Detection of Denial of Service Attack Through Network Traffic Analysis

Abstract

Denial of Service (DDOS) continues to be a threat to exhaust network bandwidth and host sources. The attack on the target cause it to shut down, thus denying service to the users. The wireless networks have many security issues having characteristics of not bounded by walls. However, these type of networks, due to its broadcast nature are more prone to Denial-of-Service (DoS) attacks. No need of special type of hardware or any high experiences is required to make these networks inoperable by DOS attacks. In this work techniques for detection of dos attacks that exploits physical layer like location strength consistency and signal strength consistency is discussed and implemented. Also, many of DDOS attack tools exploit IP Spoofing technology resulting in difficulty to filter illegitimate packets from amassed traffic. An attacker can falsify IP address field in the IP header, he cannot falsify hop count value to its destination. This hop count can be calculated through TTL (time to live) field in the IP header. Based on this observation, a technique called Hop Count Filtering (HCF) is discussed and implemented