A Payload driven Security model for flooding attacks in Active networks

In today´s fast growing Internet world, the number of distributed denial of service attacks (DDoS) is increasing at an alarming rate. Evading these attacks has created a lot of attention from researchers. A number of monitoring and filtering devices have been developed to verify the authenticity of the packets based on the packet payload data in intrusion detection systems (IDS). However, the methods used for IDS cannot be deployed in DDoS filters since in DDoS attacks, a lot of packets arrive in a short span of time and deriving packet payload patterns become cumbersome with these IDS algorithms. This paper presents a three-level mechanism to distinguish attack packets from legitimate ones by scanning the payload of the packet. Packet patterns are derived by using the eigen vector concept and the obtained patterns are compared using an optimal string matching algorithm. This three-level filter was tested in the ANTS active network tool kit with the 1999 DARPA IDS dataset as the back end. Results validate the proposed scheme´s efficiency and the time complexity of the filter proposed is smaller than IDS payload scanning methodologies.