International Journal of Computer Applications (0975 – 8887)

Volume 123 – No.11, August 2015

Earnest Access of Divulging and Aversion of DDOS

Attack

A.R. Sathyabama C.M. Nalayini S. Priyadharshini

Assistant Professor Assistant Professor Assistant Professor
Department of IT Department of IT Department of IT
Velammal Engineering College Velammal Engineering College Velammal Engineering college

ABSTRACT any vulnerable activity is detected. If threat is high, then

In recent days, technology has reached new heights. In the vertical communication will take place and a high score is
same way malicious programs has also touched the level of added to score lead 2. If threat is low, then horizontal
sky and the above. Secret information are nowadays stored communication will take place and a small score is added to
and managed through high secure sites. However, critical score lead 2.[7]
problems like hacking happens due to DDOS(Distributed
Denial of Service Attacks) resulting in crashing of website for Algorithm:-
certain period of time and hacking of sensitive information
thereby affecting the services issued. Such problems can be 1. Start the process
sorted by the scope of MASTDP (Multiple Authenticated
2. Track and score (i) the ip address and physical
Scoring Technique for denial and prevention of DDOS
attacks). In this technique, internet protocol address and address for each entry of the users (A).
physical address of the users are entered and stored in the 3. If A > n (n= number of times the users entered),
history and scores will be allotted for each and every entry.
access is denied
Similarly, horizontal and vertical communication scoring are
given for every entry based on the vulnerability of the user 4. Else go to VH based network
(using scores). At-last, by association rule, users with peak
scores are denied entry from the network or site. 5. If H path is noted, i is minimum else i is maximum

Keywords 6. Compare A(i) with VH(i)

Association rule; DDOS attacks; MASTDP; IP tracer; Scoring  S = σ A(i)*VH(i)
technique
n
1. INTRODUCTION
DDOS attacks are the most hazardous which spoils the 7. If S is maximum, access is denied
webpage services and cracks the information from them. 8. Else i is recorded.
These type of attacks are specifically divided into UDP flood,
ICMP (PING) flood, SYN flood, Ping of death, slowlouis,
NTP amplication, HTTP flood etc., DDOS attacks can be of
shorter duration but the attack volume may of very large 3. MASTDP OF DDOS ARCHITECTURE
packet per second. These attacks are usually politically or The users who are accessing the URL, are noted by the entry
criminally motivated having capacity to target various checker and a score is allotted by score lead 1. At the end of
application websites, mail servers and VoIPs. To overcome this process, user having obtained scores equal to or greater
DDOS attacks, we are using a new approach – MASTDP of than 1.0 is denied further access[12]. Upon gaining access, the
DDOS attacks. This approach is an effective approach where IP and physical address are tracked by IP tracker tool[6]. The
users are given a scoring and placed in a VH network. The physical address verifier scrutinizes the physical address and
users itself become as intrusion prevention system. VH based updates the score further. Then VH based network is formed
communication takes place based upon the rules and scores by means of checking the scores given by score lead 1[16].
are allotted, and if the scores exceeds a threshold limit, access Now, by following the rules, scores are given by score lead 2.
is denied for the user. After obtaining scores from both the them, association rule is
used to obtain an effective final score.[9] If the resultant score
2. ALGORITHM FOR MASTDP OF is higher than the threshold, access is denied. If not the scores
DDOS ATTACKS updated in the score list database[18].(Depicted in Fig. 1).
Initially, process has started and IP and physical address are
noted.[22] Score is denoted by the term (i) Entry of users are
denoted by (A) If A is greater than number of times entered
(n), then access is denied. Else, it is going to VH based
network[17]. Where VH based network arrange the users
based on their previously allotted scores. After arranging in
VH based networks each and every user acts as IPS (Intrusion
Prevention System). So communication takes place whenever

18
 International Journal of Computer Applications (0975 – 8887)
Volume 123 – No.11, August 2015

Entry of users

Scoring of each
users depending VH Arranger
upon their entries

Access Score allotted to users

Denied based upon the rules
If Score
Yes
exceeds 1.2
Association rule
mining
No
S
Get IP addr and
Physical addr for C L
If Score is
scoring
Maximum O I

