Skip to main content
SpringerLink
Log in

A Preventive Measure to Protect from Denial of Service Attack

  • Conference paper
Advances in Network Security and Applications (CNSA 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 196))

Included in the following conference series:

  • 2338 Accesses

Abstract

As the number of users in the internet is increasing rapidly, various attacks are becoming an important issue which needs to be analyzed at the earliest. There exist various attacks like, ARP poisoning, IP spoofing, Denial of Service (DOS) etc. Now-a-days one of the major threats on the internet is Denial of Service (DOS) attack. As this attack slows down a particular system, the resources of that system becomes unavailable to others. DOS attack is mounted by consuming the resources of the victim system. By doing this, it can no longer provide the normal service to others. As the universe of DOS attack is large, there exists various different kind of DOS attacks like Distributive DOS attack, Low rate DOS attack etc. In this paper we have proposed a simple hashing based authentication technique which can protect computers from different DOS attacks. The main contribution of this paper is that, here prior to making a connection between source and destination, an authentication must take place at network layer. So before sending a packet to upper layer protocol such as TCP or UDP, this technique will ensure the authentication of the source in network layer. Here a Hash based DOS Attack Analyzer (HDAA) is used whose main job is to capture the packets in the network layer and perform an authentication. For the proposed method it is necessary for both source and destination to agree upon a set of rules and to pass the authentication process. If authentication passes, then it will deliver the data packet to upper layer protocol. If authentication does not pass then it will drop that packet and block that source address from entering the network. A thorough analysis have been made and compared with some existing techniques. The main advantage of this method lies in the application of simple hashing method in network layer which restricts the packet from entering our system initially. The computation overhead is also very less as this scheme can be implemented in network layer with respect to other techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Choi, H., Lee, H., kim, H.: Fast detection and visualization of network attacks on parallel coordinates. Science Direct 28, 276–288 (2009)

    Google Scholar 

  2. Douligeris, C., Mitrokosa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art, vol. 44, pp. 643–666 (2004)

    Google Scholar 

  3. Forouzan, B.A., Fegan, S.C.: Data Communication and Networking. Tata Mgraw Hill (2007)

    Google Scholar 

  4. Priselac, D., Marijic, D., MikucM: Analysis of DoS attack method on IMS system. In: Proceedings of 33rd Intl. convention on MIPRO, Opatija, Croatia, pp. 524–527 (2010)

    Google Scholar 

  5. Efstathopoulos, P.: Practical study of a defence against Low-rate TCP-targeted DoS attack. In: Proceedings of Intl. conf. on Internet Techonology and Secured Transactions, London, pp. 1–6 (2009)

    Google Scholar 

  6. AI-Haidari, F., Sqalli, M., Hamoodi, J.: An Entropy-based Countermeasure against Intelligent DoS Attack Targeting Firewalls. In: Proceedings of IEEE International Symp. on Policies for Distributed and Network, London, pp. 41–44 (2009)

    Google Scholar 

  7. Choi, S.: DoS Resistance Multicast Authentication Protocol with Prediction Hashing and One-Way Key Chain. In: Proceedings of Seventh IEEE Intl. Symp. on Multimedia, London, pp. 524–527 (2005)

    Google Scholar 

  8. Liu, Z., Guan, L.: Attack simulation and signature extraction of low-rate DoS. In: Proceedings of Third Intl. Symp. on Intelligent Information Technology and security Informatics, China, pp. 544–548 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Engineering, KIIT University, Bhubaneswar, 756024, Orissa, India

    Manas Ku. Dasmohapatra & Kamalika Datta

  2. Dept. of Comp Sc. and Engg., Indian Institute of Technology, Kharagpur, 721302, India

    Indranil Sengupta

Authors
  1. Manas Ku. Dasmohapatra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kamalika Datta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Indranil Sengupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Southeastern Louisiana University, 70402, Hammond, LA, USA

    David C. Wyld

  2. Chair of Systems and Computer Networks, Wroclaw University of Technology, Wybrzeze Wyspianskiego 27, 50-370, Wroclaw, Poland

    Michal Wozniak

  3. University of Calcutta, Calcutta, India

    Nabendu Chaki

  4. Jackson State University, 39217, Jackson, MS, USA

    Natarajan Meghanathan

  5. Wireilla Net Solutions PTY Ltd, Melbourne, Victoria, Australia

    Dhinaharan Nagamalai

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dasmohapatra, M.K., Datta, K., Sengupta, I. (2011). A Preventive Measure to Protect from Denial of Service Attack. In: Wyld, D.C., Wozniak, M., Chaki, N., Meghanathan, N., Nagamalai, D. (eds) Advances in Network Security and Applications. CNSA 2011. Communications in Computer and Information Science, vol 196. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22540-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22540-6_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22539-0

  • Online ISBN: 978-3-642-22540-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation