International Journal of Advanced Science and Technology

Vol. 29, No. 5, (2020), pp. 7144-7156

An Arbitrary Model for Link Flooding Attack Prevention

1
G.K.Sandhia, 2N.Mohan Teja, 3Pokuri Akshay
1
Assistant Professor,
2,3
Senior Year Undergraduate,
1,2,3
Deptof CSE, SRMIST, Chennai,
India, ksandhia@gmail.com,2mohanteja.17@gmail.com,3pa5716@srmist.edu.in
1

Abstract
With the headway of enormous scale facilitated assaults, the foe is moving far from conventional
dispersed refusal of administration (DDoS) assaults on data centers to modern Denial of
Distributed Service assaults against Internet bases. Connection overridding assaults (Link
Flooding Attacks) are that kind ofground-breaking assaults on network joints. Utilizing system
estimation methods, the safeguard could recognize the connection enduring an onslaught. Be that
as it may, provided the large number of network interfaces, protector could just screen a part of
the connections at the same time, while any connection may be assaulted. In this way, it stays
testing to for all intents and purposes convey location techniques. This paper tends to address this
problem from a theoretical game strategic point of view, and provides a arbitrary method (like
colleteral watching) for enhancement of Link Flooding Attack identification systems. We consider
the LFA recognition problem similar to a Stackelbergsecurity game, and configure the arbitrary
location techniques in accordance to the foe's conduct, finest and quantitative reaction replicas
are used to depict the enemy's conduct. To resolve the non convex and non linear NP hard
enhancement complicationfor locating the counterbalance we make use of a progression of
strategies. The trade-off exhibits a requirement for considering and controlling of LFAs from a
theoretical game strategy point of view and viability of the answers. This examination is a great
leap forward in formally understanding LFA recognition procedures.
Keywords: DDOS Attack ,ASes , LFA

1. INTRODUCTION

In a very bandwidth saturated Distributed Denial of Service attack, lakhs or

many more of malevolent network nodes, commonly containingsystems of
unsuspected users, that can conspire flooding of target host or network with large
volumes of access requests and traffic overflow that makes the target incapable
to take legitimate users calls. By this services hosted by the legitimate users are
denied. Allqueues and links that are exterior to the target network but lead to the
target network are possible to be saturated by network traffic, which leads to
remote inaccessibility of the target network, irrespective of its local capacity.
Such type of attacks can be classified accordingly asIV-1:PDR-1 (Disruptive;
Selfrecoverable) and VT-4 (Network attacks). DDoS attacks are of a simple yet
very effective class , but their impact over recent years had been considerable.
Such attacks are capable of generating traffic of large quantities in order of
hundreds of gigabits per second (e.g., on BBC and the Github), possibly by the
use of DDoS–forhire services which are also known to beboosters. Biggest ever
7144
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

DDoS attack was in 2016 on record , with atraffic of 1 Tbit/salong recorded with
increased complexity and easily deployed by means of IoT devices that are
present in different localities and can overload a server with service requests at a
time, effecting organizations of which many can be running critical services that
needs to be provided without disruption round the clock Such attacks can cause
loss of revenue in the order of millions but still no effective measure has been
developed and deployed for effective control and detection of such. When an
attack has been detected on a server for controlling and reducing the severity of
the attack the attack vulnerability along with the target and the link’s capacity
should be on a common administrative domain, if not it is difficult to take
measures that reduce the impact of the attack.

So it is better to have an autonomous system that controls all aspects of a server

and its traffic management so that along with detection of attacks, actions to
reduce the impact of the attack in accordance with the size of the attack can be
explicitly programmed. Network traffic must be controlled, constantly monitored
and on detection of any anomaly it must be filtered before the traffic exceeds the
link capacity, but autonomous systems controlling these systems and performing
the above tasks fails to have the ability to accurately classify the data packets as
good or bad. There is a tradeoff between efficiency of classification of data
packets and time taken for classification,that is an efficient classifier takes more
time to classify the data packets and thus will limit the data flow through the link
whereas on the other hand a time efficient classifier may be fast enough to
support high speed data transfer support but cannot efficiently classify the data
packets thus can deny request of service to legitimate users. In a few cases the
target may identify a few bad data packets but fails to command the filters of
certain remote parts of the autonomous system in time.

