546 220-228
Upcoming SlideShare
Loading in...5
×
 

546 220-228

on

  • 170 views

Because the ability of Distributed Denial of Service (DDoS) attack creates huge ...

Because the ability of Distributed Denial of Service (DDoS) attack creates huge
volume of unwanted traffic so it is widely regarded as a major threat for the current
Internet. A flooding-based DDoS attack is a very common way in which a victim machine is
attacked by sending a large amount of malicious traffic. Because of these attacks,existing
network-level congestion control mechanisms are inadequate for preventing service quality
from deteriorating. Although a number of techniques have been proposed to defeat DDoS
attacks but still It is very hard to detect and respond to DDoS attacks due to large and
complex network environments, the use of source-address spoofing, and moreover its
difficult to make difference between legitimate and attack traffic. To measure the impact of
DDoS attack on FTP services, repeated research in cyber security that is important to the
scientific advancement of the field is required. To fullfill this requirement, the cyber-
DEfense Technology Experimental Research (DETER) testbed has been developed. In this
paper, we have created one dumb-bell topology and generated background traffic as FTP
traffic. We have launched different types of DDoS attacks along with FTP traffic by using
attack tools available in DETER testbed. Finally we have measured impact of DDoS attack
on FTP server in terms of metrics such as throughput, percentage link utilization, and
normal packet survival ratio (NPSR).

Statistics

Views

Total Views
170
Views on SlideShare
168
Embed Views
2

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 2

http://www.slideee.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

546 220-228 546 220-228 Document Transcript

  • Impact Analysis of DDoS Attacks on FTP Services Daljeet Kaur1 and Monika Sachdeva2 1 SBS State Technical Campus/ Deptt. Of Computer Science & Engg., Ferozepur Cantt-152004, Punjab, India Email: daljeetkaur617@gmail.com 2 SBS State Technical Campus/ Deptt. Of Computer Science & Engg., Ferozepur Cantt-152004, Punjab, India Email: monika.sal@rediffmail.com Abstract— Because the ability of Distributed Denial of Service (DDoS) attack creates huge volume of unwanted traffic so it is widely regarded as a major threat for the current Internet. A flooding-based DDoS attack is a very common way in which a victim machine is attacked by sending a large amount of malicious traffic. Because of these attacks,existing network-level congestion control mechanisms are inadequate for preventing service quality from deteriorating. Although a number of techniques have been proposed to defeat DDoS attacks but still It is very hard to detect and respond to DDoS attacks due to large and complex network environments, the use of source-address spoofing, and moreover its difficult to make difference between legitimate and attack traffic. To measure the impact of DDoS attack on FTP services, repeated research in cyber security that is important to the scientific advancement of the field is required. To fullfill this requirement, the cyber- DEfense Technology Experimental Research (DETER) testbed has been developed. In this paper, we have created one dumb-bell topology and generated background traffic as FTP traffic. We have launched different types of DDoS attacks along with FTP traffic by using attack tools available in DETER testbed. Finally we have measured impact of DDoS attack on FTP server in terms of metrics such as throughput, percentage link utilization, and normal packet survival ratio (NPSR). Index Terms— Normal Packet Survival Ratio (NPSR), vulnerability, confidentiality, botnet, DDoS, availability. I. INTRODUCTION As DDoS attacks are used to create unwanted traffic for increasing the problems of all Internet Service Providers (ISPs). This unwanted traffic is “malicious or unproductive traffic that attempts to compromise vulnerable hosts, propagate malware, spread spam, or deny valuable services”[1]. It degrade the service quality of networks. Unwanted traffic can be generated due to a flooding-based DDoS (Distributed Denial of Service) attack. A DDoS attack disturbs normal functionality of the Internet servers by exhausting resources. For exhausting resources, an attacker can create a huge volume of attack traffic to consume the bandwidth of the bottleneck link in the victim network. Confidentiality, authentication, message integrity and non repudiation are desirable security aspects for secure communication. More people are aware that availability and access control are also urgent requirements of secure communication because of the notorious Denial of Service (DoS) attacks that render by the illegitimate users into a network, host, or other piece of network infrastructure to harm them, especially it is done against the frequently visited websites of a number of high-profile companies or government websites. DOI: 02.ITC.2014.5.546 © Association of Computer Electronics and Electrical Engineers, 2014 Proc. of Int. Conf. on Recent Trends in Information, Telecommunication and Computing, ITC
  • 221 An attacker or hacker gradually send attack programs on insecure machines. These compromised machines are called Handlers or Zombies and are collectively called bots and the attack network is called botnet in hacker’s community depending upon sophistication in logic of implanted programs. In this, hackers send control instructions to masters, which then communicate it to zombies for launching attack. As shown in Figure 1, typical DDoS attack has two stages, the first stage is to compromise susceptible systems that are accessible in the Internet and then install attack tools in these compromised systems. This is known as turning the computers into “zombies.” In the second stage, the attacker sends an attack command to the “zombies” through a secure channel to launch a bandwidth attack against the targeted victim(s). Figure 1. Attack Modus Operandi The current attacks on some web sites like Amazon, Yahoo, e-Bay and Microsoft and their resultant disruption of services have uncovered the weakness of the Internet to Distributed Denial of Service (DDoS) attacks. It has been observed through reports that TCP is used in more than 85% of the DoS attacks [2]. The TCP and UDP SYN flooding is the most commonly-used attack. It consists of a stream of spoofed and TCP and UDP SYN packets directed to a listening ports of the victim. The Web servers are not only but also any systems connected to the Internet providing UDP and TCP-based network services, such as FTP servers or Mail servers, are also susceptible to the UDP and TCP SYN flooding attacks. II. RELATED WORK To measure the effect of