R S
No
Yes E T
Physical S
addr
Access Denied
verifier

No Yes

Updates Scores

Figure 1 Mastdp of DDOS Architecture

4. MODULES DESCRIPTION 4.4 Score lead 2

4.1 Entry checker Depending on the following rules, scores are allotted by score
It checks the entry of the users. It scores the IP address and lead 2.
physical address by using IP tracker tool. Updates database Whenever information measure is high and rate is high then the
consistently. score allotted is four. Whenever information measure is low
and rate is high then score allotted is three.[20] Whenever
4.2 Score lead 1 information measure is high and rate is low then score allotted
Score are allotted based upon their entries. Scores starts from 0 is two.[10] Whenever information measure is low and rate is
to 1. It increases 0.2 for each entry.[14] When it reaches 1.2, low then there is no threat and the score allotted is one.
then automatically access is denied for the user. If the score is (Depicted as table in Table 1 and as graph in Fig. 4)[4]
between 0 and 1, it is sent to VH arranger. (Depicted in Fig. 2)

4.3 VH arranger
Based upon the scores given by score lead 1, VH network is
formed[11]. If score is high, it is placed in H based networks. If
score is low, it is placed in V based networks.[1][2]

19
 International Journal of Computer Applications (0975 – 8887)
Volume 123 – No.11, August 2015

Table 1 Rule for Score lead 2 Figure 3 Results of VH Communication

Case Information Rate Score

measure A & VH Acces
s
7
1 High High 4 Denie
6 d
5
2 Low High 3
4
3 High Low 2 3 A & VH
2
4 Low Low 1
1

0
4.5 Association rule minder 1 2 3 4 5 6 7 8
After obtaining the scores from score lead 1 and score lead 2,
association rule derives the effective scores are obtained.
Consider A(i) as entry scores and VH(i) as VH network Figure 4 Association rule minder
scores.[8][19]
5. CONCLUSION
Then, MASTDP of DDOS attacks is the best and effective
S = σ A(i) * VH(i) technology and approach to overcome highly dangerous DDOS
attacks. Scores are allotted to users at various stages via entry
n score and VH based communication scores. These scores are
where, n is number of users combined by association rule to give accurate results. Fig. 1
depicts the scores allotted by the entry of users. Fig. 3 shows
Scores are updated finally in the score list.
the VH based communication. In this scores are allotted based
4.6 Hustle Vincible on the critical and minor communications respectively. Fig. 5
Based on the score of association rule minder, access is denied is the association rule where both the scores attained in Fig. 1
if the score is high[21] and the score is updated if the score is and Fig. 3 are combined and an accurate score is assigned is for
low. (Depicted in Fig 5)[5][13] each user. Thus the overall technique offers multiple
authentication of each and every user thereby making
1.4
MASTDP of DDOS attacks a very effective tool to avoid
hazardous DDOS attacks and provides safer platform against
1.2 vulnerably affected web portals. The future enhancement of
MASTDP of DDOS attacks can be done using better scoring
1
technique than used in this technology.
0.8
Scores 6. ACKNOWDGEMENT
0.6
Our Sincere Thanks to Professors, Lectures of IT Department
Entry of users
0.4 and our family members who continuously supported to
publish paper.
0.2
0 7. REFERENCES
[1] A. Networks, Arbor, Lexington, MA, “Measurements and
1 2 3 4 5 6
mitigation of peer-to-peer-based botnets: A case study on
storm worm,” “Worldwide ISP security report,” Tech.
Figure 2 Results of Score lead 1 Rep., 2010.
6 [2] T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling,
in Proc. USENIX LEET, 2008, Article no. 9.
5 [3] J. Françcois, A. El Atawy, E. Al Shaer, and R. Boutaba,
“A collaborative approach for proactive detection of
4 distributed denial of service attacks,” in Proc. IEEE
MonAM, Toulouse, France, 2007, vol. 11.
3 Scores
[4] A. Feldmann, O. Maennel, Z. M. Mao, A. Berger, and B.
2 No. of Users Maggs, “Locating Internet routing instabilities,” Comput.
Commun. Rev., vol. 34, no. 4, pp. 205–218, 2004.
1 [5] A. Basu and J. Riecke, “Stability issues in OSPF routing,”
in Proc. ACM SIGCOMM , 2001, pp. 225–236.
0
[6] T. Peng, C. Leckie, and K. Ramamohanarao, “Protection
1 2 3 4 5
from distributed denial of service attacks using history-

