PROTECTING PROXY BASED NETWORK FROM DDoS ATTACKERS WITH IP SPOOFING DETECTION?

Distributed Denial of Service (DDoS) attacks along with IP spoofing is a major threat faced by networks. The problem is more complicated in case of proxy networks as it is difficult to identify the particular attacker node. A perfect novel server-side defense scheme is proposed to resist DDoS attack by identifying and blocking the particular attacker node along with provision for IP spoofing detection. A TSL-IP based HsMM algorithm and a Hop-count detection algorithm were proposed to detect attackers and spoofed IPs. The approach utilizes the TSL behavior of the requesting nodes to identify attacks and IP of the node as a unique identity to identify the particular attacker node, which makes the scheme more accurate than existing schemes. Soft control is a novel attack response method proposed in this work. It performs behavior reshaping that tries to converts a suspicious traffic into a relatively normal one before rudely discarding them. The Proposed variation in HTTP protocol supports for identifying which client is intruder rather than detecting the innocent web proxy. The TTL based filtering performs a mapping between IP addresses and their hop-counts to identify spoofed IP packets.