DDoS defense approaches, analyzation of impact of DDoS attack is very important. As per [3],[4], no benchmarks are available for measuring effectiveness of DDoS defense approaches. Mostly the existing strategies compare good-put and normal packet survival with and without attack and with defense [5]. Some of defense approaches [6] have calculated the response time. By measuring normal packets survival ration proves to be most important because it clearly reflects accuracy of the defense and normal packet loss [7], [8]. Jelena et al. [9], [10] have used percentage of failed transactions (transactions that do not follow QoS thresholds) as a metric to measure DDoS impact. They define a threshold-based model for the relevant traffic measurements, which is application specific. It indicates poor services quality when a measurement exceeds its threshold. One another metric i.e Server timeout has been also used [11]. Because legitimate traffic drop i.e. collateral damage is not indicated. Sardana et al. [12] have used good put, mean time between failure and average response time as performance metrics whereas Gupta et al. [13] have used two statistical metrics namely, Volume and Flow to detect DDoS attacks. As per [9] metrics such as good- put, bad-put, response time, number of active connections , ratio of average serve rate and request rate, and normal packet survival index [8] properly signal denial of service for two way applications such as HTTP, FTP and DNS, but not for media traffic that is sensitive to one-way delay, packet and jitter.
  • 222 III. RECENT INCIDENTS It is observed that 2010 should be viewed as the year distributed denial of service (DDoS) attacks became main stream, says Arbor Networks [14]. TABLE I. RECENT DDOS INCIDENTS ON IMPORTANT WEB SITES [15] Arbor Networks [14] in its Sixth Annual Worldwide Infrastructure Security Report, released by revealed that DDoS attack Size has increased to 100 Gbps for first time and it is up by 1000% since 2005. This year has witnessed a sharp escalation in the scale and frequency of DDoS attack activity on the Internet. DDoS attacks have been launched against many high profile websites and popular Internet services. In addition to hitting the 100 Gbps attack barrier for the first time, application layer attacks hit an all-time high. The Table I lists some of the recent DDoS attacks incidents [14][15]. IV. PERFORMANCE METRICS Due to seriousness of DDoS problem and growing sophistication of attackers have led to development of numerous defense mechanisms [16],[17]. But the growing number of DDoS attacks and their financial implications still needs of a comprehensive solution. Moreover, as we studied that attackers share their attack codes to fight against these attacks, Internet community needs to devise better ways to accumulate details of these attacks. Only then a comprehensive solution against DDoS attacks can be devised. Technically, when DDoS attacks are launched, the various network performance metrics are affected. In current work, our focus is on measuring these network performance metrics and then comparing them with and without attacks. As mentioned in Table II, We have measured impact of DDoS attack using following metrics: Date DDoS target /Incidents Consequences/Description 2012, October Web site of Capital One Bank The incident was the second attack allegedly waged by a hacktivist group against the bank, 2012, March South Korea and United states Websites It is similar to those launched in 2009 2012, January Official Web-site of the office of the vice president of Russia It caused the site to be down by more than 15 hours. 2011, November Asian Ecommerce Company Flood of Traffic was launched and 250,000 Computers are infected with malware participated 2011, November Server The traffic load has been immense with several thou-sands request per second. 2011, October Site of National Election Com-mission of South Korea Attacks were launched during the morning when citizens would look up information and attack leads to fewer turnouts 2011, March On Blogging Platform Live Journal Experienced serious functionality problems for over 12 Hours and resumed on April 4 and 5, 2011 2010, December Master Card, PayPal, Visa and Post Finance Attack was launched in support of WikiLeaks.ch and its founder. Attack lasts for more than 16 hours. 2010, November Whistleblower site Wikileaks Attack size was 10 Gbps. Caused the site unavailable to visitors. Attack was launched to prevent release of secret cables. 2010, November whistleblower site Wikileaks Attack size was 2-4 Gbps. Attack was launched just after it released confidential US diplomatic cables. 2010, November Domain registrar Register.com Impacted DNS, hosting and webmail clients 2010, November Burma’s main Internet provider Disrupted most network traffic in and out of the country for 2 days. Geopolitical motivated attack. Attack size was of 1.09 Gbps (average) & 14.58 Gbps (maximum) . Attack vectors were TCP Syn/rst 85%, flooding 15%. 2010, September Fast growing botnet Botnet’s motive was to provide commercial service
