International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2013): 6.14 | Impact Factor (2013): 4.438 Volume 4 Issue 3, March 2015 www.ijsr.net Licensed Under Creative Commons Attribution CC BY DDoS Attack Defense against Source IP Address Spoofing Attacks Archana S. Pimpalkar 1 , Prof. A. R. Bhagat Patil 2 1, 2 Department of Computer Technology, Yeshwantrao Chavan College of Engineering, Nagpur, Maharashtra, India Abstract: Distributed Denial of Service (DDoS) attacks is the most challenging problems for network security. The attacker uses large number of compromised hosts to launch attack on victim. Various DDoS defense mechanisms aim at detecting and preventing the attack traffic. Source IP address spoofing is one of the most common ways of launching Distributed Denial of Service attacks. In these types of attacks, attack packet’s true origin is difficult to identify. Thus, it is very challenging to detect attack packets and handle defense mechanisms against such attacks. In this paper, defense mechanism uses cryptographic technique for identifying attack packets with source IP address spoofing and dropping those attack packets. This mechanism does not require restrictions or changes to internet routing protocols and is easy to deploy. The algorithm is efficient in identifying spoof attack packets and its effectiveness is evaluated by simulation experiments in NS3. Keywords: DDoS attacks, spoofing, detection, defense, cryptography, packet filtering 1. Introduction Distributed Denial of Service (DDoS) is the coordinated attempt to compromise the availability of network resources or servers as shown in figure 1. These attacks cause financial losses by interrupting legitimate access to servers and online services. To mitigate the impact of these attacks strong defense mechanisms are needed that can detect and prevent ongoing attacks. Many defense mechanisms have been proposed and deployed at various locations in current internet. The effectiveness of these mechanisms depends on the performance trade-offs and cost incurred in deployment. Figure 1: DDoS attack in the internet In DDoS attacks attack packets are sent to server that consumes all the server resources in processing the received packets which causes denial of service for its intended legitimate clients. DDoS attacks with source IP address spoofing is of two types, namely, reflector attack and direct attack. In reflector attack, attacker uses spoof source IP address hence the response from the receiver of packet or the server to whom request is made goes to some other client on the internet who is not the intended receiver of the response packet. This consumes the network resources as well as the resources of that client thus wasting valuable resources and causing denial of service for the legitimate users. In direct attack the attacker uses spoofing of source IP address in which it may keep same source and destination IP address in the packet sent to server, hence the server continuously send reply and request to itself causing server machine to crash. In normal packet forwarding approach only destination address in the packets is used and source IP address is not checked most of the times. This makes it easy to use source IP address spoofing for launching DDoS attack. Many defense mechanisms have been proposed against source IP address spoofing such as ingress filtering, hop count based packet filtering, source address validity enforcement, etc. These mechanisms are useful in controlling the spoofed attack packets but it does not completely prevent the spoofed IP address attack. In this paper, defense mechanism uses cryptographic technique for identifying attack packets with spoof source IP address and dropping the attack packets at the edge router of target victim server. The rest of this paper is organized as follows. In Section 2, recent proposed work for defending against DDoS attacks with source IP address spoofing is presented in brief. In Section 3, defense mechanism that uses Cryptographic technique is presented. In Section 4 Pseudo Code for algorithm is mentioned and Section 5 contains simulation results followed by conclusion in Section 6. 2. Related Work In this section, review of existing literature on defense against Distributed Denial of Service attacks with source IP address spoofing is presented. V. A. Foroushani, et al. [1], proposed defense against DDoS attacks containing attack packets with spoofed IP addresses called Traceback based defense against DDoS flooding attacks. The mechanism is implemented closed to attack source, rate-limiting amount of traffic forwarded towards victim. The performance evaluation of the mechanism using real world CAIDA DDoS attack datasets illustrated increase Paper ID: SUB152513 1776