International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014

ISSN: 2231-2803 http://www.ijcttjournal.org Page 210

Evaluating a DDoS Attack in Online Auction
System and Solution Based on Software Agent

Mandakini vishwakarma
#1
, Brajesh Patel
#2

# Department of Computer Science (CTA)
Shri Ram Institute of Technology, Jabalpur(India)


Abstract--- In modern web applications, the web client makes a
request which takes very little effort to compose, but when it
reaches the server, the application has to process lots of data and
compose the response with a lot of effort
The Denial of Service attack, in particular the Distributed Denial
of Service (DDoS) attack, has become one of the key
intimidations to the Internet. In general, attackers launch DDoS
attacks by directing an enormous number of attack sources to
send worthless traffic to the victim system. The victim's services
are interrupting when its host or network resources are engaged
by the attack traffic. The threat of DDoS attacks has become
even more brutal as attackers can conciliation a huge number of
computers by scattering a computer worm using vulnerabilities
in the most popular operating systems.

To counteract the same problem we consider the Online Auction
Model where auctions run concurrently but independently of
each other. Each auction has an auctioneer and a number of
bidders that could be located anywhere on the Internet.

We develop a novel technique for identifying attack traffic based
on the connection history at the victim. We present an algorithm
to filter attack traffic in a precise and efficient manner.

In this algorithm we have to check the vulnerability of the user.
If user is valid in that case algorithm has to check the load
compiled by the user IP Address and calculate the complete load
that is how much time is required by the user to complete the
activities also to send and received the request to and from the
system. If that load is in between the max_threshold and
min_threshold which are two useful parameters to check the
DDos attack then also we need to check the user profile for
vulnerability issues. If everything is under the threshold values
then algorithm will pass the user as a non attacker and allow
user to use the system.

Keywords DDoS, Online Auction Model, Software Agent,
Reflector, Attacker, Zombie,Auction moniter system,
I. INTRODUCTION

When a denial of service (DoS) attack occurs, a computer or a
network user is unable to access resources like e-mail and the
Internet. An attack can be directed at an operating systemor at
the network. Denial-of-service (DoS) attacks continue to
cause major service disruptions and economic losses to both
Internet users and service providers. DoS attacks could
damage a companys image and reputation. They could also
affect the confidence of users and investors in Internet
businesses. DoS incidents of increasing complexity and scale
are very common nowadays and tend to be distributed (DDoS).
In recent years, DoS attacks have been used as a tool of cyber
warfare, retaliation, and protest. Recent events include the
December 2010 incident that disabled Visa and Master card
websites for more than a day and the August 2009 series of
attacks that affected various social networks, causing
degraded service quality for various days. Despite a single
user was believed to be the target of these attacks, a good
proportion of users of Google blogging and Livejournal, and
Facebook, were also affected.

The series of attacks also targeted Twitter, which was
rendered unusable for nearly 44 million users for several hours.
A definitive solution is unlikely to surface in the near future
given that DoS attacks usually take advantage of legitimate
communication mechanisms to perpetrate malicious activities.
In spite of the vast literature available on the topic, existing
techniques can only offer limited success.

During congestion, large amounts of packet experience
interruption delay or even be dropped due to the queue
overflow. Severe congestion problems result in degradation of
the throughput and large packet loss rate. Congestion also
decreases effectiveness and reliability of the whole network;
furthermore, if at very high traffic, performance crumples
completely and almost no packets are delivered. As a result,
many congestion control techniques are planned to solve this
problem and avoid the damage. Most of the congestion
controls algorithms are based on estimate the network
feedbacks to identify when and where congestion occurs and
take actions to adjust the output source, such as reduce the
congestion windowpane (cwnd). Various feedback schemes
are used in the congestion detection and analysis. However,
there are mainly two categories: Explicit feedback and
implicit feedback.

A computer under the complete control of an intruder
is known as a zombie or bot. A cluster of co-opted
workstation is known as a botnet or a zombie army. Symantec
and Kaspersky Labs and many others also have identified
botnets not viruses, spamor worms as the biggest threat to
Internet security.