2. STATE OF THE ART (LITERATURESURVEY)

.XiapuLuo, Zhiyuan Tan, ArunaJamdagni, HYujing Liu, and JinshuSug in

the year 2013

Internet recovery is very common these days due to a number of factors such as
network malfunctions and attacks. On the contrary, there are only a few effective
ways to redefine the entire Internet. In this paper, it is inspired by the well-versed
network science metric - in larger ones, we propose a new idea to demonstrate
the redesign of MidoMine. By describing and analyzing the magnitude of the
curvature of neighboring paths and the AS transformation between global paths,
our method allows users to identify temporal, interactive, and interrelated aspects
of path changes. We use our strategies to investigate the Internet response to four

7145
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

disturbing events, such as the Japanese earthquake in March 2011, the SEA-ME-
WE 4 error in April 2010, the YouTube attack in February 2008, and the AS4761
hijacking in January 2011. This experiment has revealed many new details. For
example, the congestion resulting from the defect of the relay followed by the
path's curvature and damaged cable failure. Attackers and specific suppliers of
victims are very important positions to increase the impact of an attack on an
attack incident. Such results will reveal how you can apply effective response
failures to the network and use appropriate security measures to attack it.

M. Jonker, A. Sperotto, R. van Rijswijk, R. Sadre, and A. Pras in the year

2016

Distributed Denial-of-Service (DDOS) attacks have been steadily gaining

popularity over the last decade, from just boring to serious. Increasing attacks,
along with the loss of revenue to targets, have led to the DDOS Protection
Service (DPS) provider market where victims can outsource their traffic
cleanliness using traffic diversion. In this paper, we consider adopting cloud-
based DPS worldwide. We focus on nine major providers. Our approach to
adoption is based on active DNS measurements. We demonstrate technology
that allows a persistent domain name to determine if traffic redirection is
effective for DPS. This allows us to distinguish between different types of
traffic diversion and security. For our analysis, we use a large, large-scale data
set that accounts for more than 50% of the global domain namespace in a 1.5-
day daily snapshot. Our results show that DPS adoption increased by 1.24 times
during our measurement, a significant trend compared to the overall expansion
of the namespace. Our study suggests that frequent adopters can lead to large
players, such as large web hosts that activate and deactivate DDoS security for
millions of domain names.

JelenaMirkovic, AlefiyaHussain, Sonia Fahmy, Peter Reiher, and Roshan

K. Thomas in the year 2009

The major setback in research of Distributed Denial of Service attacks is lack

of certain parameters information that is precise and measurable and can be used
to draw valuable inferences.Availability of such data helps in development of
models that are efficient in prevention of such attacks and it also helps to create
simulation environments where the model can be deployed for experimental
thesis, errors detection and modulation of certain metrics to increase the
effectiveness of the model. In absence of such data it is difficult to assess
damage, measure success and execution of modelsResearchers in the denial-of-
service (DoS) field lack accurate, quantitative, qualitative and versatile metrics
to measure service denial in artificial simulation and testbed experiments.
Without such metrics, it is not possible to measure effects of various attacks,
7146
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

quantify success of proposed defenses, and compare their performance. In this

paper we provide deep insights of various parameters that needs to be
considered for research on DDoS and development of various models for
protection against it. It is equally important to find metrics independent of each
other, error free and comparable to each other. This paper suggests a game
theoretic approach to find the correct correlation between various parameters. It
also provides deep insights of coherence of various metrics and their
informative weightagesalong with the various applications. This can be used by
autonomous systems for various decision making scenarios based on the scale
of the attack and the kind of the attack. It also provides deep understanding of
link flooding attacks and its counter measures. This also gives insights to few
basic autonomous models that counter act to prevent any DDoS attack.
Examples and use case scenarios with both bots and human users is taken and
studied for better understanding of such attacks, so that such cases provide
better accuracy in anomaly detection and understanding of the anomaly for
better response to it.

Xiangjian He‡, Priyadarsi Nanda, Ren Ping Liu, and Jiankun Hu in the
year 2017

Researchers have been interested in identifying service denial (DOS)

attacks since the 1990s. Many validation systems are developed for
accomplishment of these goals. This paper provides a different approach to such
problems for better understanding and easy approach to solve these problems. In
a conventional way currently techniques based on statistical analysis, data
analytics and machine learning models are in use. The model proposed in this
paper is quite different from the conventional one as herenetwork traffic records
are considered to be images and any attacks recorded are taken and the
development of a solution for it is taken as a computer vision problem. A
multivariable collation analytics technique was considered to precisely classify
and convert these given network traffic records into image data and relative
images are constructed from it.

