Probabilistic route selection algorithm to trace DDoS attack traffic source

Abstract

DoS(Denial of Service) or DDoS(Distributed DoS) attack is a major threaten and the most difficult problem to solve among many attacks. Moreover, it is very difficult to find a real origin of attackers because DoS/DDoS attacker uses spoofed IP addresses. To solve this problem, we propose a probabilistic route selection algorithm to trace the attacker's real origin. This algorithm uses three types of packets such as an alert packet, an agent packet and a reply agent packet. The alert packet is in use to notify to a victim that DDoS attacks occur. The agent packet is in use to find the attacker's real origin and the reply agent packet is in use to notify to a victim that the agent packet is reached the edge router of the attacker. When source-end detector and victim-end detector detect attacks, the victim-end detector sends the alert packet to the victim. The victim received the alert packet generates the agent packet and sends it to a victim's edge router. The attacker's edge router received the agent packet generates the reply agent packet and send it to the victim. The agent packet and the reply agent packet is forwarded refer to probabilistic packet forwarding table by routers. The probabilistic route selection algorithm runs on the distributed routers and probabilistic packet forwarding table is stored and managed by routers. We simulate for the propose of validation this algorithm by using OPNET14.0 in terms of false positive and required number of packets to trace DDoS attack traffic source.