Traceback of DDoS Attacks using Entropy Variations

Aim
The main aim of the project is to traceback the attacks using entropy

variation to reduce the tracbacking delay.

Abstract
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. However, the memory-less feature of the Internet routing mechanisms makes it extremely hard to trace back to the source of these attacks. As a result, there is no effective and efficient method to deal with this issue so far. In this project, we introduce a novel traceback method for DDoS attacks that is

based on entropy variations between normal and DDoS attack traffic, which is
fundamentally different from commonly used packet marking techniques. In comparison to existing DDoS traceback methods, the proposed strategy possesses a number of advantages.

Existing System
1) Both the existing strategies PPM (probabilistic packet marking) and DPM

(deterministic packet marking) require routers to inject marks into individual

packets. 2) Moreover, the PPM strategy can only operate in a local range of the Internet (ISP network) where the defender has the authority to manage. However, this kind of ISP networks is generally quite small, and we cannot traceback to the attack sources located out of the ISP network. 3) The DPM strategy requires all the Internet routers to be updated for packet

marking. However, with only 25 spare bits available in as IP packet, the

scalability of DPM is a huge problem. Moreover, the DPM mechanism poses an extraordinary challenge on storage for packet logging for routers. Therefore, it is infeasible in practice at present.

4) Further, both PPM and DPM are vulnerable to hacking, which is referred to as packet pollution

Proposed System
1) In comparison to existing DDoS traceback methods, the proposed strategy possesses a number of advantages - it is memory non-intensive, efficiently scalable, robust against packet pollution and independent of attack traffic patterns. 2) This strategy requires very few seconds to traceback the attacker. Our

experiments show that accurate traceback is possible within 20 seconds

(approx.) in a large scale attack network with thousands of zombies. 3) The proposed algorithms can be used as additional software. So there is no need to modify the existing software.

Modules
GUI Design Network Establishment DDoS Attack and Traceback

GUI Design
This module represents the graphical user interface architecture of this project. This module dictates the overview of the project.

Network Establishment
the network. So the nodes can transceive the data over the network.

This module is the backbone of this project. In this module, we establish

DDoS Attack and Traceback

In this module the DDoS attackers attack into the network. We use

flooding (one of the main DDoS attack in network) as the attack in our project.
And, packets are monitored whether they are attack packets. We implement the Flow Monitoring Algorithm to monitor the flow (the packets crossed via routers). This algorithm detect whether the attack is injected. We also implement the IP Traceback Algorithm to find the original attacker. These two algorithms can be deployed in routers as the extra software, so there is no need to modify the existing software.

Software Requirements
o Windows XP service pack 2
o Jdk1.6.0_15 o Netbeans 6.9.1 (in-built JavaFX 1.3.1) o Ethernet Network Adapter

Hardware Requirements
o Hard Disk: 40GB and above. o RAM: 512MB and above. o Processor: Pentium4 and above.

Architecture Diagram

Internet

- End Host

- Edge Router

- Router