  • 223 TABLE II. METRICS FOR ATTACK’S IMPACT ANALYSIS  Throughput: Throughput is defined as the rate of sending or receiving of data by a network. It is a good measure of the channel capacity of a communications link, and connections to the internet are which is mostly rated in terms of how many bits they pass per second (bit/s). Throughput is measured in terms of good-put and bad-put respectively. Good-put is defined as no. of bits per second of legitimate traffic that are received at the server and bad-put is defined as no. of bits per second of attack traffic that are received at the server.  Backbone Link Utilization: Backbone Link Utilization is defined as percentage of bandwidth that is being used for good put (legitimate traffic)  Normal Packet Survival Ratio: This metric is used to measure impact of attack as we can measure impact of attack as a percentage of legitimate packets delivered during the attack. If this percentage is high, then the service continues with little interruption. V. EVALUATION IN TESTBED EXPERIMENT We have used DETER testbed to evaluate our metrics in experiments using SEER (Security Experimentation EnviRonment) GUI BETA6 environment [18][19]. This test bed is located at the USC Information Sciences Institute and UC Berkeley and security researchers used this testbed to evaluate attacks and defenses in a controlled environment. A. Experimental Topology Figure 2 shows the experimental topology and Figure 3 shows our experimental topology definition for FTP applications in which R1, R2, R3 and R4 are routers, node S is server and L1-L20 are clients. These clients are used to send legitimate requests to server S via router R1 and R2. The bandwidth of all links is to be set 100Mbps, and 1.5Mbps is the bandwidth of bottleneck link (R1-R2). In this topology node A1 acts as attacking node and it sends attack traffic to server S via router R1 and R2. The link between R1 and R2 is called bottleneck link. Figure 2. Experimental Topology Metric Description Throughput (α) Vα= (ьl + ьa)/Δ, ьl , ьa and Δ represents no. of legitimate bytes, no. of attack bytes and time window for analysis respectively. Percentage Link Utilization (£) £ represents percentage of bandwidth that is being used for good put. Normal Packet Survival Ratio (η) η = pl /( pl + pa ), pl represents the no. of legitimate packets and pa represents total no of packets received at victim.
  • 224 set ns [new Simulator] source tb_compat.tcl #Create the topology nodes foreach node { V S R1 R2 R3 R4 L1 L2 L3 L4 L5 L6 L7 L8 L9 L10 L11 L12 L13 L14 L15 L16 L17 L18 L19 L20 A1 A2 control } { #Create new node set $node [$ns node] #Define the OS image tb-set-node-os [set $node] FC4-STD #Have SEER install itself and startup when the node is ready tb-set-node-startcmd [set $node] "sudo python /share/seer/v160/experiment-setup.py Basic" } #Create the topology links set linkRV [$ns duplex-link $V $R1 100Mb 3ms DropTail] set linkRS [$ns duplex-link $S $R1 100Mb 3ms DropTail] set linkRA1 [$ns duplex-link $A1 $R3 100Mb 3ms DropTail] set linkRA2 [$ns duplex-link $A2 $R4 100Mb 3ms DropTail] set linkRR3 [$ns duplex-link $R2 $R3 100Mb 3ms DropTail] set linkRR4 [$ns duplex-link $R2 $R4 100Mb 3ms DropTail] set linkRR2 [$ns duplex-link $R2 $R1 1.5Mb 0ms DropTail] set lannet0 [$ns make-lan "$L1 $L2 $L3 $L4 $L5 $R3" 100Mb 0ms] set lannet1 [$ns make-lan "$L6 $L7 $L8 $L9 $L10 $R3" 100Mb 0ms] set lannet2 [$ns make-lan "$L11 $L12 $L13 $L14 $L15 $R4" 100Mb 0ms] set lannet3 [$ns make-lan "$L16 $L17 $L18 $L19 $L20 $R4" 100Mb 0ms] $ns rtproto Static $ns run Figure 3. Experimental Topology Definition The purpose of attack node is to congest the bandwidth of bottleneck link so that legitimate traffic could not get accessed by the server S. We have generated a random network consist of FTP clients, servers and attack source. Multiple legitimate clients connected with server and one attack source is used as DDoS flooding attacker in our emulated network,. This emulates the real situation of DDoS flooding attack. B. Legitimate Traffic We have used FTP traffic in our experiment is used and there are 20 legitimate client nodes which send requests to the server S for 1-30 seconds and then 61-90 seconds with following thinking time. The configuration of said traffic parameters used to send legitimate traffic is demonstrated in Table III : TABLE III. EMULATION PARAMETERS USED IN EXPERIMENT Parameters Values Clients L1-L20 Server S Attack Host A1 Thinking Time Minmax(0.01,0.1) File Size Minmax(512,1024) Emulation Time 90 sec Bottleneck Bandwidth 1.5Mb Access Bandwidth 100Mb Legitimate Request Time 1-30 sec and 61-90 sec Attack Time 31-60 sec Attack Type DDoS Packet Flooding Server Delay 3ms Access Link Delay 3ms Backbone Link Delay 0ms
