Escolar Documentos
Profissional Documentos
Cultura Documentos
Imad Elhajj
Ayman Kayssi
Ali Chehab
I.
INTRODUCTION
LITERATURE REVIEW
512
However, the authors did not study the case where there are
multiple routes between the sender and destination, which
results in multiple allowed HC values. In that case, the 90%
probability will be lower since the attacker will have more HC
values that are considered legitimate. Moreover, even though
the authors stated that their method works solely on layer 3,
this statement is not accurate since they restricted the HC
learning phase to established TCP connections.
Xia Wang et al. [7] proposed a variation of the HC Filtering
technique. Instead of applying the HC filtering at the end hosts,
they suggested to apply the filtering at intermediate routers. In
this manner, they are not protecting the end systems only but
the whole network is protected from traffic congestion. Their
simulation results showed that the proposed algorithm
outperforms HCF.
Krishna Kumar et al. [8] proposed to detect IP spoofing by
checking both the HC and the path identification (PID) at every
router. The PID is inserted in each IP packet in the
identification field. If both the HC and PID match, then the
packet is considered legitimate. Otherwise, the routers start an
attack-detection process. The algorithm requires a shared key
between every pair of adjacent routers.
III.
STATISTICAL ANALYSIS OF HC
513
Same Country
Decreasing Cumulative
Probability
Same AS
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
Figure 1: HC overlap in Lebanon
514
Same Country
Same AS
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
V.
HC Overlap
Figure 2: HC overlap UAE
IV.
TABLE I.
Testing Scenario
PERFORMANCE RESULTS
M-HCF
HCF
HCF+1
True Negative
98.5
59.84
89.39
HCF+2
93.55
Same AS (TP)
42.35
62.86
29.47
16.09
81.81
89.80
72.21
56.76
84.18
89.39
72.66
58.70
VI.
515
[7]
improve the overall performance. Results show that our MHCF outperforms the strict HCF, +1 HCF filtering and +2 HCF
filtering proposed in [6].
[8]
[9]
[10]
[11]
ACKNOWLEDGMENT
[12]
[2]
[3]
[4]
[5]
[6]
[13]
[14]
[15]
[16]
516
Wang, Xia, Li, Ming, Li, Muhai, "A scheme of distributed hop-count
filtering of traffic," IET International Communication Conference on
Wireless Mobile and Computing (CCWMC), pp.516-521, 7-9 , 2009.
KrishnaKumar, B., Kumar, P.K., Sukanesh, R. , Hop Count Based
Packet Processing Approach to Counter DDoS Attacks, International
Conference on Recent Trends in Information, Telecommunication and
Computing (ITC), pp.271-273, 2010.
Zhijun W., Zhifeng C., "A Three-Layer Defense Mechanism Based on
WEB Servers Against Distributed Denial of Service Attacks", First
International Conference on Communications and Networking in China,
pp.1-5, 2006.
Swain, B.R.; Sahoo, B., Mitigating DDoS attack and Saving
Computational Time using a Probabilistic approach and HCF method in
Advance Computing Conference, 2009. IACC 2009. IEEE International
, pp.1170-1172, 2009
Mopari, I.B., Pukale, S.G., Dhore, M.L., Detection and defense against
DDoS attack with IP spoofing, International Conference on Computing,
Communication and Networking, 2008.
Baker F., Savola P. (2004, March) Ingress Filtering for Multihomed
Networks [Online] Available: http://www.ietf.org/rfc/rfc3704.txt
(accessed November 9, 2012)
Li J., Mirkovic J., Wang M., Reiher P., and Zhang L., SAVE: source
address validity enforcement protocol, IEEE INFOCOM, pp. 15571566, 2002.
The Cooperative Association for Internet Data Analysis Available:
http://www.caida.org/home/ (accessed October 7, 2012)
Mukaddam A., Elhajj I., Hop Count Variability, International
Conference for Internet Technology and Secured Transactions (ICITST),
Abu Dhabi, UAE, 2011.
Mukaddam A., Elhajj I., Round Trip Time to Improve Hop Count
Filtering, The Third Symposium on Broadband Networks and Fast
Internet, Baabda Lebanon, May 28 - 29, 2012.