Absrtact
Distributed Denial-Of-Service (DDoS) attacks are one of the all the more difficult security issues on the Internet today. They can without much of a stretch, fumes the assets of the potential Victims. The issue is much more extreme since the aggressors regularly produce their IP delivers to shroud their character. The current guard mechanism against DDoS attacks, the attack traffic will be filtered at the victim’s side. For this situation, regardless of whether the attacking traffic is filtered by the victim, the attacker may achieve the objective of blocking access to the victim’s bandwidth. IP-Traceback approaches enable the victim to traceback to the wellspring of an attack and they will not be able to minimize the attack when the attack is in progress. Hence in this work we proposed a hybrid method to minimize the quantity of malicious packets entering into the network. We introduce a quantum annealing technique at the server side to identify and mitigate the DDoS attack. The attack messages are minimized by utilizing client puzzle as a part of the ingress router; the path fingerprint is used at the egress side. Simulation studies prove that the proposed mechanism is optimally successful in recognizing and mitigating the DDoS attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Change history
10 February 2020
There was a typo in the second author’s name in the original article. The correct name is S. Karthik, as listed here. The original article has been corrected.
References
Rai, A. K., Kumar, V., & Mishra, S. (2010). Strong password based EAP-TLS authentication protocol for WiMAX. Anjani K. Rai et al/(IJCSE) International Journal on Computer Science and Engineering,2(02), 2736–2741.
Salama, M., Panda, M., Elbarawy, Y., Hassanien, A. E., & Abraham, A. (2012). computational social networks: Security and privacy. Computational Social Networks (pp. 3–21). London: Springer.
Sen, J. (2010). A survey on wireless sensor network security. arXiv preprint arXiv:1011.1529.
Sen, J. (2011). A robust mechanism for defending distributed denial of service attacks on web servers. arXiv preprint arXiv:1103.3333.
Sen, J. (2013). Security and privacy issues in wireless mesh networks: A survey. Wireless networks and security (pp. 189–272). Berlin: Springer.
Sharony, J. (2006). Introduction to wireless MIMO–theory and applications’, CEWIT—center of excellence in wireless and informational technology. IEEE LI: Stony Brook University.
Shoumi, M. N., & Fanany, M. I. (2015). A sparse encoding symmetric machines pre-training for temporal deep belief networks for motion analysis and synthesis. Journal of Theoretical & Applied Information Technology,72(1), 86–93.
Savage, S., Wetherall, D., Karlin, A., & Anderson, T. (2000). Practical network support for IP traceback, ACM SIGCOMM 2000. Sweden: Stockholm.
Song, D., & Perrig, A. (2001). Advanced and authenticated marking schemes for IP traceback. In IEEE INFOCOMM 2001, Anchorage.
Dean, D., Franklin, M., & Stubblefield, A. (2001). An algebraic approach to IP traceback. In Proceedings of the network and distributed system security symposium (NDSS), February 2001, San Diego, pp. 3–12.
Goodrich, M. T. (2002). Efficient packet marking for large-scale IP traceback. In Proceedings ACM CCS 2002, Washington.
Belenky, A., & Ansari, N. (2003). IP traceback with deterministic packet marking. IEEE Communications Letters,7(4), 162–164.
Belenky, A., & Ansari, N. (2003). Accommodating fragmentation in deterministic packet marking for IP traceback. IEEE Communication Letters. https://doi.org/10.1109/LCOMM.2003.811200.
Raghu, D, Arani, M., & Jacob, CR. (2011). Comparison of DDOS attacks and fast ICA algorithms on the basis of time complexity. International Journal of Computer Applications in Engineering Sciences ISSN, 2231–4946
Bellovin, S. M. (2000). ICMP traceback messages. Internet Draft: draft-bellovinitrace-00.txt.
Savage, S., Wetherall, D., Karlin, A., & Anderson, T. (2001). Network support for IP traceback. IEEE/ACM Transactions on Networking,9(3), 226–237.
Baba, T., & Matsuda, S. (2002). Tracing network attacks to their sources. Proc. IEEE Internet Computing,6(2), 20–26.
Saurabh, S., & Sairam, A.S. (2014). ICMP based IP traceback with negligible overhead for highly distributed reflector attack using bloom filters. Computer Communications Journal, 42.
Snoeren, A. C., Partiridge, C., Sanchez, L. A., Jones, C. E., Tchhakountio, F., Kent, S. T., & Strayer, W. T. (2001). Hash-based IP traceback. In Proceedings ACM SIGCOMM 2001, San Diego.
Stone, R. (2000). Centertrack: An IP overlay network for tracking DoS floods. In Proceedings the 9thUSENIX security symposium, Denver.
Sanchez, L. A., Milliken, W. C., Snoeren, A. C., Tchakountio, F., Jones, C. E., Kent, S. T., Partridge, C., & Strayer, W. T. (2001). Hardware support for a hash-based IP traceback. In DARPA information survivability conference & amp; exposition II, 2001. DISCEX’01. Proceedings, vol. 2, pp. 146–152.
