Abstract  Distributed Denial of Service (DDoS) attackers make a service unavailable for intended users. Attackers use IP spoofing as a weapon to disguise their identity. Th e spoofed traffic follows the same principles as normal traffic, so detection and filtering is very essential. Hop Count Filterin g (HCF) scheme identifies packet whose source IP ad dress is spoofed. The information about a source IP address and it s corresponding hops from a server (victim) re corded in a table at the victim. The incoming packet is checked against this table for authenticity. The design of IP2HC table reduces the amount of storage space by IP address clustering. The propose d work filters majority of the spoofed traffic by Hop Count Filter.Support Vector Machine   (HCF.SVM) algorithm on the network layer. DDoS attac kers using genuine IP is subjected to traffic limit at the application layer. The two layer defense approa ch protects legitimate traffic from being denied, thereby mitigating DDoS effectively. HCF.SVM model yields 98.99% accuracy w ith reduced False Positive (FP) rate and the rate limiter punishes the aggressive flows and provides sufficient bandwidth for legitimate users without any denial of service. The implementation of the proposed work is carried out on an experimental testbed.  

References

[1] Arora K., Kumar K., and Sachdeva M., Impact Analysis of Recent DDoS Attacks, the International Journal of Computer Science and Engineering , vol. 3, no. 2, pp. 877-884, 2011.

[2] Barlow J. and Thrower W., TFN2K an Analysis, available at: http://security.royans.net / info/posts/bugtraq_ddos2.shtml, last visited 2000.

[3] Beverly R. and Sollins K., An Internet Protocol Address Clustering Algorithm, in Proceedings of USENIX Tackling Computer Systems Problems with Machine Learning Techniques , CA, USA, pp.1-6, 2008.

[4] Bhuyan M., Kashyap H., Bhattacharya D., and Kalita J., Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions, available at: http: //www.researchgate.net/publication/258875120_ Detecting_Distributed_Denial_of_Service_Attac ks_Methods_Tools_and_Future_Directions, last visited 2013.

[5] Bysin C., knight.c Sourcecode, available at: http://packetstormsecurity.nl/distributed/knight.c, last visited 2001.

[6] Devi B., Preetha G., Nidhya S., and Shalinie S., A Novel Fuzzy Congestion Control Algorithm for Router Buffers, in Proceedings of IEEE International Conference on Recent Trends in Information Technology , Tamil Nadu, India, pp. 423-427, 2011.

[7] Dietrich S., Long N., and Dittrich D., Analyzing Distributed Denial of Service Tools: The Shaft Case, in Proceedings of the 14 th Conference on Systems Administration , LA, USA, pp. 329-339, 2000.

[8] Dittrich D., The DoS Project s Trinoo Distributed Denial of Service Attack Tool, available at: http://staff.washington.edu/ dittrich/misc/trinoo.analysis.txt, last visited 199 9.

[9] Dittrich D., The Stacheldraht Distributed Denial of Service Attack Tool, available at: http://staff.washington.edu/dittrich/misc/stacheld aht.analysis.txt, last visited 1999.

[10] Dittrich D., The Tribe Flood Network Distributed Denial of Service Attack Tool, available at: http://staff.washington.edu/ dittrich/misc/tfn.analysis.txt, last visited 1999.

[11] Dittrich D., Weaver G., Dietrich S., and Long N., The Mstream Distributed Denial of Service Attack Tool, available at: http://staff. washington.edu/dittrich/misc/mstrea.analysis.txt, last visited 2000.

[12] Duan Z., Yuan X., and Chandrashekar J., Constructing Inter-Domain Packet Filters to Control IP Spoofing based on BGP Updates, in Proceedings of the 25 th IEEE International Conference on Computer Communications , Barcelona, Spain, pp. 1-12, 2006.

[13] Ferguson P. and Senie D., Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing , RFC Editor, USA, 2000.

[14] Ghazali K. and Hassan R., Flooding Distributed Denial of Service Attacks-A Review, the Journal of Computer Science , vol. 7, no. 8, pp. 1218-1223, 2011.

[15] Hancock B., Trinity v3, a DDoS Tool, Hits the Streets, the Computers Security Journal , vol. 19, no. 7, pp. 574-574, 2000.

[16] Jakkula V., Tutorial on Support Vector Machine (SVM), available at: http:// eecs.wsu.edu/~vjakkula/SVMTutorial.doc, last visited 2014.

[17] Jin C., Wang H., and Kang S., Hop-Count Filtering: An Effective Defense against Spoofed Traffic, in Proceedings of the 10 th ACM Conference on Computer and Communication Security , DC, USA, pp. 30-41, 2003.