Images generated from network traffic records that are based on commonly
used oddities like Earth Movers Distance (EMD) can be utilized like verifiable
as entities in the DDoS attack detection system that is proposed.
Crossbrainconsiders matching EMDs and provides a more accurate estimate of
the disparity between distributions than some popular differences, such as the
Mink's Comparison Distance LP and X2 Statistics. This feature facilitates our
proposed system with the ability to effectively detect. To validate the proposed
EMD based detection system, the CDP provides ten times cross validation using
the CUP99 dataset and ISCX 2012 IDS validation dataset. In system evaluation
section the results that are presented infer that KDD is capable of detecting
7147
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

unidentified DOS attacks by the CUP99 dataset, with a detection accuracy of

99.95% and 90.12% accuracy in the ISCX 2012 IDS evaluation dataset,
resulting in approximately 59,000 traffic per second.

Yu Chen, Kai Hwang and Wei-Shinn Ku in the year 2016

This paper introduces a new distribution approach for the detection of DDoS
(unacceptable services) floods at the traffic-flow level. The new security system
is compatible with large networks that serve Internet Service Providers (ISPs).
In the early stages of a DDoS attack, some traffic fluctuations can be detected
on the Internet router or at the entrance to the same network. We develop a
distributed change-point detection (DCD) architecture using transformation
aggregation trees (CATs). Many network domains initially have the idea of
detecting sudden traffic changes. Attack on flood victims' systems offered by
DDoS's initial identification provider. The new Secure Infrastructure Protocol
(SIP) has been developed to resolve policy disputes and establish mutual trust or
consent in various ISP domains. At the University of Southern California (USC)
Institute in F Informatics, we simulate DCD systems with 16 network domains
in a 220 node PC cluster, Cyber Defense Technology Experimental Research
(DETR), for Internet emission testing.

3. EXISTINGSYSTEM

Autonomous systems that are explicitly coded or programmed for

monitoring and tracking of requests so that it can sequentially prevent or at least
down grade any probing activities in the system. It is essential to cover all paths
(links) that leads to the system which are spread over different geographic
locations and so the defender deploys trackers over all the paths that are spread
over a wide area. DDoS is the existing technique used. DDoS is an attack with a
malevolent endeavor with an aim to muddle usual traffic of a targeted system and
its network accepting the request of service by overwhelming the target or its
surrounding network infrastructure by flooding it with large amounts of network
traffic that it can’t handle.

DRAWBACKS

Use on primitive DDoS mitigation devices but by themselves they are

always constrained by other elements of the infrastructure.

4. PROPOSED SYSTEM

An arbitrary detection technique based on the type and severity of the

attack , where explicitly programmed algorithms use is minimalized and best
approach is taken based on the parameters taken from the anomaly.

7148
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

PROPOSED TECHNIQUE

Link flooding attacks (LFAs): A certain kind of link flooding attacks

(LFA’s) based on a target can cut off the Internet connectivity of a target division
under the radar because they use legitimate paths of traffic to flood given links.

ADVANTAGES

It greatly differs from conventional methods where mostly autonomous systems

are used that can be easily studied and then bypassed. Earlier method use server
side monitoring of traffic making it easy for attackers to modify user end links so
that they can cover up machine generated requests with legitimate requests. To
solve this problem usually router based approaches are considered.

5. MODULE DESCRIPTION

5.1 TEAM LEADERS:

Authentication - Registration:

For a new Team leader beforelogging into the application registration and
providing of credentials is compulsory. After successfully completing the
registration. Team leader has to give the required credentials for authorization and
logging into the application. The credentials are TL id and the passcode.

Necessary
Team details Database
Leader

Login:

The Team Leader needs to provide correct credentials of team leader ID

and passcode. On logging in successfully it will take you to the Next page orelse it
will remain in the same page.

Team Check For Proceed to

Leader Team Leader next stage
Details
Hierarchy

Database

7149
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

Activate Online Status:

After Successfully Login of Team leader they should Activate the online
status of team leaders until it shows not active for managers view.

Team Active
Online Database
Leaders
Status

Check For Files:

Team leaders can check the files which is send by managing director.
Team leader should encrypt and use the original file.