  • 225 C. Attack Traffic In experimeny,we have used packet flooding attack to generate DDoS attack. Node A1 launches attack towards S and thus consumes bandwidth of bottleneck in link R1-R2. UDP protocol is used for launching attacks. Further attack types flat, ramp-up, pulse and ramp-pulse are used in our experiment. Attack traffic from A1 starts at 31st second and stops at 60th second. Then we have analyzed impact of DDoS attacks on FTP service. Table IV shows attack parameters used in our emulation experiment. We have generated following flooding attack types: Flat Attack: Flat attack is the attack in which high rate is achieved and maintained till the attack is stopped. Ramp-up Attack: In the Ramp-up attack the high rate is achieved gradually within the rise time specified and is maintained until the attack is stopped. Ramp-down Attack: In this attack the high rate is achieved gradually and after high time it falls to the low rate with in low time. Pulse Attack: Pulse attack is the attack in which the attack oscillates between high rate and low rate. It remains at high rate for high time specified and then falls to low rate specified for the low tie specified and so on. Ramp-pulse Attack: In Ramp-pulse attack it is a mixture of Ramp-up, Rampdown and Pulse attack means it used three attacks. TABLE IV. ATTACK PARAMETERS USED IN EXPERIMENT [20] VI. RESULTS AND DISCUSSIONS The effect of DDoS attacks on the performance of FTP service is analyzed below:- A. Throughput For measuring the throughput, during a DDoS attack, backbone link is attacked to force the edge router at the ISP of victim end to drop most legitimate packets. In Figure 4 and Figure 5, we have measured throughput in terms of good-put and bad-put to get the measure of actual loss. The throughput is divided into good-put and bad-put respectively. Good-put is defined as no. of bits per second of legitimate traffic that are received at the server whereas bad-put gives no. of bits per second of attack traffic that are received at the server. Attack Type Flooding Flooding Flooding Flooding Attack Source A1 A1 A1 A1 Attack Target S S S S Protocol UDP UDP UDP UDP Length Min 100 200 200 100 Length Max 200 300 300 200 Flood Type Flat Ramp-up Pulse Ramp-pulse High Rate 200 300 500 400 High Time 100 5000 6000 5000 Low Rate 100 100 200 200 Low Time 0 8000 5000 4000 Rise Shape 0 1.0 0 1.0 Rise Time 0 10000 0 10000 Fall Shape 0 0 0 1.0 Fall Time 0 0 0 10000 Sport Min 57 57 57 57 Sport Max 57 57 57 57 Dport Min 1000 1000 1000 1000 Dport Max 2000 2000 2000 2000 TCP Flags SYN SYN SYN SYN
  • 226 B. Backbone Link Utilizationt As Backbone Link utilization is defined as percentage of bandwidth that is carrying legitimate traffic. It is shown in Figure 6, that Backbone Link utilization is nearly 100% without attack. During Attack, Backbone Link utilization drops more than 50%. C. Normal Packet Survival Ratio (NPSR) As NPSR is defined as ratio of good-put and bad-put. This is the percentage of legitimate packets that can survive during attack. NPSR should be high. We can measure impact of attack as a percentage of legitimate packets delivered during the attack. If this percentage is high, service continues with little interruption. NPSR starts decreasing with increased rate of attack traffic and as bandwidth of the link is limited, so legitimate packets starts dropping. As shown in Figure 7, 100% legitimate packets are delivered without attack but during attacks, only 50% legitimate packets are delivered. Figure 4. Good-put of FTP traffic through bottleneck link during UDP Attack Figure 5. Bad-put of FTP traffic through bottleneck link during UDP Attack Figure 6. Average Bottleneck Bandwidth Utilization in FTP Service during UDP Attack Goodput of FTP Service under UDP Attack 0.2 0.7 1.2 1.7 1.0 11.0 21.0 31.0 41.0 51.0 61.0 71.0 81.0 91.0Time (Sec) Throughput(Mbps) Flat Attack Rampup Attack Ramp-pulse Attack Pulse Attack Badput of FTP Service under UDP Attack 0 0.1 0.2 0.3 0.4 1.00 8.00 15.00 22.00 29.00 36.00 43.00 50.00 57.00 64.00 71.00 78.00 85.00 91.53 Time (Sec) Throughput(Mbps) Flat Attack Ramp-up Attack Ramp-pulse Attack Pulse Attack Avg Link Utilization of UDP Attack 0 20 40 60 80 100 120 1.0 8.0 15.0 22.0 29.0 36.0 43.0 50.0 57.0 64.0 71.0 78.0 85.0 Time (Sec) %LinkUtilization Flat Attack Pulse Attack Ramp-pulse Attack Ramp-up Attack
  • 227 Figure 7. Average Ratio of Legitimate FTP Packets Survival during UDP Attack VII. CONCLUSIONS DDoS attack incidents are increasing day by day. Not only, DDoS incidents are growing day by day but the technique to attack, botnet size, and attack traffic are also attaining new heights. Effective mechanisms are needed to elicit the information of attack to develop the potential defense mechanism. We evaluated our metrics in experiments on the DETER testbed. DETER testbed allows to carry the DDoS attack experiment in a secure environment. It also allows creating, plan, and iterating through a large range of experimental scenarios with a relative ease. We pointed out the possibility of DDoS attacks on FTP application by analyzing the characteristics of FTP application. DDoS attacks are launched on FTP server and measure the impact of DDoS attacks on FTP service. Measurement of Service degradation due to DDoS attacks are quantified in terms of Throughput, Normal Packet Survival Ratio and Backbone Link Utilization in this paper. We generated attacks at different strengths so that DDoS attack’s impact can be measured. The attacks are generated by keeping some realistic conditions in mind, such as Limited Bottleneck Bandwidth. Moreover the quantitative measurements clearly indicated the impact of attack on FTP service. Distributed Denial of Service attack is one of the major threats for current internet. In the present paper we have measured the impact of DDoS attacks using a number of metrics. We are working on extending the existing work as below: -  Adding some more realistic features to the topology, traffic parameters and Attack parameters (such as ISP Level topology, Large Number of Legitimate Clients, High Legitimate Traffic Rate, High Attack Rate), so as to get more accurate results of DDoS attack’s influence on FTP services.  