Professional Documents
Culture Documents
Enhanced Edos-Shield For Mitigating Edos Attacks Originating From Spoofed Ip Addresses
Enhanced Edos-Shield For Mitigating Edos Attacks Originating From Spoofed Ip Addresses
Mohammed H. Sqalli
Khaled Salah
I.
INTRODUCTION
II.
BACKGROUND
III.
RELATED WORK
1168
Algorithm 1: VF Actions
Input:
P Packet
S Packet source IP address
D Packet destination IP address
B Blacklist, W Whitelist, TTL Packet TTL value
Begin:
If (S W && W[S].TTL==TTL )
Forward P to D
Else
Forward P to a V-Node
End
1169
D
Packet destination IP address, TTL Packet TTL
B
Blacklist , W Whitelist
Threshold Constant representing maximum unmatched TTL
LifeTime Constant representing the common Attacks duration
P
Begin:
If (S B) {
Send to S a graphic Turing test
If (passes) {
If (S W)
{WW+W[S]; W[S].TTL=TTL; W[S].unmatched=0; }
Else
W[S].TTL=TTL
Forward P to D.
}Else {
BB+B[S];
B[S].TTL=TTL;
B[S].unmatched=0;
B[S].timestamp=CurrentTime;
If (S W) W[S].unmatched++;
Drop P
}
}Else { // (S B )
During= Time-B[S].timestamp<LifeTime
ExceedThr= B[S].missed> Threshold
MatchesTTL= B[S].TTL==TTL
If ( During and (MatchesTTL or ExceedThr ))
Drop P
Else {
Send to S a graphic Turing test
If (passes) {
If (S W) {
WW+W[S]; W[S].TTL=TTL;
W[S]. unmatched =0;
}Else {W[S].TTL=TTL; W[S]. unmatched =0; }
If (Not During)
BB - B[S];
Forward P to D.
}Else {
Drop P
If (Not During) {
B[S].TTL=TTL;B[S]. unmatched =0;
B[S].timestamp=Time;
}Else {
B[S]. unmatched ++;
If (S W) W[S]. unmatched ++;
}
} }
}
End
V.
1170
EXPERIMENTAL SETUP
1171
Without Mitigation
Original EDoSShield
Enhanced EDoSShield
No Attack (Base)
2.5
x 10
1.5
0.5
50
100
Attack rate (Kpps)
150
200
Computing Utilization %
0.25
0.2
0.15
0.1
0.05
50
100
Attack Rate (Kpps)
150
200
1172
Cost Evaluation
700
Cost Evaluation
700
Without Mitigation
Original EDoSShield
Enhanced EDoSShield
No Attack (Base)
600
Without Mitigation
Original EDoSShield
Enhanced EDoSShield
No Attack (Base)
600
500
Cost $
Cost $
500
400
400
300
300
200
200
100
100
50
100
Attack Rate (Kpps)
150
200
50
Throughput Evaluation
160
Throughput Evaluation
160
Throughput Kpps
Throughput Kpps
140
120
100
80
80
60
40
20
50
100
Attack Rate (Kpps)
150
200
1.5
0.5
100
Attack rate (Kpps)
150
200
Without Mitigation
Original EDoSShield
Enhanced EDoSShield
No Attack (Base)
0.3
100
Attack Rate (Kpps)
150
200
50
50
Without Mitigation
Original EDoSShield
Enhanced EDoSShield
No Attack (Base)
x 10
2.5
100
40
20
Computing Utilization %
120
60
ACKNOWLEDGMENT
0.25
0.2
0.15
0.1
0.05
Without Mitigation
Original EDoSShield
Enhanced EDoSShield
No Attack (Base)
180
140
200
200
Without Mitigation
Original EDoSShield
Enhanced EDoSShield
No Attack (Base)
180
150
200
100
Attack Rate (Kpps)
50
100
Attack Rate (Kpps)
150
200
REFERENCES
1173
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
1174