0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
46 Ansichten7 Seiten
In modern web applications, the web client makes a
request which takes very little effort to compose, but when it
reaches the server, the application has to process lots of data and
compose the response with a lot of effort
The Denial of Service attack, in particular the Distributed Denial
of Service (DDoS) attack, has become one of the key
intimidations to the Internet. In general, attackers launch DDoS
attacks by directing an enormous number of attack sources to
send worthless traffic to the victim system. The victim's services
are interrupting when its host or network resources are engaged
by the attack traffic. The threat of DDoS attacks has become
even more brutal as attackers can conciliation a huge number of
computers by scattering a computer worm using vulnerabilities
in the most popular operating systems.
To counteract the same problem we consider the Online Auction
Model where auctions run concurrently but independently of
each other. Each auction has an auctioneer and a number of
bidders that could be located anywhere on the Internet.
We develop a novel technique for identifying attack traffic based
on the connection history at the victim. We present an algorithm
to filter attack traffic in a precise and efficient manner.
In this algorithm we have to check the vulnerability of the user.
If user is valid in that case algorithm has to check the load
compiled by the user IP Address and calculate the complete load
that is how much time is required by the user to complete the
activities also to send and received the request to and from the
system. If that load is in between the max_threshold and
min_threshold which are two useful parameters to check the
DDos attack then also we need to check the user profile for
vulnerability issues. If everything is under the threshold values
then algorithm will pass the user as a non attacker and allow
user to use the system.
Originaltitel
Evaluating a DDoS Attack in Online Auction
System and Solution Based on Software Agent
In modern web applications, the web client makes a
request which takes very little effort to compose, but when it
reaches the server, the application has to process lots of data and
compose the response with a lot of effort
The Denial of Service attack, in particular the Distributed Denial
of Service (DDoS) attack, has become one of the key
intimidations to the Internet. In general, attackers launch DDoS
attacks by directing an enormous number of attack sources to
send worthless traffic to the victim system. The victim's services
are interrupting when its host or network resources are engaged
by the attack traffic. The threat of DDoS attacks has become
even more brutal as attackers can conciliation a huge number of
computers by scattering a computer worm using vulnerabilities
in the most popular operating systems.
To counteract the same problem we consider the Online Auction
Model where auctions run concurrently but independently of
each other. Each auction has an auctioneer and a number of
bidders that could be located anywhere on the Internet.
We develop a novel technique for identifying attack traffic based
on the connection history at the victim. We present an algorithm
to filter attack traffic in a precise and efficient manner.
In this algorithm we have to check the vulnerability of the user.
If user is valid in that case algorithm has to check the load
compiled by the user IP Address and calculate the complete load
that is how much time is required by the user to complete the
activities also to send and received the request to and from the
system. If that load is in between the max_threshold and
min_threshold which are two useful parameters to check the
DDos attack then also we need to check the user profile for
vulnerability issues. If everything is under the threshold values
then algorithm will pass the user as a non attacker and allow
user to use the system.
In modern web applications, the web client makes a
request which takes very little effort to compose, but when it
reaches the server, the application has to process lots of data and
compose the response with a lot of effort
The Denial of Service attack, in particular the Distributed Denial
of Service (DDoS) attack, has become one of the key
intimidations to the Internet. In general, attackers launch DDoS
attacks by directing an enormous number of attack sources to
send worthless traffic to the victim system. The victim's services
are interrupting when its host or network resources are engaged
by the attack traffic. The threat of DDoS attacks has become
even more brutal as attackers can conciliation a huge number of
computers by scattering a computer worm using vulnerabilities
in the most popular operating systems.
To counteract the same problem we consider the Online Auction
Model where auctions run concurrently but independently of
each other. Each auction has an auctioneer and a number of
bidders that could be located anywhere on the Internet.
We develop a novel technique for identifying attack traffic based
on the connection history at the victim. We present an algorithm
to filter attack traffic in a precise and efficient manner.