Comparison of various DDoS Defense Mechanism using weighted metrics. ACKNOWLEDGMENT We would like to express our gratitude to Director, SBS State Technical Campus, Ferozepur, for providing the academic environment to pursue research activities. We are extremely thankful to Dr. Krishan Kumar, Associate Professor, Department of Computer Science & Engg., for their guidance and inputs. Finally the authors wishes to appreciate the support extended by family and friends. REFERENCES [1] K. Xu, Z.L. Zhang, and S. Bhattacharyya, “Reducing unwanted traffic in a backbone network,” in Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI), 2005, pp. 9–15. [2] A. Keromytis, V. Misra, D. Rubenstein(2002) SOS: Secure overlay services. In: ACMSIGCOMM Computer Communication Review, Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Pittsburgh, PA, vol. 32, pp 61–72 [3] J. Mirkovic and P. Reiher, A University of Delaware Subcontract to UCLA, www.lasr.cs.ucla.edu/Benchmarks_DDoS_Def_Eval.html. [4] J. Mirkovic, E Arikan, S. Wei, R. Thomas, S. Fahmy, and P. Reiher. “Benchmarks for DDOS Defense Evaluation”, In Proceedings of Military Communications Conference (MILCOM), pp. 1-10, 2006. Normal Packet Survival Ratio 0 0.2 0.4 0.6 0.8 1 1.2 1.0 9.0 17.0 25.0 33.0 41.0 49.0 57.0 65.0 73.0 81.0 89.0 Time (Sec) NPSR(Mbps) Flat Attack Pulse Attack Ramp-pulse Attack Ramp-up Attack
  • 228 [5] Y. You. “A defense framework for flooding based DDoS Attacks”, M.S. Thesis, Queen’s University, Canada,2007. [6] J. Mirkovic,P. Reiher,S. Fahmy,R. Thomas, A. Hussain, S. Schwab. “Measuring denial Of service”, 2nd ACM workshop on Quality of protection QoP, pp. 53 – 58, 2006. [7] S.Kumar,M.Singh,M.Sachdeva,K.Kumar,”Flooding based DDoS attacks and their influence on web services”, International Journal of Computer Science and Information technology, Vol.2(3),pp 1131-1136,2011. [8] K. Kumar. Protection from Distributed Denial of Service (DDoS) Attacks in ISP Domain, Ph.D. Thesis, Indian Institute of Technology, Roorkee, India, 2007. [9] J. Mirkovic, A. Hussain, B. Wilson, S. Fahmy, P. Reiher, R Thomas, W. M. Yao, S Schwab. “Towards user-centric metrics for denial-of-service measurement” , in proceedings of the 2007 workshop on Experimental computer science, San Diego, California. [10] J. Mirkovic, S. Fahmy, P. Reiher, R. Thomas, A. Hussain, S. Schwab,and C. Ko. “Measuring Impact of DoS Attacks”In Proceedings of the DETER Community Workshop on Cyber Security,Experimentation, June 2006. [11] C. Ko, A. Hussain, S. Schwab, R. Thomas, and B. Wilson. “Towards systematic IDS evaluation", in Proceedings of DETER Community Workshop, pp. 20- 23, June 2006. [12] A. Sardana and R.C. Joshi, “An Integrated Honeypot Framework for Proactive Detection, Characterization and Redirection of DDoS Attacks at ISP level,” International Journal of Information Assurance and Security (JIAS), 3 (1), pp. 1-15, March 2008. Available at http://www.mirlabs.org/jias/sardana.pdf. [13] B.B. Gupta, R. C. Joshi, and M. Misra, “An ISP Level Solution to Combat DDoS Attacks using Combined Statistical Based Approach,” Journal of Information Assurance and Security 3(2), 102-110, June 2008. Available at http://www.mirlabs.org/jias/gupta.pdf. [14] DoS Attacks Exceed 100 Gbps, Attack Surface Continues to Expand By Mike Lennon on February 01, 2011 available at http://www.securityweek.com/ddos-attacks-exceed-100-gbps-attacksurface-continues-expand . [15] K.Arora, K.Kumar, M.Sachdeva,”Impact Analysis of Recent DdoS Attacks”, International Journal of Computer Science and Engg., ISSN 0975-3397,Vol. 3,pp 877-884, 2011. [16] D. kaur, M. Sachdeva and K. Kumar,” Study of Recent DDoS Attacks and Defense Evaluation Approaches” International Journal of Emerging Technology and Advanced Engineering, ISSN 2250-2459(online), Volume 3, Issue 1, pp. 332-336, January 2013. http://www.ijetae.com/Volume3Issue1.html [17] R. Chen, J. Park, and R.Marchany, “A Divide and Conquer Strategy for Thwarting Distributed Denial of Service Attacks,” Computer Journal of IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 5, pp. 577-588, 2007. [18] D. kaur, M. Sachdeva and K. Kumar,” Study of DDoS Attacks using Deter Testbed”,International Journal of Computing and Business Research, IISN:2229-6166, Vol 3,May 2012. [19] J. Mirkovic, S. Wei, A. Hussain, B. Wilson, R. Thomas, S. Schwab, S. Fahmy, R. Chertov, and P. Reiher. “DDoS Benchmarks and Experimenter’s Workbench for the DETER Testbed”, Proceedings of Tridentcom, 2007. [20] D. kaur, M. Sachdeva,” Study of Flooding Based DDoS Attacks and Their Effect Using Deter Testbed”, International Journal of Research in Engg and Tech.,ISSN:2319-1163,Vol 2,pp 879-884,2013.