FireCol: A Collaborative Protection Network for the Detection of Flooding DDOS Attack

DOI : 10.17577/IJERTV3IS042268

Download Full-Text PDF Cite this Publication

Text Only Version

FireCol: A Collaborative Protection Network for the Detection of Flooding DDOS Attack

Ketki Nanadikar

Aishwarya Kachi Apoorva Karkhanis

Shweta Patole

Computer Department Computre Department

Computer Department

Computer Department

      1. s Modern College P.E.Ss Modern College P.E.Ss Modern College P.E.Ss Modern College Of Engineering Pune, Of Engineering, Pune, Of Engineering, Pune, Of Engineering, Pune,

        University Of Pune, India University Of Pune, India University Of Pune, India University Of Pune, India

        Abstract- Distributed denial-of-service (DDoS) attacks are a major threat to security issues. The control and resolving of DDoS attacks is difficult in a distributed network. The primary problem till date is the attacks are detected close to the victim and hence cannot be resolved. It is essential to detect them early in order to protect vulnerable resources or potential victims. FireCol comprises multiple intrusion prevention systems (IPSs) located at the Internet service providers (ISPs) level. These multiple Intrusion Prevention Systems (IPSs) act as traffic filters. Based on threshold values it passes information. The efficient system of FireCol is demonstrated as a scalable system with low overhead.

        Keywords-FireCol; IPS; DDoS; IDS; URL;

        1. INTRODUCTION

          DDoS attacks are still a major concern. Flooding DDoS attacks are popular because they are high effective against any kind of service as there is no need to identify and exploit any particular service-specific flaw in the victim. That is why these attacks are used. A single intrusion prevention system (IPS) or intrusion detection system (IDS) cannot detect such DDoS attacks efficiently. They should be located very close to the victim for detection which is not possible all the time. FireCol system is developed using IPSs located at internet service provider level. The IPSs form virtual protection rings around the hosts. These rings help to defend attacks. FireCol systems goal is to protect users from attacks.

        2. IMPLEMENTATION

          1. System Modules

            The FireCol system is developed using java programming language and MySQL database. In FireCol system we have two user access, one for Normal User and another is Admin

            i.e. FireCol System itself. Admin of the system will be able to access database and database will be stored only on one node.

            Clients (i.e. Normal User) can only install system and take the benefits of the system. Client cant access database.

            1. Admin:

              Admin is the one who handles the systems features and services. He can add or remove Resources i.e. URLs. He maps specific resource to particular user. He can deny access of particular site to user. He hits the URLs and checks whether they are DDoS affected services. According to result he activates or deactivates the URL for user.

            2. Normal User:

            Normal user is the subscribed user to FireCol system. When user gets logged in to the system, he can hit URLs he wanted. If they are DDoS affected he wont be able to access as admin has deactivated them for users. If they are normal pages, web pages will get open and he can use them.

          2. Algorithm:

            In FireCol system, we have used the following technique or algorithm to find out whether it is a DDoS attack or not.

            • Request resource

            • Record request time in Millis

            • Hit resource with input URL

            • Open resource in browser

            • Get response code

            • Get response status

            • Then get resource data stream

            • Calculate content size(bytes/characters)

            • Calculate packets being received

            • Capture time after getting response

            • Calculate total time taken to serve request

            • Retrieve stored resource details(min response time, average response time, max Response time, expected # of packets etc)

            • If status code =500

              Then resource is down Else If status code =200

              If total time> average response time for resource and packets received>expected # of Packets for resource

              Then request not completed successfully and DDoS attack detected

              Else If status code =400

              Then resource not found

          3. Results Analysis

          FireCol system is developed and tested successfully. On the basis of that we are presenting some results in the form of graphs.

          1. Effect of Time Interval on Response Time on DDoS affected pages:

            Fig. 1. Effect of Time Interval on Response Time

            We have created 5 DDoS affected pages namely newjsp1, newjsp2, newjsp3, nokia, accer. In the above Fig.1, we have plotted a graph, time interval verses response time. From this graph we conclude that response time increases after specific time interval of 30sec.

          2. Study of Content size verses Response time of Normal Pages:

          TABLE 1

          Result Table of DDoS attack

          Response Time

          Resource

          ID

          RT1

          RT2

          RT3

          RT4

          1

          1607

          1981

          2122

          2137

          2

          1560

          2135

          2345

          2456

          3

          2137

          2887

          2983

          3108

          4

          1045

          1076

          2169

          2231

          5

          1030

          1089

          2100

          2245

          6

          1170

          1245

          1351

          1560

          7

          1139

          1204

          1467

          1653

          8

          1279

          1987

          2103

          2365

          9

          1030

          1170

          1345

          1622

          10

          1298

          1400

          1571

          1644

          The table above depicts the values of the response time T1, T2, T3, T4 corresponding to the specific time interval with respect to the content size of the page. Response time increases after specific time interval of 30sec.

          Thus from the above analysis we can conclude that,

          • A DDoS attack being the execution of multiple threads, the response time increases which help us to detect DDoS attack.

          • The response time increases as the content size of the servlet increases. The content size of the servlet varies with respect to data.

        3. CONCLUSION

We have developed a system for detection of flooding DDoS attacks. FireCol provides the protection to the subscribed customers and saves the network resources. FireCol is robust, light weighted system. Internet users can easily get subscribed to system and take the benefits of system. In future well try to implement different IPS structures.

Fig. 2. Content size verses Response time

In Fig. 2, we have described graph of content size verses response time. The response time also varies according to the content size of the pages. As it is an increasing graph the content size too increases with an increasing response time. In the normal servlets also the response time varies according to the content size of page.

REFERENCES

  1. J. Françcois, A. El Atawy, E. Al Shaer, and R. Boutaba, A collaborative approach for proactive detection of distributed denial of service attacks, in Proc. IEEE MonAM, Toulouse, France, 2007, vol. 11.

  2. T. Peng, C. Leckie, and K. Ramamohanarao, Survey of network- based defense mechanisms countering the DoS and DDoS problems, Comput. Surv., vol. 39, Apr. 2007, Article 3.

  3. T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling, Measurements and mitigation of peer-to-peer-based botnets: A case study onstorm worm, in Proc. USENIX LEET, 2008, Article no. 9.

  4. N.Hanusuyakrish, D.Kapil, P.Manimekala, M.Prakash , Detection of DDoS Attack Using Virtual Security,(IJESIT) Volume 2, Issue 2, March 2013

  5. Jérôme François, Issam Aib, Member, IEEE, and Raouf Boutaba, Fellow, IEEE, FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks, IEEE/ACM transactions on networking, vol. 20, no. 6, December 2012.

  6. Tao Peng, Christopher Leckie, and Kotagiri Ramamohanarao,Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems, Department of Computer Science and Software Engineering, The University of Melbourne, Australia, ACMJ258-03, ACM-CSUR, March 21, 2007.

Leave a Reply