In this algorithm we have to check the vulnerability of the user.
If user is valid in that case algorithm has to check the load
compiled by the user IP Address and calculate the complete load
that is how much time is required by the user to complete the
activities also to send and received the request to and from the
system. If that load is in between the max_threshold and
min_threshold which are two useful parameters to check the
DDos attack then also we need to check the user profile for
vulnerability issues. If everything is under the threshold values
then algorithm will pass the user as a non attacker and allow
user to use the system.
Evaluating a DDoS Attack in Online Auction System and Solution Based on Software Agent
Mandakini vishwakarma #1 , Brajesh Patel #2
# Department of Computer Science (CTA) Shri Ram Institute of Technology, Jabalpur(India)
Abstract--- In modern web applications, the web client makes a request which takes very little effort to compose, but when it reaches the server, the application has to process lots of data and compose the response with a lot of effort The Denial of Service attack, in particular the Distributed Denial of Service (DDoS) attack, has become one of the key intimidations to the Internet. In general, attackers launch DDoS attacks by directing an enormous number of attack sources to send worthless traffic to the victim system. The victim's services are interrupting when its host or network resources are engaged by the attack traffic. The threat of DDoS attacks has become even more brutal as attackers can conciliation a huge number of computers by scattering a computer worm using vulnerabilities in the most popular operating systems.
To counteract the same problem we consider the Online Auction Model where auctions run concurrently but independently of each other. Each auction has an auctioneer and a number of bidders that could be located anywhere on the Internet.
We develop a novel technique for identifying attack traffic based on the connection history at the victim. We present an algorithm to filter attack traffic in a precise and efficient manner.
In this algorithm we have to check the vulnerability of the user. If user is valid in that case algorithm has to check the load compiled by the user IP Address and calculate the complete load that is how much time is required by the user to complete the activities also to send and received the request to and from the system. If that load is in between the max_threshold and min_threshold which are two useful parameters to check the DDos attack then also we need to check the user profile for vulnerability issues. If everything is under the threshold values then algorithm will pass the user as a non attacker and allow user to use the system.
When a denial of service (DoS) attack occurs, a computer or a network user is unable to access resources like e-mail and the Internet. An attack can be directed at an operating systemor at the network. Denial-of-service (DoS) attacks continue to cause major service disruptions and economic losses to both Internet users and service providers. DoS attacks could damage a companys image and reputation. They could also affect the confidence of users and investors in Internet businesses. DoS incidents of increasing complexity and scale are very common nowadays and tend to be distributed (DDoS). In recent years, DoS attacks have been used as a tool of cyber warfare, retaliation, and protest. Recent events include the December 2010 incident that disabled Visa and Master card websites for more than a day and the August 2009 series of attacks that affected various social networks, causing degraded service quality for various days. Despite a single user was believed to be the target of these attacks, a good proportion of users of Google blogging and Livejournal, and Facebook, were also affected.
The series of attacks also targeted Twitter, which was rendered unusable for nearly 44 million users for several hours. A definitive solution is unlikely to surface in the near future given that DoS attacks usually take advantage of legitimate communication mechanisms to perpetrate malicious activities. In spite of the vast literature available on the topic, existing techniques can only offer limited success.
During congestion, large amounts of packet experience interruption delay or even be dropped due to the queue overflow. Severe congestion problems result in degradation of the throughput and large packet loss rate. Congestion also decreases effectiveness and reliability of the whole network; furthermore, if at very high traffic, performance crumples completely and almost no packets are delivered. As a result, many congestion control techniques are planned to solve this problem and avoid the damage. Most of the congestion controls algorithms are based on estimate the network feedbacks to identify when and where congestion occurs and take actions to adjust the output source, such as reduce the congestion windowpane (cwnd). Various feedback schemes are used in the congestion detection and analysis. However, there are mainly two categories: Explicit feedback and implicit feedback.
