Improvement of RAD technique for detecting reflector based DoS attack

Abstract

Distributed Reflector Denial-of-service (DRDoS) attack is a challenging problem in present Internet environment. DRDoS attack is entirely different when compared to DDoS attack. In DRDoS attack, no need to generate the huge amount of traffic by attacker. Attacker can initiate the multiple compromised hosts (zombies), they will generate the request traffic. The innocent reflector generates the attack traffic. But from victim point of view it is very difficult to find the attacker and attack traffic because actual attacker hides behind the legitimate reflector. Many prevention systems have been proposed in DRDoS attack. All prevention techniques have false negatives and false positive. Among all, Reflector Attack Defense (RAD) technique is efficient one. But RAD technique has few limitations like replay attack and passing the false request packets by core router. In this thesis work we enhance the RAD technique in such a way that it will perform successful differentiation between the legitimate traffic and attack traffic. Not only this, all previous proposals are only compatible with IPv4 only. They are not compatible with IPv6. Science IPv6 is usually to see widespread deployment in the future; we seek a solution that is also compatible with IPv6. So enhanced prevention system will filter the DRDoS traffic efficiently and also work with IPv6. This thesis shows the two different techniques to filter the attack traffic. One is filtering the attack traffic at the client edge router; another one comes when the local filtering cannot handle the huge attack traffic. Second technique filters the traffic at core of Internet by marking the packets at Autonomous System level.