so that it cannot serve legitimate
of the technique is Auto Scaling21.
In terms of cloud computing, Auto Scaling is scaling up the resources according
to need. If attackers are using the resources they will try to keep the
resource busy so that legitimate users can not use that resource. By scaling up
resources to a certain limit, allow legitimate users to use the resource and if
any user is using resources more than a selected time limit and resource limit,
connection should be dropped or blocked. Auto scaling involves limitations on
scaling up of resources and on duration. For example if scaling limit21
is set to 80% of CPU utilization then if utilization increases from 80% for the
duration of one minute, additional CPUs will be allocated. And similarly if CPU
utilization is less than 80% for duration of one minute, additional CPUs will
be scaled down.
will propose techniques to detect spoofed IP address and technique to detect
the DDOS attack within threshold because in most of the literature only attacks
within threshold are detected. For IP address detection, two techniques will be
proposed and will be tested on Wireshark. The report on comparison results will
Aims and Objectives
To Prevent DDOS attacks in cloud
computing by proposing techniques for:
Detection of packets from spoofed IP addresses
Detecion of DDOS attacks within the
time and Deliverables
1st JAN – 5th AUG
Framework for preventing DDOS attacks
6th AUG -10th OCT
11th OCT – 10th
Research paper on preventing DDOS
attacks by detecting spoofed IP addresses.