A computer under the complete control of an intruder is known as a zombie or bot. A cluster of co-opted workstation is known as a botnet or a zombie army. Symantec and Kaspersky Labs and many others also have identified botnets not viruses, spamor worms as the biggest threat to Internet security.
International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014 ISSN: 2231-2803 http://www.ijcttjournal.org Page 211
II. RELATED WORK Ricardo L [1] designed a model which confirmed the high sensitivity of a distributed auction to the degrading communication conditions that a DoS flooding attack could produce. Their results suggested that service migration could have a positive influence in reducing the effects of a DoS attack, but its success will largely depend on the structure of the underlying network and on the reaction speed of the auctioneer to the attack. Within certain limits, service migration appears promising, at least to mitigate the effects of DoS attacks in applications of this kind.
Dimple J. etal. [2] proposed an ant-based framework that exploits the consequence of state less and state full signatures and hence protecting the legitimate packets only, thereby discarding the contaminated packets. A Botnet-based DDoS attack is undoubtedly a serious Internet problem that challenges the growth rate and the public acceptance of online government and business sites. Esraa A. etal. [3] represents, a lucid view of the Botnet based DDoS attack on the application layer, in particular on the Web server. Incidents around the world and revenue losses of famous companies and government Web sites were also described, indicating that extreme care should be taken and a further study should be conducted to assess the size of the problemand then derive an optimal solution.
Ketki A. etal [4] highlighted an overview on DDoS problem, major factors causing DDoS attacks, brief detail of most recent DDoS incidents on online civilization is outlined and finally, the need for a comprehensive distributed solution was demonstrated. Zhengmin X. etal. [5] presents a method that can real-time identify the incident of the DDoS flood attack and determine its intensity using the fuzzy logic. Their process consists of two stages: (i) statistical analysis of the network traffic time series using discrete wavelet transform (DWT) and Schwarz information criterion (SIC) to find out the change point of Hurst parameter resulting fromDDoS flood attack, and then (ii) adaptively decide the intensity of the DDoS flood attack by using the intelligent fuzzy logic technology to analyse the Hurst parameter and its changing rate. Their NS2-based simulation results demonstrate that their proposed method can detect the DDoS flood attack timely, intelligently and effectively.
Yang X. etal. [6] innovatively propose using two new information metrics such as the generalized entropy metric and the information distance metric to detect low-rate DDoS attacks by measuring the difference between legitimate traffic and attack traffic. Their proposed generalized entropy metric can detect attacks several hops earlier than the traditional Shannon metric. The proposed in order distance metric outperforms the popular KullbackLeibler divergence approach as it can clearly enlarge the adjudication distance and then obtains the optimal detection sensitivity. Their experimental results show that the proposed information metrics can effectively detect low-rate DDoS attacks and clearly reduce the false positive rate. Furthermore, their proposed IP trace-back algorithm can find all attacks as well as attackers fromtheir own local area networks (LANs) and discard attack traffic. Akash M. etal. [7] summarized different techniques of DDoS and its countermeasures by different methods such as BloomFilter; Independent Component Analysis, Trace back method and TCP Flow Analysis.
III. PROBLEM DEFINITION
In computer network security, backscatter is a side-effect of a spoofed denial-of-service attack. In this category of attack, the attacker spoofs the source address in IP packets sent to the victim. Frequently, the victim machine cannot distinguish between the spoofed packets and legitimate packets, so the victimresponds to the spoofed packets as it usually would. These reply packets are termed as backscatter. If such attacker is spoofing source addresses randomly, the backscatter replies packets from the victim will be sent back to random destinations. Such kind of effect can be used by network telescopes as oblique evidence.
The term "backscatter analysis" refers to observing backscatter packets arriving at a statistically significant portion of the IP address space to determine characteristics of DoS attacks and victims. In the current Internet, the TCP detects congestion only after a packet has been crash at the gateway. However, it would clearly be adverse to have large queues that were full much of the time; this would significantly increase the average delay in the network. Therefore, with increasingly high-speed networks, it is increasingly important to have method that keeps throughput high but average queue sizes low.