Team Check for Decrypt

leaders files and use
the file

Database
MANAGING DIRECTOR:

Authentication:

Login:

Managing Directorhas to provide correct MD_ID and passcode. On

successful login it will take you to the next page or else you are redirected to the
same page.

Check Managing Proceed to

Managing director details next
director stageHiera
rchy

Database

Check for Active Status:

After Successfully login of managing director able to check team leader

status with details. Until the team leader changing to active status managing
director will wait.
7150
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

Managing Check For

Director team leader Databas
active status e

Files sending to team leader:

Managing Director can send files to the active team leaders and the file
which is encrypted and send to the team leader

Managing Sends file to

Director team leader Database

Attackers Detection:

Managing director detect the attackers who is trying to attack the

confidential file . If some alert is find that attacker is hacking the file means
managing director will delete the file.

Detecting the
Managing
attackers by Database
director
deleting file

ATTACKERS:

Authentication:

Login:

Attacker has to provide correct ID and passcode. On successful login it

will take you to the next page or else you are redirected to the same page.

Attackers Get into next Proceed to

page next stage
Hierarchy

Database

7151
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

Browse files to Attack:

Attackers can attack the file which is transferred between managing

director and team leader so he browse files to attack.

Browse
Attackers
files to Database
hack

Attacking using username and password:

Attackers will attack the selected file to use the file transferred between
managing director and team leader. Attacker should enter exact username and
password to download the file.

Attack file
Attacker using username Database
and password

SYSTEM DESIGN:

USE CASE DIAGRAM:

A use case diagram is a common and simple pictographic representation of

inferences obtained from a Use-case analysis. The main purpose that it serves is
a clear presentation of all functionalities and objects along with actors and their
goals with their interdependencies

7152
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

CLASS DIAGRAM:

A class diagram is a part of unified modeling language (UML) where an

instance is pictographically represented where actors are taken as classes and their
tasks are taken as attributes and the relationships between actors are taken as
relationships between classes.

The transperancy of a class is of 2 kinds.

Private visibility

Public visibility

Protected visibility

In private vsisbility as the name suggests the information within the class is
inaccessible to the outside classes , whereas in public visibility information is
accessible to everything outside the class.

In Protected visibility only child classes are allowed to access information inherent
from a parent class.

7153
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

SYSTEM ARCHITECTURE:

Architecture diagram is a way of representation of the interdependencies

between different parts of a system. Such representation gives an overview of
the entire working model of a system. Architecture diagram is pictographic
representation of a structure of systeminwhich primary parts and their
functionalities are presented by block divisions intersected by lines that
represents the interdependencies of the blocks. They are largely used in this
engineering world mainly in hardware design, electronic design, software
design, and process flow diagrams

RESULT

The transmission of data can be done securely in the use case scenario
between the manager and team leader. Intrusion of any external can be
detected and the encrypted file then can be deleted by the manager. This
protocol facilitates safe and secure transfer of data without the need of any
autonomus system. As this is easy and adapt and cost effective it is more
preferable by small scale industries and new eshtablishments

CONCLUSION

As conventional approach to link flooding attacks has many drawbacks, this

brings a requirement of more research and new approaches to tackle such issues.
The suggested protocol can be used as a deterrence to link flooding attack in all
use cases. The main disadvantage of a conventional approach to link flooding
attacks is the AS used detects and prevents LFA on the server side of a path.
This makes it easy for attackers to disguise their anomaly traffic with the
legitimate traffic. This stands as a major problem till today as there no way an
automated system can control network traffic on the user end of the path. By this
protocol it is easy for organizations to protect themselves for link flooding
7154
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

attacks and moreover the above problem can be addressed through this approach
as the user side of the link can be password protected and the password can be
only known to the required individual in this protocol. Instead of spending
millions of dollars on AS for detection and prevention of LFA’s simple protocol
model above can be used for prevention of such attacks. When respective
individuals in an organization strictly adhere to this protocol it is impossible for
any attacker to launch a link flooding attack on the system. As without proper
credentials all requests to the server are denied and hence an attacker might
launch a Link Flooding Attack of any capacity and scale yet he cannot overload
a link as tiny network capacity as possible as all requests denied directly at the
user end. Hence hardware capabilities are not limits for controlling a link
flooding attack.

