Two layer defending mechanism against DDOS attacks

Distributed Denial of Service (DDoS) attackers make a service unavailable for intended users. Attackers use IP spoofing as a weapon to disguise their identity. The spoofed traffic follows the same principles as normal traffic, so detection and filtering is very essential. Hop Count Filtering (HCF) scheme identifies packet whose source IP address is spoofed. The information about a source IP address and its corresponding hops from a server (victim) recorded in a table at the victim. The incoming packet is checked against this table for authenticity. The design of IP2HC table reduces the amount of storage space by IP address clustering. The proposed work filters majority of the spoofed traffic by Hop Count Filter-Support Vector Machine (HCF-SVM) algorithm on the network layer. DDoS attackers using genuine IP is subjected to traffic limit at the application layer. The two layer defense approach protects legitimate traffic from being denied, thereby mitigating DDoS effectively. HCF-SVM model yields 98.99% accuracy with reduced False Positive (FP) rate and the rate limiter punishes the aggressive flows and provides sufficient bandwidth for legitimate users without any denial of service. The implementation of the proposed work is carried out on an experimental testbed.