International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page 211

II. RELATED WORK
Ricardo L [1] designed a model which confirmed the
high sensitivity of a distributed auction to the degrading
communication conditions that a DoS flooding attack could
produce. Their results suggested that service migration could
have a positive influence in reducing the effects of a DoS
attack, but its success will largely depend on the structure of
the underlying network and on the reaction speed of the
auctioneer to the attack. Within certain limits, service
migration appears promising, at least to mitigate the effects of
DoS attacks in applications of this kind.

Dimple J. etal. [2] proposed an ant-based framework that
exploits the consequence of state less and state full signatures
and hence protecting the legitimate packets only, thereby
discarding the contaminated packets. A Botnet-based DDoS
attack is undoubtedly a serious Internet problem that
challenges the growth rate and the public acceptance of online
government and business sites. Esraa A. etal. [3] represents, a
lucid view of the Botnet based DDoS attack on the application
layer, in particular on the Web server. Incidents around the
world and revenue losses of famous companies and
government Web sites were also described, indicating that
extreme care should be taken and a further study should be
conducted to assess the size of the problemand then derive an
optimal solution.

Ketki A. etal [4] highlighted an overview on DDoS
problem, major factors causing DDoS attacks, brief detail of
most recent DDoS incidents on online civilization is outlined
and finally, the need for a comprehensive distributed solution
was demonstrated. Zhengmin X. etal. [5] presents a method
that can real-time identify the incident of the DDoS flood
attack and determine its intensity using the fuzzy logic. Their
process consists of two stages: (i) statistical analysis of the
network traffic time series using discrete wavelet transform
(DWT) and Schwarz information criterion (SIC) to find out
the change point of Hurst parameter resulting fromDDoS
flood attack, and then (ii) adaptively decide the intensity of the
DDoS flood attack by using the intelligent fuzzy logic
technology to analyse the Hurst parameter and its changing
rate. Their NS2-based simulation results demonstrate that their
proposed method can detect the DDoS flood attack timely,
intelligently and effectively.

Yang X. etal. [6] innovatively propose using two new
information metrics such as the generalized entropy metric
and the information distance metric to detect low-rate DDoS
attacks by measuring the difference between legitimate traffic
and attack traffic. Their proposed generalized entropy metric
can detect attacks several hops earlier than the traditional
Shannon metric. The proposed in order distance metric
outperforms the popular KullbackLeibler divergence
approach as it can clearly enlarge the adjudication distance
and then obtains the optimal detection sensitivity. Their
experimental results show that the proposed information
metrics can effectively detect low-rate DDoS attacks and
clearly reduce the false positive rate.
Furthermore, their proposed IP trace-back algorithm can
find all attacks as well as attackers fromtheir own local area
networks (LANs) and discard attack traffic. Akash M. etal. [7]
summarized different techniques of DDoS and its
countermeasures by different methods such as BloomFilter;
Independent Component Analysis, Trace back method and
TCP Flow Analysis.

III. PROBLEM DEFINITION

In computer network security, backscatter is a side-effect
of a spoofed denial-of-service attack. In this category of attack,
the attacker spoofs the source address in IP packets sent to the
victim. Frequently, the victim machine cannot distinguish
between the spoofed packets and legitimate packets, so the
victimresponds to the spoofed packets as it usually would.
These reply packets are termed as backscatter. If such attacker
is spoofing source addresses randomly, the backscatter replies
packets from the victim will be sent back to random
destinations. Such kind of effect can be used by network
telescopes as oblique evidence.

The term "backscatter analysis" refers to observing
backscatter packets arriving at a statistically significant
portion of the IP address space to determine characteristics of
DoS attacks and victims. In the current Internet, the TCP
detects congestion only after a packet has been crash at the
gateway. However, it would clearly be adverse to have large
queues that were full much of the time; this would
significantly increase the average delay in the network.
Therefore, with increasingly high-speed networks, it is
increasingly important to have method that keeps throughput
high but average queue sizes low.

