Open Access  Subscription or Fee Access

A Computer Network is a telecommunication network that allows computers to exchange data. In computer networks, networked computing devices (network nodes) pass data to each other data connections. The connections between nodes are established using either cable media or wireless media. A Major security problem is the Distributed Denial of Service (DDoS). In the existing system there is no protection of end-users and only one server was used and due to this many data‟s has been lost. This is the drawback in the existing system. In the proposed system, the problem caused due to DDoS attacks has been addressed and a novel Intrusion Prevention System (IPS) named as collaborative shield for detecting DDoS flooding attacks has been proposed The collaborative shield is located at the Internet Service Provider (ISP) and it uses increasing number of servers and packet splitting protocol for sending data through different networks. The collaborative shield forms virtual protection rings around the hosts by exchanging the selected traffic information. The proposed system addresses the disadvantages stated in the existing systems and overcomes the problems in terms of packet loss, considerable time delay, traffic problem and security problem. A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target system in an attempt to consume enough server resources to make system unresponsive to legitimate traffic. SYN flood attacks still dominate distributed denial of service attacks. It is a great challenge to accurately detect the SYN flood attacks which utilise skillful spoofs to evade traditional detection methods. An intelligent attacker would evade the public detection methods by suitably spoofing the attack to appear. Keeping Per-flow or per-connection state would eliminate such a spoofing. But meanwhile, it is very difficult to be implemented. A more accurate and fast detection method, named SACK2, is proposed to deal with all kinds of SYN flood attacks with limited implementation costs.

Collaboration, Detection, Distributed Denial of Service (DDoS), Flooding, Network Security.

J. Françcois, A. El Atawy, E. Al Shaer, and R. Boutaba, “A collaborative approach for proactive detection of distributed denial of service attacks,” in Proc. IEEE MonAM, Toulouse, France, 2007, vol. 11.

V. Paxson, “End-to-end routing behavior in the Internet,” IEEE/ACM Trans. Netw., vol. 5, no. 5, pp. 601–615, Oct. 1997.

Sun, C., Fan, J., Shi, L., Liu, B.: „A novel router-based scheme to mitigate SYN flooding DDoS attacks‟. IEEE INFOCOM (Student Poster), Anchorage, Alaska, USA, May 2007

Gerald W. Gordon, „SYN cookies‟ , SANS Institute-2002

S.Gavaskar, R.Surendiran, Dr.E.Ramaraj, “Three Counter Defense Mechanism for TCP SYN Flooding Attacks”, International Journal of Computer Applications, Volume 6– No.6, September 2010

C. Sun1 C. Hu2 B. Liu3 “SACK2: effective SYN flood detection against skillful spoofs” Published in IET Information Security on 4th July 2011.

T. Peng, C. Leckie, and K. Ramamohanarao, “Survey of network- based defense mechanisms countering the DoS and DDoS problems,” Comput. Surv., vol. 39, Apr. 2007, Article 3.

E. Cooke, F. Jahanian, and D. Mcpherson, “The zombie roundup: Understanding, detecting, and disrupting botnets,” in Proc. SRUTI, Jun. 2005, pp. 39–4.

T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling, “Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm,” in Proc. USENIX LEET, 2008, Article no. 9.

A. Feldmann, O. Maennel, Z. M. Mao, A. Berger, and B. Maggs, “Locating Internet routing instabilities,” Comput. Commun. Rev., vol. 34, no. 4, pp. 205–218, 2004.

A. Basu and J. Riecke, “Stability issues in OSPF routing,” in Proc. ACM SIGCOMM , 2001, pp. 225–236.

K. Xu, Z.-L. Zhang, and S. Bhattacharyya, “Internet traffic behavior profiling for network security monitoring,” IEEE/ACM Trans. Netw., vol. 16, no. 6, pp. 1241–1252, Dec. 2008.

Z. Zhang, M. Zhang, A. Greenberg, Y. C. Hu, R. Mahajan, and B. Christian, “Optimizing cost and performance in online service provider networks,” in Proc. USENIX NSDI, 2010, p. 3.

G. Badishi, A. Herzberg, and I. Keidar, “Keeping denial-of-service attackers in the dark,” IEEE Trans. Depend. Secure Comput., vol. 4, no.3, pp. 191–204, Jul.–Sep. 2007.

H. Farhat, “Protecting TCP services from denial of service attacks,” in Proc. ACM SIGCOMM LSAD, 2006, pp. 155–160.

A. Yaar, A. Perrig, and D. Song, “SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks,” in Proc. IEEE Symp. Security Privacy,May 2004, pp. 130–143.

H. Wang, D. Zhang, and K. Shin, “Change-point monitoring for the detection of DoS attacks,” IEEE Trans. Depend. Secure Comput., vol.1, no. 4, pp. 193–208, Oct.–Dec. 2004.