Congestion in Internet occurs when the link bandwidth exceeds the capacity of accessible routers. This consequences in long delay in data delivery and wasting of resources due to lost or dropped packets. The prime role of a router is to switch packets fromthe input links to output links through buffer. Apart from frontward the packets, routers are involved for controlling the congestion in the network. It is known from that routing algorithms focus on two main concepts namely queue management and scheduling. Queue management algorithms manage the distance between end to end of packet queues by dropping packets whenever necessary whereas scheduling algorithms determine which packets to be sent next. These algorithms are used primarily to manage the allocations of bandwidth among various flows. The essence of Internet congestion control is that a sender adjusts its transmission rate according to the congestion measure of the underline networks. There are two approaches to accomplish this. One is a source algorithmthat dynamically adjusts the transmission rate in response to the congestion along its path; the other one is a link algorithm that implicitly or explicitly conveys International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014 ISSN: 2231-2803 http://www.ijcttjournal.org Page 212
information about the current congestion measure of the network to sources using that link.
IV. PROBLEM DOMAIN
DDoS attacks can be roughly alienated in three types:
I. Volume Based Attacks It incorporate UDP floods, ICMP floods, and other spoofed-packet floods. The attacks purpose is to flood the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).
II. Protocol Attacks It incorporate SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This type of attack consumes actual server useful resources or those of intermediary communication tools, such as firewalls and load balancers and is measured in Packets per second.
III. Application Layer Attacks It incorporate Slowloris, Zero-day DDoS attacks, DDoS attacks that target Windows, Apache or OpenBSD vulnerabilities and further. Comprised of innocent requests and seemingly legitimate the objective of these attacks is to crash the web server, and the magnitude is measured in Requests per second.
V. DENIAL OF SERVICES (DOS)
A DoS attack can be regarded as an attempt of attackers to prevent legal users fromgaining a normal network service.
A. Analysing the Goal of DoS Attack:
Main aim to stop the victims computer machine fromdoing its essential job.
Server unable to provide service to genuine clients.
Damage done varies from minor inconvenience to major financial losses.
Dos Attacks Affect: Software Systems, Network Routers, Servers and End-User PCs.
B. ARCHITECTURE OF DDOS ATTACK
Attacker: It sends attack commands to handlers.
Zombie: Zombies are appeasement and controlled by the attacker, and they also control many reflectors. A Zombie has detailed series of program installed to receive commands fromthe attacker and send such commands to reflectors.
Reflectors: Reflectors are involved by the attacker through the Zombie. They run attacking series of programs and execute commands fromZombie to attack a target victim.
Fig. 1 Structure of adistributed reflector denial of service(DDoS) attack
C. DDOS ATTACKS: Direct DDoS attacks (flooding of request packets) Reflector DDoS attacks (flooding of response packets)
D. Direct DDoS Attacks (flooding of request packets): Attacker sends out packets directly towards the target Uses TCP, UDP, ICMP packets and uses random spoofed IP addresses Only a few compromised machines are sufficient Examples: TCP SYN flooding; based on TCP three way handshake, the final ACK from source to victim never arrives Congesting a victims incoming link using TCP RST packets, ICMP control packets or UDP packets.
E. Reflector attacks (flooding of response packets): Attackers initiate an attack that is relayed to reflector machines, such as routers, web servers etc Reflectors may or may not be aware International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014 ISSN: 2231-2803 http://www.ijcttjournal.org Page 213
In response to requests by the attackers, the reflectors flood victims with the reply packets Address of victimspoofed in requests to reflectors Examples: TCP SYN ACK flooding Smurf attacks. ICMP echo packets with spoofed victimaddress are broadcast. Bandwidth amplification, attack requests that send response packets of much larger size to the victim Any Type of DDoS attack might be hazardous to the computer no matter which one.
