3. Denial-of-ServiceDenial-of-Service
Attempt to makeAttempt to make
resources unusable toresources unusable to
intended usersintended users
Largest threat faced byLargest threat faced by
present day internetpresent day internet
More among SocialMore among Social
Networking SitesNetworking Sites
If more attackers itIf more attackers it
becomes DDoSbecomes DDoS
4. Necessity For SolutionNecessity For Solution
Media: 2.8% lossMedia: 2.8% loss
Two StagesTwo Stages
Recruiting ZombiesRecruiting Zombies
Flooding VictimFlooding Victim
DrawbackDrawback
Service DelaysService Delays
Dynamic RouterDynamic Router
Approach.Approach.
Mechanism of DDoS attacks.
5. COOPERATIVE TECHNOLOGICALCOOPERATIVE TECHNOLOGICAL
SOLUTIONSSOLUTIONS TO “DDOS ATTACKS”TO “DDOS ATTACKS”
ComponentsComponents
1.1. Internet CoreInternet Core
2.2. Internet CloudInternet Cloud
3.3. Edge of InternetEdge of Internet
4.4. Servers and ClientsServers and Clients
Service By D.S.C.Service By D.S.C.
1.1. Direct CommunicationDirect Communication
2.2. Cache CommunicationCache Communication
1.Digital Supply Chain
The digital supply chain.
6. Steps in CooperativeSteps in Cooperative
Filtering:Filtering:
1.1. AlarmingAlarming
2.2. TracingTracing
3.3. FilteringFiltering
Simple ApproachSimple Approach
Delete Same IPDelete Same IP
PacketsPackets
Ban IP spoofingBan IP spoofing
The process of cooperative filtering.
a. Cooperative Filtering
7. b. Cooperative Cachingb. Cooperative Caching
Draw Backs of FilteringDraw Backs of Filtering
ExpensiveExpensive
Legal Packets LostLegal Packets Lost
Traffic Shared By RoutersTraffic Shared By Routers
Routing Tables NeededRouting Tables Needed
Bandwidth efficientlyBandwidth efficiently
Utilized.Utilized.
Combining both resultsCombining both results
in Effective Performancein Effective Performance
Fig Cooperative Caching
8. Incentive ChainIncentive Chain
Major Sources ForMajor Sources For
Digital Content flowDigital Content flow
End Users DemandEnd Users Demand
ICP’s DemandICP’s Demand
Chain links all parties forChain links all parties for
end to end transmissionend to end transmission
9. Broken Incentive ChainBroken Incentive Chain
Lack of IncrementalLack of Incremental
Payment Structure andPayment Structure and
Failure of CooperativeFailure of Cooperative
FilteringFiltering
Have unused residueHave unused residue
bandwidthbandwidth
Cost and Benefits for ISPCost and Benefits for ISP
in Cooperative Filteringin Cooperative Filtering
Payment to ISP’sPayment to ISP’s
With Congestion noWith Congestion no
profit to ISP’sprofit to ISP’s
Fig 3: Incentive Chain
10. Broken Incentive ChainBroken Incentive Chain
Caches on the Edge of the Internet: InaccessibleCaches on the Edge of the Internet: Inaccessible
TreasuresTreasures
Missisippi rule For Cooperative CachingMissisippi rule For Cooperative Caching
Cost efficient than FilteringCost efficient than Filtering
Reasons for breaking incentive chainReasons for breaking incentive chain
ICP’s does not provide money for cachingICP’s does not provide money for caching
Resource becomes inactiveResource becomes inactive
ICP’s not sure about DDoS: No PaymentICP’s not sure about DDoS: No Payment
11. Existing Soln: Capacity ProvisionExisting Soln: Capacity Provision
NetworkNetwork
Network of CacheNetwork of Cache
ServersServers
Demand side CacheDemand side Cache
tradingtrading
Owner of ISP playsOwner of ISP plays
main role in it.main role in it.
Dilution of traffic by theDilution of traffic by the
best Cachebest Cache
12. Proposed SolutionProposed Solution
Difficult to locateDifficult to locate
origin of attackorigin of attack
Request ConstraintsRequest Constraints
Size: 2GBSize: 2GB
Fields: 100Fields: 100
Check header info, atCheck header info, at
first routerfirst router
Router DatabaseRouter Database Restricting Fake Packet
13. Sample Data And ResultsSample Data And Results
Nodes in theNodes in the time takentime taken
networknetwork
100 0.078125100 0.078125
200200 0. 1093750. 109375
300300 0.1093750.109375
400400 0.156250.15625
500500 0.156250.15625
600600 0.156250.15625
700700 0.1718750.171875
800800 0.2343750.234375
900900 0.2343750.234375
10001000 0.2656250.265625
Series 1
-200 200 400 600 800 1000 1200 1400
0.1
0.2
0.3
x
y
Nodes in the Network
T
i
m
e
T
a
k
e
n
CPN method
14. Identifying the AttackIdentifying the Attack
Nodes in theNodes in the Time takenTime taken
networknetwork
100 0.078125100 0.078125
200200 0.0781250.078125
300300 0.50.5
400400 0.0781250.078125
500500 0.0781250.078125
600600 0.0781250.078125
700700 0.0781250.078125
800800 00781250078125
900900 0.0781250.078125
10001000 0.0781250.078125
16. ConclusionConclusion
Previously proposed methods concentrated mostly onPreviously proposed methods concentrated mostly on
determining the attack path only.determining the attack path only.
In Our proposed solution we can easily safe guard anyIn Our proposed solution we can easily safe guard any
network from attack.network from attack.
Here for LAN congestion problem add theHere for LAN congestion problem add the
implementation of multiple cache servers on networkimplementation of multiple cache servers on network
by complex congestion control algorithm.by complex congestion control algorithm.