18-06-2014, 11:05 AM
FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks
FireCol A Collaborative Protection Network.doc (Size: 337.5 KB / Downloads: 59)
ABSTRACT
Distributed denial-of-service (DDoS) attacks remain a major security problem, the mitigation of which is very hard especially when it comes to highly distributed botnet-based attacks. The early discovery of these attacks, although challenging, is necessary to protect end-users as well as the expensive network infrastructure resources. Here, we address the problem of DDoS attacks and present the theoretical foundation, architecture, and algorithms of FireCol. The core of FireCol is composed of intrusion prevention systems (IPSs) located at the Internet service providers (ISPs) level. The IPSs form virtual protection rings around the hosts to defend and collaborate by exchanging selected traffic information. The evaluation of FireCol using extensive simulations and a real dataset is presented, showing FireCol effectiveness and low overhead, as well as its support for incremental deployment in real networks.
Existing System
DISTRIBUTED denial-of-service (DDoS) attacks still constitute a major concern even though many works have tried to address this issue in the past . As they evolved from relatively humblemegabit beginnings in 2000, the largest DDoS attacks have now grown a hundredfold to break the 100 Gb/s, for which the majority of ISPs today lack an appropriate infrastructure to mitigate them. Most recent works aim at countering DDoS attacks by fighting the underlying vector, which is usually the use of botnets . A botnet is a large network of compromised machines (bots) controlled by one entity (the master). The master can launch
Proposed System
This paper presents FireCol, a new collaborative system that detects flooding DDoS attacks as far as possible from the victim host and as close as possible to the attack source(s) at the Internet service provider (ISP) level. FireCol relies on a distributed architecture composed of multiple IPSs forming overlay networks of protection rings around subscribed customers. FireCol is designed in a way that makes it a service to which customers can subscribe. Participating IPSs along the path to a subscribed customer collaborate (vertical communication) by
computing and exchanging belief scores on potential attacks. The IPSs form virtual protection rings around the host they protect.
The virtual rings use horizontal communication when the degree of a potential attack is high. In this way, the threat is measured based on the overall traffic bandwidth directed to the customer compared to the maximum bandwidth it supports. In addition to detecting flooding DDoS attacks, FireCol also helps in detecting other flooding scenarios, such as flash crowds, and for botnet-based
Implementation
Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective.
The implementation stage involves careful planning, investigation of the existing system and it’s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
Main Modules
1. UserModule
In this module, Users are having authentication and security to access the detail which is presented in the ontology system. Before accessing or searching the details user should have the account in that otherwise they should register first. Then what we want to post the questions and seeing the answers also
2. Experts Module:
Experts module is the module Experts are having authentication and security to access the detail which is presented in the ontology system. Before accessing or searching the details user should have the account in that otherwise they should register first.Experts register with his certification which hold provided by recognised university.he must be completed a degree ,it only will helpful for
Providing the answer to the social netwok