F. DDoS threat attacks the following services: Network Bandwidth Server memory CPU usage Database space Database Connection pool Application exception handling mechanism Hard disk Space
G. DDoS attacks works in two phases In the first phase it tries to compromise weak machines in different networks around the world. This phase is called Intrusion phase. In the second phase that they install DDoS tools and start attacking the victims equipment. This phase is termed as Distributed DDoS attack phase. Attackers use those security holes to conciliation the servers in diverse networks and install the DDoS tools.
VI. PROPOSED WORK
Fig.3 Flowchart of proposed model We will develop a compact solution which offers quick reaction against DoS. For this we will uses the concept of Distributed agent. An agent is a code that works on behalf of humans. They are many feature like social, and roaming. So our solution is based on agent technology that will provide better solution against DoS and DDoS attack.
A. STEPS FOR DDOS_DETECTION ALGORITHM-
1.Firstly create sender id 2.If sender id valid then capture all loads.go to step 3. 3.Check the packet type,time,transmitter send time, sender recv time,receiver reply, receiver request. 4.Calculate threashold parameter. 5.If load is less then max limit and new profile is less then max threshold and new profile is greater then min threshold. go to step 6. 6.No attack otherwise systemunder attack. 7.Check the information about attack and compare profile to each trace value and go to step 8. 8.check normal profile to each trace value. 9.Calculate arrival time of sender . 10.If sender find out as attacker then block that sender.
Attack_information () No Yes Yes No Start Create user Calculate load by user Is User valid? Systemunder Attack Is load correct? Get Attack Info Enter System International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014 ISSN: 2231-2803 http://www.ijcttjournal.org Page 214
{ Compare normal_profile into each trace value if (normal_profile! =new trace_value) { Check pkt_type; Count unknown pkt_type; Arrival time; Sender; Receiver; Block_Sender(); //sender as attacker } } In this algorithmwe check the validity/vulnerability of the user. If user is valid then algorithmhas to check the load compiled by the user IP Address and calculate the complete load that is how much time is required by the user to complete the activities also to send and received the request to and from the system. If that load is in between the max_threshold and min_threshold which are two useful parameters to check the DDos attack. Also check the user profile for vulnerability issues. If everything is under the threshold values then algorithmwill pass the user as a non attacker and allow user to use the system.
If user profile and load is not satisfies the threshold rules then algorithmdetected an Attack on systemand gives an alarmof systemattack. After attack systemhas to find out the attackers basic information and compare the normal profile with the new trace value of the attack. Also calculate the data packets type, size, time and last systemwill check the IP address of the attacked user machine so that in future systemwill be more prone to user with same IP Address. I. VII. AN AUCTION SYSTEM MODEL Consider a systemof distributed auctions where auctions run concurrently but independently of each other. Each auctionhas an auctioneer and a number of bidders that could be located anywhere on the Internet. These elements will be implemented as software agents running on a special execution environment and autonomously trading on behalf of real users. The execution environment is assumed to be purposely deployed on a number of physical machines to manage the agents execution and to enable physical resource sharing by multiple agents. Trading agents are programmed to fulfill their users interests.
Fig. 4 Software agents An auctioneer agent will try to sell goods at the highest price, whereas a bidder agent will strive to acquire goods at a price less or equal to a prejudged value. For completeness, we consider as well an auction centre (AC) that serves to match buyers and sellers interests. Sellers use an auction centre to advertise new auctions and buyers use it to find sellers. The AC does not handle any auction execution.
It only helps to advertise ongoing auctions and their status. While an AC plays a centralized role in the system (although, its implementation could be distributed), auctions are distributed in the sense that each auction execute with auctioneer and bidders physically located on (likely) different hosts. Auctioneers need not reside on the same machine.
The last element of this systemis a traffic monitoring and analysis facility that is assumed to be provided by the host machines and made available to software agents through the execution environment. VIII .RESULT and Discussion 1.Registration FormIn this registration form, we registered all the bidders who wants to bid online.Bidders can login by user name and password which is provided by this form with using given Captcha. We adding captcha in registration form as a checking for authenticate users to provide more security. 2. Admin LoginAdmin login monitors all the bidders who will be online.
