Open Access  Subscription or Fee Access

A distributed denial-of-service (DDoS) attack is an attempt to make a computer resource unavailable to its intended users. A number of IP traceback approaches have been suggested to identify attackers and there are two major methods for IP traceback, the probabilistic packet marking (PPM) and the deterministic packet marking (DPM) Both of these strategies require routers to inject marks into individual packets. The memory less feature occur in the Internet routing mechanisms makes it extremely hard for old mechanisms. So newly introduced effective and efficient IP traceback scheme against DDoS attacks based on entropy variations. In traceback mechanisms identifying the number of zombies in large scale network and all so give the authentication for blocked users. It works as an independent software module with current routing software. When the attack strength is less than seven times of the normal flow packet rate, this efficient IP trace back method cannot succeed at the moment. However, we can detect the attack with the information that we have accumulated so far using Markov-Chain Model for Cyber-Attack Detection. This makes it a feasible and easy to be implemented solution for the current Internet.

DDoS, Entropy Variation, Flow, IP Trace back, Hidden Markov-Chain Model, Intrusion Detection

Shui Yu, Member, IEEE, Wanlei Zhou, Senior Member, IEEE, Robin Doss, Member, IEEE, and Weijia Jia, Senior Member, IEEE (MARCH 2011) , IEEE Transactions On Parallel And Distributed Systems, VOL. 22, NO. 3.

―Lincoln Laboratory Scenario (DDoS) 1.0,‖(2010), MIT, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/ data/2000/LLS_DDOS_1.0.html.

―Accurately Measuring Denial of Service in Simulation and Testbed Experiments,‖( Apr.-June 2009.)J. Mirkovic et al., IEEE Trans. Dependable and Secure Computing, vol. 6, no. 2, pp.81-95.

J. Mirkovic et al., ―Testing a Collabotative DDoS Defense in a Red/Blue Team Exercise,‖( Aug. 2008) IEEE Trans. Computers, vol. 57, no. 8, pp. 1098-1112.

―Survey of Network- Based Defense Mechanisms Countering the DoS and DDoS Problems,‖ (2007.) T. Peng, C. Leckie, and K. Ramamohanarao, ACM Computing Surveys, vol.39, no.1,p.3.

―Inferring Internet Denial-of-Service Activity,‖( May 2006.) D. Moore et al.ACM Trans. Computer Systems, vol. 24, no. 2, pp. 115-139.

―Credit Card Fraud Detection Using Hidden Markov Model,‖ (January-March 2008)Abhinav Srivastava, Amlan Kundu, Shamik Sural, Senior Member, IEEE, and Arun K. Majumdar, Senior Member, IEEE. IEEE transactions on dependable and secure computing, vol. 5, no. 1.

―Robustness of the Markov-Chain Model for Cyber-Attack Detection,‖( March 2004) Nong Ye, Senior Member, IEEE, Yebin Zhang, and Connie M. Borror, IEEE transactions on reliability, vol. 53, no. 1.

―Markov Chains, Classifiers, and Intrusion Detection,‖ S. Jha_ K. Tany R.A. Maxiony

―About Some Applications of Hidden Markov Model in Intrusion Detection Systems,‖ Veselina Jecheva, International Conference on Computer Systems and Technologies - CompSysTech’06.