20
 International Journal of Computer Applications (0975 – 8887)
Volume 123 – No.11, August 2015

based IP filtering,” in Proc. IEEE ICC, May 2003, vol. 1, [15] H. Wang, D. Zhang, and K. Shin, “Change-point
pp. 482–486. monitoring for the detection of DoS attacks,” IEEE Trans.
Depend. Secure Comput., vol. 1, no. 4, pp. 193–208,
[7] R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Oct.–Dec. 2004.
Das, “The 1999 DARPA off-line intrusion detection
evaluation,” Comput. Netw., vol. 34, no. 4, pp. 579–595, [16] P. Verkaik, O. Spatscheck, J. Van der Merwe, and A. C.
2000. Snoeren, “Primed: Community-of-interest-based DDoS
mitigation,” in Proc. ACM SIGCOMM LSAD, 2006, pp.
[8] J. A. Barnett, “Computational methods for a mathematical 147–154.
theory of evidence,” in Proc. 7th Int. Joint Conf. Artif.
Intell., 1981, pp. 868–875. [17] G. Koutepas, F. Stamatelopoulos, and B. Maglaris,
“Distributed management architecture for cooperative
[9] R. N. Smith and S. Bhattacharya, “A protocol and detection and reaction to DDoS attacks,” J. Netw. Syst.
simulation for distributed communicating firewalls,” in Manage., vol. 12, pp. 73–94, Mar. 2004.
Proc. COMPSAC, 1999, pp. 74–79.
[18] A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba,
[10] Y. You, M. Zulkernine, and A. Haque, “A distributed “Adaptive early packet filtering for defending firewalls
defense framework for flooding-based DDoS attacks,” in against DoS attacks ,” in Proc. IEEE INFOCOM, Apr.
Proc. 3rd ARES, Mar. 2008, pp. 245–252. 2009, pp. 2437–2445.
[11] K. Deeter, K. Singh, S. Wilson, L. Filipozzi, and S. T. [19] A. El-Atawy, T. Samak, E. Al-Shaer, and H. Li, “Using
Vuong, “APHIDS: A mobile agent-based programmable online traffic statistical matching for optimizing packet
hybrid intrusion detection system,” in Proc. MATA, 2004, filtering performance,” in Proc. IEEE INFOCOM, May
pp. 244–253. 2007, pp. 866–874.
[12] Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, [20] D. Das, U. Sharma, and D. K. Bhattacharyya, “Detection
“PacketScore: A statistics-based packet filtering scheme of HTTP flooding attacks in multiple scenarios,” in Proc.
against distributed denial-ofservice attacks,” IEEE Trans. ACM Int. Conf. Commun., Comput. Security, 2011, pp.
Depend. Secure Comput., vol. 3, no. 2, pp. 141–155, 517–522.
Apr.–Jun. 2006.
[21] A. Sardana, R. Joshi, and T. hoon Kim, “Deciding optimal
[13] G. Badishi, A. Herzberg, and I. Keidar, “Keeping denial- entropic thresholds to calibrate the detection mechanism
of-service attackers in the dark,” IEEE Trans. Depend. for variable rate DDoS attacks in ISP domain,” in Proc.
Secure Comput., vol. 4, no. 3, pp. 191–204, Jul.–Sep. ISA, Apr. 2008, pp. 270–275.
2007.
[22] V.Priyadharshini, Dr.K. Kuppusamy,” Prevention of
[14] D. Nashat, X. Jiang, and S. Horiguchi, “Router based DDOS Attacks using New Cracking algorithm” in
detection for lowrate agents of ddos attack,” in Proc. International Journal of Engineering Research and
HSPR, May 2008, pp. 177–182. Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 3, May-Jun 2012, pp.2263-2267.

IJCATM : www.ijcaonline.org 21