P. Verkaik, O. Spatscheck, J. Van der Merwe, and A. C. Snoeren, “Primed: Community-of-interest-based DDoS mitigation,” in Proc. ACM SIGCOMM LSAD, 2006, pp. 147–154.

G. Koutepas, F. Stamatelopoulos, and B. Maglaris, “Distributed management architecture for cooperative detection and reaction to DDoS attacks,” J. Netw. Syst. Manage., vol. 12, pp. 73–94, Mar. 2004.

A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba, “Adaptive early packet filtering for defending firewalls against DoS attacks ,” in Proc. IEEE INFOCOM, Apr. 2009, pp. 2437–2445.

H. Hamed, A. El-Atawy, and E. Al-Shaer, “Adaptive statistical optimization techniques for firewall packet filtering,” in Proc. IEEE INFOCOM, Apr. 2006, pp. 1–12.

A. El-Atawy, T. Samak, E. Al-Shaer, and H. Li, “Using online traffic statistical matching for optimizing packet filtering performance,” in Proc. IEEE INFOCOM, May 2007, pp. 866–874.

D. Das, U. Sharma, and D. K. Bhattacharyya, “Detection of HTTP flooding attacks in multiple scenarios,” in Proc. ACM Int. Conf. Commun., Comput. Security, 2011, pp. 517–522.

A. Sardana, R. Joshi, and T. hoon Kim, “Deciding optimal entropic thresholds to calibrate the detection mechanism for variable rate DDoS attacks in ISP domain,” in Proc. ISA, Apr. 2008, pp. 270–275.

E. Cooke, F. Jahanian, and D. Mcpherson, “The zombie roundup: Understanding, detecting, and disrupting botnets,” in Proc. SRUTI, Jun. 2005, pp. 39–44.

T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling, “Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm,” in Proc. USENIX LEET, 2008, Article no. 9.

A. Feldmann, O. Maennel, Z. M. Mao, A. Berger, and B. Maggs, “Locating Internet routing instabilities,” Comput. Commun. Rev., vol. 34, no. 4, pp. 205–218, 2004.

A. Basu and J. Riecke, “Stability issues in OSPF routing,” in Proc. ACM SIGCOMM , 2001, pp. 225–236.

N. Brownlee and K. Claffy, “Understanding internet traffic streams: Dragonflies and tortoises,” IEEE Commun. Mag., vol. 40, no. 10, pp. 110–117, Oct. 2002.

M. Faloutsos, P. Faloutsos, and C. Faloutsos, “On power-law relationships of the internet topology,” in Proc. ACM SIGCOMM, 1999, pp. 251–262.

The Cooperative Association for Internet Data Analysis, La Jolla, CA, “Archipelago measurement infrastructure,”Available:http://www.caida.org/projects/ark/

R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, “The 1999 DARPA off-line intrusion detection evaluation,” Comput. Netw., vol. 34, no. 4, pp. 579–595, 2000.

J. A. Barnett, “Computational methods for a mathematical theory of evidence,” in Proc. 7th Int. Joint Conf. Artif. Intell., 1981, pp. 868–875.

S. M. Bellovin, “Distributed firewalls,” Login Mag., vol. 24, no. 5, pp. 37–39, Nov. 1999.

S. Ioannidis, A. D. Keromytis, S. M. Bellovin, and J. M. Smith, “Implementing a distributed firewall,” in Proc. 7th ACM CCS, 2000, pp. 190–199, ACM Press.

R. N. Smith and S. Bhattacharya, “A protocol and simulation for distributed communicatingfirewalls,” in Proc. COMPSAC, 1999, pp. 74–79.

X. Bi, W. Tan, and R. Xiao, “A DDoS-oriented distributed defense framework based on edge router feedbacks in autonomous systems,” in Proc. Int. Multisymp. Comput. Comput. Sci., Oct. 2008, pp. 132–135.

S. H. Khor and A. Nakao, “Overfort: Combating DDoS with peer-topeer DDoS puzzle,” in Proc. IEEE IPDPS, Apr. 2008, pp. 1–8.

B. Gupta, M. Misra, and R. Joshi, “FVBA: A combined statistical approach for low rate degrading and high bandwidth disruptive DDoS attacks detection in ISP domain,” in Proc. 16th IEEE ICON, Dec. 2008, pp. 1–4.

J. L. Berral, N. Poggi, J. Alonso, R. Gavaldà,, J. Torres, and M. Parashar, “Adaptive distributed mechanism against flooding network attacks based on machine learning,” in Proc. ACM Workshop Artif. Intell. Security, 2008, pp. 43–50.

I. Yoo and U. Ultes-Nitsche, “Adaptive detection of worms/viruses in firewalls,” in Proc. CNIS, Dec. 2003, pp. 10–12.