International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014 ISSN: 2231-2803 http://www.ijcttjournal.org Page 215
In this we examine that auction monitor monitoring to all the users who will be online in auction site for bidding.The most important element of this systemis a traffic monitoring and analysis facility that is assumed to be provided by the host machines better as compared to the previous paper.
VIII. CONCLUSIONS AND FUTURE SCOPE
To conclude, attack avoidance aims to solve IP spoofing, an elementary weakness of the Internet. However, as attackers gain control of larger numbers of computers, attackers can direct these zombies to attack by means of valid source addresses. Since the communication between attackers and zombies is encrypted, only zombies can be exposed instead of attackers. To add on, there exists no way out to enforce global deployment of a particular security mechanism. Therefore, relying on attack prevention schemes is not enough to stop DDoS attacks.
DoS attack causes either disruption or degradation on victims shared resources, as a result preventing valid users fromtheir access right on those resources. DoS attack may target on a specific section of computer, entire computer system, certain networking infrastructure, or even entire Internet. Attacks can be either by taking advantage of the ordinary weakness of a system, which is known as logical attacks or overloading the victimwith high volume of traffic, which is called flooding attacks.
A distributed formof DoS attack called DDoS attack, which is generated by many machines to co-ordinately hit a victim. Once a particular kind of attack is effectively countered, a slight deviation is designed that bypasses the defense and still can performan effective attack.
In this paper, we covered an overview of the DDoS problem, available DDoS attack, defense challenges and principles, and a classification of available DDoS prevention mechanisms. This provides better understanding of the problemand enables a security administrator to effectively equip his arsenal with proper prevention mechanisms for fighting against DDoS threat.
The current prevention mechanisms reviewed in this paper are clearly far fromadequate to protect Internet from DDoS attack. The main difficulty is that there are still numerous apprehensive machines over the Internet that can be conciliation to launch large-scale synchronized DDoS attack. One promising direction is to develop a complete solution that encompasses several defense activities to conquer variety of DDoS attack. If one level of defense fails, the others still have the possibility to defend against attack. A successful intrusion requires all defense level to be failed.
ACKNOWLEDGEMENTS
We would like to thanks prof. R. Ricardo Lent for their valuable suggestions on the earlier versions of this work & the the anonymous referees for their constructive criticism. I also grateful to Prof Brajesh Patel, Department of Computer Science & Engineering,jabalpur , India for their helpful inputs to this work.
REFERENCES
[1]. Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art Esraa Alomari, B. B. Gupta, Shankar Karuppayah, International J ournal of Computer Applications (0975 8887) Volume 49, No.7, J uly 2012. [2]. Impact Analysis of Recent DDoS Attacks, Ketki Arora, Krishan Kumar and Monika Sachdeva, International J ournal on Computer Science and Engineering (IJ CSE), ISSN-0975-3397, Vol. 3, No. 2, Feb 2011. [3]. Enhancing DDoS Flood Attack Detection via Intelligent Fuzzy Logic, Zhengmin Xia, Songnian Lu and Jianhua Li and J unhua Tang, Informatica 34, pp. 497-507, 2010. [4]. Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics, Yang Xiang, Ke Li and Wanlei Zhou, IEEE Transactions on Information Forensics and Security, Vol. 6, No. 2, J une 2011.
[5]. +A Review of DDOS Attack and its Countermeasures in TCP Based Networks, Akash Mittal, Ajit Kumar Shrivastava and Manish Manoria, International J ournal of Computer Science & Engineering Survey (IJ CSES) Vol.2, No.4, November 2011 [6]. Agentouro: A Novelty Based Intrusion Detection and Prevention System, Rathore, J itendra S., Saurav Praneet and Verma Bhupendra, IEEE, Fourth International Conference on Computational Intelligence and Communication Networks (CICN), 2012. [7]. Entropybased collaborative detection of DDOS attacks on community networks, Yu, Shui and Zhou, Wanlei , in Proceedings of the 6th Annual IEEE International Conference on Pervasive Computing and Communications, IEEE, Piscataway, N.J ., pp. 566571, 2008.