Congestion in Internet occurs when the link bandwidth
exceeds the capacity of accessible routers. This consequences
in long delay in data delivery and wasting of resources due to
lost or dropped packets. The prime role of a router is to switch
packets fromthe input links to output links through buffer.
Apart from frontward the packets, routers are involved for
controlling the congestion in the network. It is known from
that routing algorithms focus on two main concepts namely
queue management and scheduling. Queue management
algorithms manage the distance between end to end of packet
queues by dropping packets whenever necessary whereas
scheduling algorithms determine which packets to be sent next.
These algorithms are used primarily to manage the allocations
of bandwidth among various flows. The essence of Internet
congestion control is that a sender adjusts its transmission rate
according to the congestion measure of the underline networks.
There are two approaches to accomplish this. One is a source
algorithmthat dynamically adjusts the transmission rate in
response to the congestion along its path; the other one is a
link algorithm that implicitly or explicitly conveys
International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page 212

information about the current congestion measure of the
network to sources using that link.

IV. PROBLEM DOMAIN

DDoS attacks can be roughly alienated in three types:

I. Volume Based Attacks It incorporate UDP floods,
ICMP floods, and other spoofed-packet floods. The
attacks purpose is to flood the bandwidth of the
attacked site, and magnitude is measured in bits per
second (Bps).

II. Protocol Attacks It incorporate SYN floods,
fragmented packet attacks, Ping of Death, Smurf
DDoS and more. This type of attack consumes actual
server useful resources or those of intermediary
communication tools, such as firewalls and load
balancers and is measured in Packets per second.

III. Application Layer Attacks It incorporate
Slowloris, Zero-day DDoS attacks, DDoS attacks
that target Windows, Apache or OpenBSD
vulnerabilities and further. Comprised of innocent
requests and seemingly legitimate the objective of
these attacks is to crash the web server, and the
magnitude is measured in Requests per second.

V. DENIAL OF SERVICES (DOS)

A DoS attack can be regarded as an attempt of attackers to
prevent legal users fromgaining a normal network service.

A. Analysing the Goal of DoS Attack:

Main aim to stop the victims computer machine
fromdoing its essential job.

Server unable to provide service to genuine clients.

Damage done varies from minor inconvenience to
major financial losses.

Dos Attacks Affect: Software Systems, Network
Routers, Servers and End-User PCs.

B. ARCHITECTURE OF DDOS ATTACK

Attacker: It sends attack commands to handlers.

Zombie: Zombies are appeasement and controlled by the
attacker, and they also control many reflectors. A Zombie
has detailed series of program installed to receive
commands fromthe attacker and send such commands to
reflectors.

Reflectors: Reflectors are involved by the attacker
through the Zombie. They run attacking series of
programs and execute commands fromZombie to attack a
target victim.

Fig. 1 Structure of adistributed reflector denial of service(DDoS) attack

C. DDOS ATTACKS:
Direct DDoS attacks (flooding of request packets)
Reflector DDoS attacks (flooding of response
packets)

D. Direct DDoS Attacks (flooding of request packets):
Attacker sends out packets directly towards the target
Uses TCP, UDP, ICMP packets and uses random
spoofed IP addresses
Only a few compromised machines are sufficient
Examples:
TCP SYN flooding; based on TCP three way
handshake, the final ACK from source to victim
never arrives
Congesting a victims incoming link using TCP RST
packets, ICMP control packets or UDP packets.

E. Reflector attacks (flooding of response packets):
Attackers initiate an attack that is relayed to reflector
machines, such as routers, web servers etc
Reflectors may or may not be aware
International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page 213

In response to requests by the attackers, the reflectors
flood victims with the reply packets
Address of victimspoofed in requests to reflectors
Examples:
TCP SYN ACK flooding
Smurf attacks. ICMP echo packets with spoofed
victimaddress are broadcast.
Bandwidth amplification, attack requests that send
response packets of much larger size to the victim
Any Type of DDoS attack might be hazardous to the
computer no matter which one.

F. DDoS threat attacks the following services:
Network Bandwidth
Server memory
CPU usage
Database space
Database Connection pool
Application exception handling mechanism
Hard disk Space

G. DDoS attacks works in two phases
In the first phase it tries to compromise weak
machines in different networks around the world.
This phase is called Intrusion phase.
In the second phase that they install DDoS tools and
start attacking the victims equipment. This phase is
termed as Distributed DDoS attack phase. Attackers
use those security holes to conciliation the servers in
diverse networks and install the DDoS tools.

VI. PROPOSED WORK




















Fig.3 Flowchart of proposed model
We will develop a compact solution which offers
quick reaction against DoS. For this we will uses the concept
of Distributed agent. An agent is a code that works on behalf
of humans. They are many feature like social, and roaming. So
our solution is based on agent technology that will provide
better solution against DoS and DDoS attack.