Singh, K., Kumar, K., & Bhandari, A. (2013). Classification and state of art of IP traceback techniques for DDoS defense.
CERT. (1998). smurf IP Denial-of-Service Attacks. CERT advisory CA-98.01.
Ferguson, P., & Senie, D. (1998). Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing. RFC Editor.
Das, Arnab, & Chakrabarti, Bikas K. (2005). Quantum Annealing and Related Optimization Methods (Vol. 679). Berlin: Springer.
Boyd, C., Carr, C. (2006). Fair client puzzles from the Bitcoin Blockchain. https://eprint.iacr.org/2016/680.pdf.
NS. (2012). The network simulator (ns-2). Retrieved from NS2 home page. http://www.isi.edu/nsnam/ns/. Accessed on August 2015.
Ohmori, K., Suzuki, A., Ohmuro, M., Kai, T., Kawabata, M., Matushima, R., et al. (2005). Mathematical Models of IP Traceback Methods and their Verification. Security and privacy in the age of ubiquitous computing (pp. 155–169). Boston: Springer.
Wu, Y., Zhao, Z., Bao, F., & Deng, R. H. (2015). Software puzzle: A countermeasure to resource-inflated denial-of-service attacks. IEEE Transactions on Information Forensics and Security,10(1), 168–177.
Kotey, S. D., Tchao, E. T., & Gadze, J. D. (2019). On distributed denial of service current defense schemes. Technologies,7, 19. https://doi.org/10.3390/technologies7010019.
Jaafar, Ghafar A., Abdullah, Shahidan M., & Ismail, Saifuladli. (2019). Review of recent detection methods for HTTP DDoS attack. Journal of Computer Networks and Communications,1283472, 1–10. https://doi.org/10.1155/2019/1283472.
Sreeram, I., & Vuppala, V. P. K. (2019). HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Applied Computing and Informatics,15(1), 59–66.
Paxson, V. (1997). End-to-end routing behavior in the internet. IEEE/ACM Transactions on Networking,5(5), 601–615.
Peng, T., Leckie, C., & Ramamohanarao, K. (2003). ‘Protection from distributed denial of service attacks using history-based IP filtering’, in Communications, 2003. ICC’03. IEEE eXplore on,1, 482–486. https://doi.org/10.1109/ICC.2003.1204223.
Verma, Dinesh C., Calo, Seraphin, & Amiri, Khalil. (2002). Policy-based management of content distribution networks. IEEE Network,16(2), 34–39.
Jyothirmai, P., Raj, J. S., & Smys, S. (2017). Secured self organizing network architecture in wireless personal networks. Wireless Personal Communications,96(4), 5603–5620.
Smys S, Bala GJ, Raj JS. Construction of virtual backbone to support mobility in MANET—A less overhead approach. In 2009 international conference on application of information and communication technologies 2009 October 14 (pp. 1–4). IEEE.
Praveena, A., & Smys, S. (2016). Efficient cryptographic approach for data security in wireless sensor networks using MES VU. In 2016 10th international conference on intelligent systems and control (ISCO), 2016 January 7 (pp. 1–6). IEEE.
smurf IP Denial-of-Service Attacks, CERT advisory CA-98.01, Jan, 1998. http://www.cert.org/advisories/CA-98.01.smurf.html
Sridhar, S., Smys, S. (2016). A hybrid multilevel authentication scheme for private cloud environment. In 2016 10th International Conference on Intelligent Systems and Control (ISCO), 2016 January 7 (pp. 1–5). IEEE.
Kumar, T. S., Suresh, A., & Karumathil, A. (2014). Improvised classification model for cloud based authentication using keystroke dynamics. In frontier and innovation in future computing and communications (pp. 885–893). Springer, Dordrecht.
Praveena, A., & Smys, S. (2016). Anonymization in social networks: A survey on the issues of data privacy in social network sites. Journal of International Journal of Engineering and Computer Science,5(3), 15912–15918.
Pascanu, R., Gulcehre, C., Cho, K., & Bengio, Y. (2013). How to construct deep recurrent neural networks. arXiv preprint arXiv:1312.6026
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Disclosure of potential conflicts of interest
This research is not supported under any funding. The authors declare that they have no conflict of interest.
Research involving Human Participants and/or Animal
This article does not contain any studies with human participants or animals performed by any of the authors.
Informed consent
All referred study is highlighted in the Literature Review.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The initial online version of this article was revised: The second author’s name was corrected.
Rights and permissions
About this article
Cite this article
Praveena, V., Karthik, S. & Jeon, G. Hybrid Approach for IP Traceback Analysis in Wireless Networks. Wireless Pers Commun 113, 669–690 (2020). https://doi.org/10.1007/s11277-020-07183-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-020-07183-8