Defending network system against IP spoofing based distributed DoS attacks using DPHCF-RTT packet filtering technique

IP spoofing based DDoS attack that relies on multiple compromised hosts in the network to attack the victim. In IP spoofing, IP addresses can be forged easily, thus, makes it difficult to filter illegitimate packets from legitimate one out of aggregated traffic. A number of mitigation techniques have been proposed in the literature by various researchers. The conventional Hop Count Filtering or probabilistic Hop Count Filtering based research work indicates the problems related to higher computational time and low detection rate of illegitimate packets. In this paper, DPHCF-RTT technique has been implemented and analysed for variable number of hops. Goal is to improve the limitations of Conventional HCF or Probabilistic HCF techniques by maximizing the detection rate of illegitimate packets and reducing the computation time. It is based on distributed probabilistic HCF using RTT. It has been used in an intermediate system. It has the advantage for resolving the problems of network bandwidth jam and host resources exhaustion. MATLAB 7 has been used for simulations. Mitigation of DDoS attacks have been done through DPHCF-RTT technique. It has been shown a maximum detection rate up to 99% of malicious packets.