A. STEPS FOR DDOS_DETECTION ALGORITHM-

1.Firstly create sender id
2.If sender id valid then capture all loads.go to step 3.
3.Check the packet type,time,transmitter send time, sender
recv time,receiver reply, receiver request.
4.Calculate threashold parameter.
5.If load is less then max limit and new profile is less then
max threshold and new profile is greater then min threshold.
go to step 6.
6.No attack otherwise systemunder attack.
7.Check the information about attack and compare profile to
each trace value and go to step 8.
8.check normal profile to each trace value.
9.Calculate arrival time of sender .
10.If sender find out as attacker then block that sender.

B. ALGORITHM FOR DETECTION OF DDOS ATTACK

Create sender ids;
if (sender valid)
{
Load_ Capture (All_Load)
Normal_Profile_Create()
{
pkt_type; // TCP, CBR, UDP
Time;
Tsend, trecv, tdrop, rrep, rreq
}
Calc_Threshold_parameter(max_limit, max_threshol,
min_threshold)
If ((load<=max_limit) &&
(new_profile<=max_threshold) &&
(new_profile>=min_threshold))
{
No attack;
}
else
{
Systemunder Attack;
Attack_information ();
}
}
else
{
Destination unreachable
}

Attack_information ()
No
Yes
Yes
No
Start
Create user
Calculate load by user
Is User
valid?
Systemunder Attack
Is load
correct?
Get Attack Info
Enter System
International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page 214

{
Compare normal_profile into each trace value
if (normal_profile! =new trace_value)
{
Check pkt_type;
Count unknown pkt_type;
Arrival time;
Sender;
Receiver;
Block_Sender(); //sender as attacker
}
}
In this algorithmwe check the validity/vulnerability
of the user. If user is valid then algorithmhas to check the
load compiled by the user IP Address and calculate the
complete load that is how much time is required by the user to
complete the activities also to send and received the request to
and from the system. If that load is in between the
max_threshold and min_threshold which are two useful
parameters to check the DDos attack. Also check the user
profile for vulnerability issues. If everything is under the
threshold values then algorithmwill pass the user as a non
attacker and allow user to use the system.

If user profile and load is not satisfies the threshold
rules then algorithmdetected an Attack on systemand gives
an alarmof systemattack. After attack systemhas to find out
the attackers basic information and compare the normal
profile with the new trace value of the attack. Also calculate
the data packets type, size, time and last systemwill check the
IP address of the attacked user machine so that in future
systemwill be more prone to user with same IP Address.
I. VII. AN AUCTION SYSTEM MODEL
Consider a systemof distributed auctions where auctions run
concurrently but independently of each other. Each auctionhas
an auctioneer and a number of bidders that could be located
anywhere on the Internet. These elements will be implemented
as software agents running on a special execution environment
and autonomously trading on behalf of real users. The
execution environment is assumed to be purposely deployed
on a number of physical machines to manage the agents
execution and to enable physical resource sharing by multiple
agents. Trading agents are programmed to fulfill their users
interests.


Fig. 4 Software agents
An auctioneer agent will try to sell goods at the
highest price, whereas a bidder agent will strive to acquire
goods at a price less or equal to a prejudged value. For
completeness, we consider as well an auction centre (AC) that
serves to match buyers and sellers interests. Sellers use an
auction centre to advertise new auctions and buyers use it to
find sellers. The AC does not handle any auction execution.

It only helps to advertise ongoing auctions and their
status. While an AC plays a centralized role in the system
(although, its implementation could be distributed), auctions
are distributed in the sense that each auction execute with
auctioneer and bidders physically located on (likely) different
hosts. Auctioneers need not reside on the same machine.

The last element of this systemis a traffic monitoring
and analysis facility that is assumed to be provided by the host
machines and made available to software agents through the
execution environment.
VIII .RESULT and Discussion
1.Registration FormIn this registration form, we
registered all the bidders who wants to bid online.Bidders can
login by user name and password which is provided by this
form with using given Captcha. We adding captcha in
registration form as a checking for authenticate users to
provide more security.
2. Admin LoginAdmin login monitors all the
bidders who will be online.




