Mitigation of DDoS Attack using a Probabilistic Approach &
End System based Strategy

Abstract

From the very begining of Internet Technology, the attacks are the undetatchable element of it. This Distributed Denial-of-Service attack is very much harmful as our systems are vulnerable to this. Many mitigation strategies were proposed but these all need the help of network services for mitigation. Also these need the administrative support to continue the mitigation technique beyond own network if the attacker is outsider of own network. But it is very hard to meet all these constraint at a time. That's why we need the help of "end system" based mitigation strategy. Very rare researches have been carried out on this type of method. In this thesis, we have followed the end system based mitigation strategy to solve the problem of DDoS attack. Here neither we need the support of network services nor any administration facility. Here we proposed one probabilistic approach to find out the number of packets being malicious among the massive number of packets. Also we have proposed one algorithm to mitigate the attack based on the number of packets being malicious. We also analyzed our approach in a simulation environment against one existing end system based mitigation strategy. The result shows that our approach solves the problem DDoS and saves the computational resource in terms of CPU time.