[18] Juyal S. and Prabhakar R., A Comprehensive Study of DDoS Attacks and Defense Mechanisms, the Journal of Information and Operations Management , vol. 3, no. 1, pp. 29-33, 2012.

[19] Karthikeyan N., Palanisamy V., and Duraiswamy K., A Performance Evaluation of Proactive and Reactive Protocols using NS2 Simulation, the International Journal of Engineering Research and Industrial Applications , vol. 2, no. 2, pp. 309-326, 2009.

[20] Kaur D. and Sachdeva M., Study of Recent DDoS Attacks and Defense Evaluation 324 The International Arab Journal of Information Technology, Vol. 12, No. 4, July 2015 Approaches, the International Journal of Emerging Technology and Advanced Engineering , vol. 3, no. 1, pp. 332-336, 2013.

[21] Kumar P. and Selvakumar S., Distributed Denial-of-Service (DDoS) Threat in Collaborative Environment-a Survey on DDoS Attack Tools and Traceback Mechanisms, in Proceedings of IEEE International Conference on Advance Computing , Patiala, India, pp. 1275- 1280, 2009.

[22] Lee F. and Shieh S., Defending Against Spoofed DDOS Attacks with Path Fingerprint, the Computers and Security Journal , vol. 24, no. 7, pp. 571-586, 2005.

[23] Mirkovic J. and Reiher P., A Taxonomy of DDoS Attacks and Defense Mechanisms, ACM SIGCOMM Computer Communication Review , vol. 34, no. 2, pp. 39-53, 2004.

[24] Park K. and Lee H., On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets, in Proceedings of Conference on Applications, Technologies, Architectures and Protocols for Computer Communications , CA, USA, pp. 15- 26, 2001.

[25] Patel C. and Borisagar V., Survey on Taxonomy of DDoS Attacks with Impact and Mitigation Techniques, the International Journal of Engineering Research and Technology , vol. 1, no. 9, pp. 1-8, 2012.

[26] Peng T., Leckie C., and Ramamohanarao K., Protection from Distributed Denial of Service Attacks using History-Based IP Filtering, in Proceedings of IEEE International Conference on Communications , Alaska, USA, vol. 1, pp. 482- 486, 2003.

[27] Raghavan S. and Dawson E., An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks: Critical Information Infrastructure Protection , Springer, India, 2011.

[28] Shalinie S., Preetha G., Nidhya S., and Devi B., Fuzzy Adaptive Tuning of Router Buffers for Congestion Control, the International Journal of Advancements in Technology , vol. 1, no. 1, pp. 85-94, 2010.

[29] Singh D., Ke C., Jain G., and Sanadhya H., Measurement of Wireless Network Performance, in Proceedings of IEEE National Conference on Advanced Technologies and Applications , Udaipur, India, 2009.

[30] SVM Tutorial-Data Mining Tools., available at: http://www.dataminingtools.net/wiki/svm.php, last visited 2012.

[31] Swain B. and Sahoo B., Mitigating DDoS Attack and Saving Computational Time using a Probabilistic Approach and HCF Method, in Proceedings of IEEE International Conference on Advanced Computing, Patiala, India, pp. 1170-1172, 2009.

[32] The Network Simulator-NS-2., available at: http://www.isi.edu/nsnam/ns, last visited 2012.

[33] The Swiss Education and Research Network., Default TTL Values in TCP/IP, available at: http://secfr.nerim.net/docs/fingerprint/en/ttldefau l t.html, last visited 2002.

[34] Wu Z. and Chen Z., A Three-Layer Defense Mechanism based on Web Servers Against Distributed Denial of Service Attacks, in Proceedings of the 1 st International Conference on Communications and Networking , Beijing, China, pp. 1-5, 2006.

[35] Yaar A., Perrig A., and Song D., StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP spoofing Defense, the IEEE Journal on Selected Areas in Communications , vol. 24, no. 10, pp. 1853-1863, 2006. Kiruthika Devi Bodinayakanur Subramanian is currently pursuing MS (by Research) at Anna University. She received her BE degree in electronics and communication engineering from Coimbatore Institute of Engineering and Information Technology in 2006. Her current research interests include network security and machine learning. Preetha Gunasekaran is currently pursing PhD degree at Anna University. She received her MSIT in information technology in 2002 and MPhil in Computer Science from Madurai Kamaraj University in 2005. She worked as a Lecturer from 2002 to 2008. Her current research interests includ e network security and wireless adhoc networks. Mercy Shalinie Selvaraj is currently the Head of the Department of Computer Science and Engineering at Thiagarajar College of Engineering. She has published several papers in International Journals/ Conferences. Her current areas of interest include machine learn ing, neural networks and information security.