International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page 215



In this we examine that auction monitor monitoring
to all the users who will be online in auction site for
bidding.The most important element of this systemis a traffic
monitoring and analysis facility that is assumed to be provided
by the host machines better as compared to the previous paper.

VIII. CONCLUSIONS AND FUTURE SCOPE

To conclude, attack avoidance aims to solve IP
spoofing, an elementary weakness of the Internet. However, as
attackers gain control of larger numbers of computers,
attackers can direct these zombies to attack by means of
valid source addresses. Since the communication between
attackers and zombies is encrypted, only zombies can be
exposed instead of attackers. To add on, there exists no way
out to enforce global deployment of a particular security
mechanism. Therefore, relying on attack prevention schemes
is not enough to stop DDoS attacks.

DoS attack causes either disruption or degradation on
victims shared resources, as a result preventing valid users
fromtheir access right on those resources. DoS attack may
target on a specific section of computer, entire computer
system, certain networking infrastructure, or even entire
Internet. Attacks can be either by taking advantage of the
ordinary weakness of a system, which is known as logical
attacks or overloading the victimwith high volume of traffic,
which is called flooding attacks.

A distributed formof DoS attack called DDoS attack,
which is generated by many machines to co-ordinately hit a
victim. Once a particular kind of attack is effectively
countered, a slight deviation is designed that bypasses the
defense and still can performan effective attack.

In this paper, we covered an overview of the DDoS
problem, available DDoS attack, defense challenges and
principles, and a classification of available DDoS prevention
mechanisms. This provides better understanding of the
problemand enables a security administrator to effectively
equip his arsenal with proper prevention mechanisms for
fighting against DDoS threat.

The current prevention mechanisms reviewed in this
paper are clearly far fromadequate to protect Internet from
DDoS attack. The main difficulty is that there are still
numerous apprehensive machines over the Internet that can be
conciliation to launch large-scale synchronized DDoS attack.
One promising direction is to develop a complete solution that
encompasses several defense activities to conquer variety of
DDoS attack. If one level of defense fails, the others still have
the possibility to defend against attack. A successful intrusion
requires all defense level to be failed.


ACKNOWLEDGEMENTS

We would like to thanks prof. R. Ricardo Lent for
their valuable suggestions on the earlier versions of this work
& the the anonymous referees for their constructive criticism.
I also grateful to Prof Brajesh Patel, Department of Computer
Science & Engineering,jabalpur , India for their helpful inputs
to this work.

REFERENCES

[1]. Botnet-based Distributed Denial of Service (DDoS) Attacks on
Web Servers: Classification and Art Esraa Alomari, B. B. Gupta,
Shankar Karuppayah, International J ournal of Computer
Applications (0975 8887) Volume 49, No.7, J uly 2012.
[2]. Impact Analysis of Recent DDoS Attacks, Ketki Arora, Krishan
Kumar and Monika Sachdeva, International J ournal on Computer
Science and Engineering (IJ CSE), ISSN-0975-3397, Vol. 3, No. 2,
Feb 2011.
[3]. Enhancing DDoS Flood Attack Detection via Intelligent Fuzzy
Logic, Zhengmin Xia, Songnian Lu and Jianhua Li and J unhua
Tang, Informatica 34, pp. 497-507, 2010.
[4]. Low-Rate DDoS Attacks Detection and Traceback by Using New
Information Metrics, Yang Xiang, Ke Li and Wanlei Zhou, IEEE
Transactions on Information Forensics and Security, Vol. 6, No. 2,
J une 2011.

[5]. +A Review of DDOS Attack and its Countermeasures in TCP
Based Networks, Akash Mittal, Ajit Kumar Shrivastava and
Manish Manoria, International J ournal of Computer Science &
Engineering Survey (IJ CSES) Vol.2, No.4, November 2011
[6]. Agentouro: A Novelty Based Intrusion Detection and Prevention
System, Rathore, J itendra S., Saurav Praneet and Verma
Bhupendra, IEEE, Fourth International Conference on
Computational Intelligence and Communication Networks (CICN),
2012.
[7]. Entropybased collaborative detection of DDOS attacks on
community networks, Yu, Shui and Zhou, Wanlei , in
Proceedings of the 6th Annual IEEE International Conference on
Pervasive Computing and Communications, IEEE, Piscataway,
N.J ., pp. 566571, 2008.

