Firecol: A Collaborative Protection Network For The Detection Of Flooding Ddos Attacks(2012)

Note: Please Scroll Down to See the Download Link.

ABSTRACT:

Distributed denial-of-service (DDoS) attacks remain a major security problem, the mitigation of which is very hard especially when it comes to highly distributed botnet-based attacks. The early discovery of these attacks, although challenging, is necessary to protect end-users as well as the expensive network infrastructure resources.

In this paper, we address the problem of DDoS attacks and present the theoretical foundation, architecture, and algorithms of FireCol. The core of FireCol is composed of intrusion prevention systems (IPSs) located at the Internet service providers (ISPs) level. The IPSs form virtual protection rings around the hosts to defend and collaborate by exchanging selected traffic information.

The evaluation of FireCol using extensive simulations and a real dataset is presented, showing FireCol effectiveness and low overhead, as well as its support for incremental deployment in real networks.

Existing System

Ø  The exponential growth of computer/network attacks are becoming more and more difficult to identify the need for better and more efficient intrusion detection systems increases in step.

Ø  The main problem with current intrusion detection systems is high rate of false alarms

Ø  The design and implementation of a load balancing between the traffic coming from clients and the traffic originated from the attackers is not implemented.

Proposed System

This paper proposed FireCol, a scalable solution for the early detection of flooding DDoS attacks. Belief scores are shared within a ring-based overlay network of IPSs. It is performed as close to attack sources as possible, providing a protection to subscribed customers and saving valuable network resources.

We address the problem of DDoS attacks and present the theoretical foundation, architecture, and algorithms of FireCol. The core of FireCol is composed of intrusion prevention systems (IPSs) located at the Internet service providers (ISPs) level. The IPSs form virtual protection rings around the hosts to defend and collaborate by exchanging selected traffic information.

The evaluation of FireCol using extensive simulations and a real dataset is presented, showing FireCol effectiveness and low overhead, as well as its support for incremental deployment in real networks. Experiments showed good performance and robustness of FireCol and highlighted good practices for its configuration. Also, the analysis of FireCol demonstrated its light computational as well as communication overhead.

MODULES DESCRIPTION:

NETWORK SECURITY:

Network security is typically handled by a network administrator or system administrator who implements the security policy, network software and hardware needed to protect a network and the resources accessed through the network from unauthorized access and also ensure that employees have adequate access to the network and resources to work. A network security system typically relies on layers of protection and consists of multiple components including networking monitoring and security software in addition to hardware and appliances. All components work together to increase the overall security of the computer network.

INTRUSION PREVENTION SYSTEM (IPS):

Intrusion prevention system (IPS) or intrusion detection system (IDS) can hardly detect such DDoS attacks, unless they are located very close to the victim. However, even in that latter case, the IDS/IPS may crash because it needs to deal with an overwhelming volume of packets (some flooding attacks reach 10–100 Gb/s). In addition, allowing such huge traffic to transit through the Internet and only detect/block it at the host IDS/IPS may severely strain Internet resources.

DISTRIBUTED DENIAL-OF-SERVICE (DDOS):

We focus on the detection of DDoS attacks and per se not their underlying vectors. Although non distributed denial-of-service attacks usually exploit vulnerability by sending few carefully forged packets to disrupt a service, DDoS attacks are mainly used for flooding a particular victim with massive traffic as highlighted in fact, the popularity of these attacks is due to their high effectiveness against any kind of service since there is no need to identify and exploit any particular service-specific flaw in the victim. Hence, this paper focuses exclusively on flooding DDoS attacks

FIRECOL ATTACK DETECTION:

We  presents FireCol, a new collaborative system that detects flooding DDoS attacks as far as possible from the victim host and as close as possible to the attack source(s) at the Internet service provider (ISP) level. FireCol relies on a distributed architecture composed of multiple IPSs forming overlay networks of protection rings around subscribed customers.

FireCol is designed in a way that makes it a service to which customers can subscribe. Participating IPSs along the path to a subscribed customer collaborate (vertical communication) by computing and exchanging belief scores on potential attacks. The IPSs form virtual protection rings around the host they protect.

The virtual rings use horizontal communication when the degree of a potential attack is high. In this way, the threat is measured based on the overall traffic bandwidth directed to the customer compared to the maximum bandwidth it supports. In addition to detecting flooding DDoS attacks, FireCol also helps in detecting other flooding scenarios, such as flash crowds, and for botnet-based DDoS attacks.

Hardware Requirements

Processor                     : Any Processor above 500 MHz.

Ram                              :  128Mb.

Hard Disk                    :  10 Gb.

Compact Disk             :  650 Mb.

Input device                :  Standard Keyboard and Mouse.

Output device             :  VGA and High Resolution Monitor.

Software Requirements

Platform                                              :           JDK 1.7

Program Language                              :           JAVA

Tool                                                     :           Net beans

Operating System                               :           Microsoft Windows XP

Click here to download Firecol: A Collaborative Protection Network For The Detection Of Flooding Ddos Attacks(2012) source code