[8]. FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks J rme Franois, IssamAib and Raouf Boutaba, IEEE/ACM Transactions on Networking, Vol. 20, No. 6, December 2012. International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014 ISSN: 2231-2803 http://www.ijcttjournal.org Page 216
[9]. Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics Yang Xiang, Ke Li and Wanlei Zhou, IEEE Transactions on Information Forensics and Security, Vol. 6, No. 2, J une 2011 [10]. TCP Flow Analysis for Defense against Shrew DDoS Attacks, Yu Chen and Kai Hwang, IEEE International Conference on Communications (ICC 2007), Glasgow, Scotland, UK, J une 24-28, 2007. [11]. Distributed Denial of Service Prevention Techniques, B. B. Gupta, Student Member, IEEE, R. C. J oshi and Manoj Misra, International J ournal of Computer and Electrical Engineering, Vol. 2, No. 2, ISSN 1793-8163, April, 2010 [12]. A Survey On Active Queue Management Mechanisms, G.Thiruchelvi and J .Raja, IJ CSNS International J ournal of Computer Science and Network Security, VOL.8 No.12, December 2008 [13]. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms, J elena Mirkovic and Peter Reiher, ACM, 2004. [14]. Buffer Management for Self-Similar Network Traffic, Farnaz Amin, Kiarash Mizanian, 6thInternational Symposium on Telecommunications (IST2012), Iran, Tehran, Iran Telecom Research Center, November 2012 [15]. DDoS attacks and defense mechanisms: classification and state- of-the-art, Christos Douligeris, Aikaterini Mitrokotsa, Science Direct Elsevier, J ournal of Computer Networks 44 643666, 2004. [16]. Evaluating a migration-based response to DoS attacks in a system of distributed auctions, Ricardo Len, Elsevier, computers & security, 2012. [17]. An Ant Based Framework for Preventing DDoS Attack in Wireless Sensor Networks, Dimple J uneja and Neha Arora, International J ournal of Advancements in Technology, ISSN 0976- 4860, Vol 1, No 1, 2010.
[18]. Tao Peng, Christopher Leckie, and Kotagiri Ramamohanarao, Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems, ACM Computing Surveys, Vol. 39, No. 1, Article3, pp 1-42, April 2007. [19]. Tao Peng, Defending Against Distributed Denial of Service Attacks, Thesis for the degree of Doctor of Philosophy, University of Melbourne, April 2004. [20]. Saraiah Gujjunoori, Imperfect DDoS Detection and Response, Thesis for the degree of Master of Technology, NIT, Karnataka, J uly, 2009. [21]. Mehmud Abliz, Internet Denial of Service Attacks and Defense Mechanisms, University of Pittsburgh Technical Report, No. TR- 11-178, pp 1-50, March 2011. [22]. Thomer M. Gil, MULTOPS: a datastructure for denial-of-service attack detection, Thesis for the degree Doctorandus Computer Science, VRIJ E Universiteit, December 2000. [23]. http://www.firewall.cx/networking-topics/firewalls/211-dos- attacks.html [24]. R Vijayasarathy, A Systems Approach to Network Modeling for DDoS Attack Detection using Naive Bayes Classifier, Thesis for the degreeof Master of Science, IIT, Madras, February 2012. [25]. Tao Peng, Christopher Leckie and Kotagiri Ramamohanarao, Survey of Network-based Defense Mechanisms Countering the DoS and DDoS Problems, ACM Transactions on Computational Logic, Vol. 2, No. 3, pp 1-46, 2006. [26]. Daniel Reichle, Analysis and Detection of DDoS Attacks in the Internet Backbone using Netflow Logs, Institute of Technology, Zurich, 2005.