[8]. FireCol: A Collaborative Protection Network for the Detection of
Flooding DDoS Attacks J rme Franois, IssamAib and Raouf
Boutaba, IEEE/ACM Transactions on Networking, Vol. 20, No. 6,
December 2012.
International Journal of Computer Trends and Technology (IJCTT) volume 11 number 5 May 2014
ISSN: 2231-2803 http://www.ijcttjournal.org Page 216

[9]. Low-Rate DDoS Attacks Detection and Traceback by Using New
Information Metrics Yang Xiang, Ke Li and Wanlei Zhou, IEEE
Transactions on Information Forensics and Security, Vol. 6, No. 2,
J une 2011
[10]. TCP Flow Analysis for Defense against Shrew DDoS Attacks,
Yu Chen and Kai Hwang, IEEE International Conference on
Communications (ICC 2007), Glasgow, Scotland, UK, J une 24-28,
2007.
[11]. Distributed Denial of Service Prevention Techniques, B. B.
Gupta, Student Member, IEEE, R. C. J oshi and Manoj Misra,
International J ournal of Computer and Electrical Engineering, Vol.
2, No. 2, ISSN 1793-8163, April, 2010
[12]. A Survey On Active Queue Management Mechanisms,
G.Thiruchelvi and J .Raja, IJ CSNS International J ournal of
Computer Science and Network Security, VOL.8 No.12,
December 2008
[13]. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,
J elena Mirkovic and Peter Reiher, ACM, 2004.
[14]. Buffer Management for Self-Similar Network Traffic, Farnaz
Amin, Kiarash Mizanian, 6thInternational Symposium on
Telecommunications (IST2012), Iran, Tehran, Iran Telecom
Research Center, November 2012
[15]. DDoS attacks and defense mechanisms: classification and state-
of-the-art, Christos Douligeris, Aikaterini Mitrokotsa, Science
Direct Elsevier, J ournal of Computer Networks 44 643666, 2004.
[16]. Evaluating a migration-based response to DoS attacks in a system
of distributed auctions, Ricardo Len, Elsevier, computers &
security, 2012.
[17]. An Ant Based Framework for Preventing DDoS Attack in
Wireless Sensor Networks, Dimple J uneja and Neha Arora,
International J ournal of Advancements in Technology, ISSN 0976-
4860, Vol 1, No 1, 2010.

[18]. Tao Peng, Christopher Leckie, and Kotagiri Ramamohanarao,
Survey of Network-Based Defense Mechanisms Countering the
DoS and DDoS Problems, ACM Computing Surveys, Vol. 39, No.
1, Article3, pp 1-42, April 2007.
[19]. Tao Peng, Defending Against Distributed Denial of Service
Attacks, Thesis for the degree of Doctor of Philosophy,
University of Melbourne, April 2004.
[20]. Saraiah Gujjunoori, Imperfect DDoS Detection and Response,
Thesis for the degree of Master of Technology, NIT, Karnataka,
J uly, 2009.
[21]. Mehmud Abliz, Internet Denial of Service Attacks and Defense
Mechanisms, University of Pittsburgh Technical Report, No. TR-
11-178, pp 1-50, March 2011.
[22]. Thomer M. Gil, MULTOPS: a datastructure for denial-of-service
attack detection, Thesis for the degree Doctorandus Computer
Science, VRIJ E Universiteit, December 2000.
[23]. http://www.firewall.cx/networking-topics/firewalls/211-dos-
attacks.html
[24]. R Vijayasarathy, A Systems Approach to Network Modeling for
DDoS Attack Detection using Naive Bayes Classifier, Thesis for
the degreeof Master of Science, IIT, Madras, February 2012.
[25]. Tao Peng, Christopher Leckie and Kotagiri Ramamohanarao,
Survey of Network-based Defense Mechanisms Countering the
DoS and DDoS Problems, ACM Transactions on Computational
Logic, Vol. 2, No. 3, pp 1-46, 2006.
[26]. Daniel Reichle, Analysis and Detection of DDoS Attacks in the
Internet Backbone using Netflow Logs, Institute of Technology,
Zurich, 2005.





















.