Journal of Computer Science 10 (7): 1216-1221, 2014 ISSN: 1549-3636 © 2014 Science Publications doi:10.3844/jcssp.2014.1216.1221 Published Online 10 (7) 2014 (http://www.thescipub.com/jcs.toc) Corresponding Author: Balamurugan, C., Department of CSE, VEL Tech University, Chennai, India 1216 Science Publications JCS DETECTION OF FLOOD ATTACKS IN DTN USING RATE LIMITER TECHNIQUE Balamurugan, C., M. Viswanathan, T. Abhishek Kumar and G.S. Raj Department of CSE, VEL Tech University, Chennai, India Received 2013-12-04; Revised 2013-12-30; Accepted 2014-02-19 ABSTRACT Flood attacks means a network becomes so weighed down with packets, caused by the attackers. It prevents packets being sent/received between the nodes in the network. There are many methods adopted to prevent flood attacks in other networks, but none has been installed successfully for DTN’s. Disruption tolerant network is a network, developed in such a manner that intermittent communication problems have very low effect on the outcome of the result. However, due to the limited network resources in this network such as buffer space and bandwidth, it is liable to flood attacks. In order to protect resources and defend against flood attacks, the rate limiting technique should be adopted. In which each node must be set up with a restriction over the number of packets it can send to the network and number of duplicates that can be created for each packets, such as rate limit L and rate limit R respectively. However flood attacks are caused even in application level resulting in losses of resources such as CPU and sockets. So, technique for detection of application level floods attacks is implemented by verifying DNS query with a specific tool and validating it with mysql database. Keywords: Flood Attacks, DTN, Disruption Tolerant Networks 1. INTRODUCTION Disruption tolerant network is a valuable network includes mobile nodes which enable to transfer data among nodes. The connection among nodes may be held inconsistently or intermittently connected. Due to this inconsistency, two nodes can transfer data when they enter into an communication range of each other. Data is transferred via keep-carry-forward method. When the node receives the packet it locates in its buffer and holds until a contact is established with neighbour node and then moves the packet forward. However DTN’s has limitations such as low bandwidth and buffer space. Due to this they are liable to flood attacks. A flood attack is one in which the attackers send as many packet into the network and overuse the limited resources. Two types of flood attacks are packet flood attack and replica flood attack. There are many methods to prevent flood attacks, but none has been inducted for DTN’s. A flood attack caused by outsider (unauthorized) can be prevented by authentication techniques. However it is not possible to prevent for attack caused by insiders (authorized). In order to defend flood attacks, rate limiter technique is employed,where assigned each node a restriction for the total packets it can send to the network and number of duplicates it can reverberate for each packet. If the node crosses its rate limits, it will be detected as flood attack. An method is adopted, where each node counts the total packets it has sent out and acknowledges the count value to the other nodes. The node which receives the packet holds the value around and check inbetween to see if the values are changed. If it is found to be inconsistent, then flood attack has been detected. The application level flood attack is detected by verifying DNS query with a specific tool and validating it with database. A Flood attack is one in which the attackers submit a large number of requests to servers through multiple Proxy agents which minimizes server resources within short interval and causes denial of services. Such attacks are developed by completely ignoring the normal firewall protection; attacks can be done easily