REFERENCES
[1] Y. Chen, K. Hwang, and W. S. Ku., “Collaborative detection of ddos attacks over
multiple network domains,” IEEE Transactions on Parallel and Distributed Systems,
vol. 18, no. 12, pp. 1649–1662, 2007.
[2] Z. Tan, A. Jamdagni, X. He, P. Nanda, R. P. Liu, and J. Hu, “Detection of denial-of-
service attacks based on computer vision techniques,” IEEE Transactions on
Computers, vol. 64, no. 9, pp. 2519–2533, 2015.

[3] S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms against

distributed denial of service (ddos) flooding attacks,” IEEE Communications Surveys
Tutorials, vol. 15, no. 4, pp. 2046–2069, 2013.
[4] J. Mirkovic, A. Hussain, S. Fahmy, P. Reiher, and R. K. Thomas, “Accurately measuring
denial of service in simulation and testbed experiments,” IEEE Transactions on
Dependable and Secure Computing, vol. 6, no. 2, pp. 81–95, April 2009.
[5] F. J. Ryba, M. Orlinski, M. Wahlisch, C. Rossow, and T. C. Schmidt, ¨ “Amplification
and drdos attack defense - A survey and new perspectives,” CoRR, vol.
abs/1505.07892, 2015.
[6] G. Pellegrino, C. Rossow, F. J. Ryba, T. C. Schmidt, and M. Wahlisch, “Cashing out the
great cannon? on browser-based ¨ ddos attacks and economics,” in Proc. USENIX
WOOT, 2015.
[7] C. Rossow, “Amplification hell: Revisiting network protocols for ddos abuse,” in Proc.
NDSS, 2014.
[8] M. Kuhrer, T. Hupperich, C. Rossow, and T. Holz, “Exit from ¨ hell? reducing the
impact of amplification ddos attacks,” in Proc. USENIX Security, 2014.
[9] M. Kuhrer, T. Hupperich, C. Rossow, and T. Holz, “Hell of a hand- ¨ shake: Abusing
TCP for reflective amplification ddos attacks,” in Proc. USENIX WOOT, 2014.
[10] M. Kang and V. Lee, SooandGligor, “The crossfire attack,” in Proc. IEEE Symp.
Security and Privacy, 2013.
[11] P. Bright, “Can a ddos break the internet?” http://goo.gl/oM6XJt, 2013.
[12] M. S. Kang and V. D. Gligor, “Routing bottlenecks in the internet: Causes, exploits,
and countermeasures,” in Proc. ACM CCS, 2014.
7155
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC
 International Journal of Advanced Science and Technology
Vol. 29, No. 5, (2020), pp. 7144-7156

[13] M. S. Kang, V. D. Gligor, and V. Sekar, “Spiffy: Inducing costdetectability tradeoffs for
persistent link-flooding attacks,” in Proc. ISOC NDSS, 2016.
[14] S. Lee, M. Kang, and V. Gligor, “Codef: collaborative defense against large-scale link-
flooding attacks,” in Proc. ACM CoNEXT, 2013.
[15] S. Lee and V. Gligor, “Floc: Dependable link access for legitimate traffic in flooding
attacks,” in Proc. IEEE ICDCS, 2010.
[16] A. Athreya, X. Wang, Y. S. Kim, Y. Tian, and P. Tague, “Resistance is not futile:
Detecting ddos attacks without packet inspection,” in Proc. WISA, Aug 2013.
[17] L. Xue, X. Luo, E. W. W. Chan, and X. Zhan, “Towards detecting target link flooding
attack,” in Proc. USENIX LISA, 2014.
[18] N. Hu, L. E. Li, Z. M. Mao, P. Steenkiste, and J. Wang, “Locating internet bottlenecks:
Algorithms, measurements, and implications,” in Proc. SIGCOMM, 2004.
[19] P. Calyam, C.-G. Lee, E. Ekici, M. Haffner, and N. Howes, “Orchestration of
network-wide active measurements for supporting distributed computing
applications,” IEEE Trans. Computers, vol. 56, no. 12, 2007.
[20] D. Croce, M. Mellia, and E. Leonardi, “The quest for bandwidth estimation
techniques for large-scale distributed systems,” SIGMETRICS Performance
Evalation Review, vol. 37, no. 3, pp. 20–25, Jan. 2

7156
ISSN: 2005-4238 IJAST
Copyright ⓒ 2020 SERSC