1. Field of the Disclosure
The present disclosure generally relates to the detection of spoofing and denial of service (DoS) attacks on networks. More particularly, the disclosure relates to reliably determining whether an attack is occurring or has occurred.
2. Description of the Related Art
A significant problem in Internet security is detecting network attacks that use source-spoofed Internet Protocol (IP) traffic. The purpose of detecting these attacks is to give a network operator warning that defensive actions should be taken and that hosts on the network may be compromised. Others have tried to solve the problem of detecting spoofed packets by different means and have built or proposed filters for dropping packets that are determined to be spoofed.
Some approaches to dealing with this problem are discussed in M. Nagaratna, V. K. Prasad and S. T. Kumar, “Detecting and Preventing IP-spoofed DDoS Attacks by Encrypted Marking Based Detection and Filtering (EMDAF),” in International Conference on Advances in Recent Technologies in Communication and Computing, Kottayam, Kerala, 2009. Other approaches are discussed in K. Levitt and S. Templeton, “Detecting Spoofed Packets,” in Proceedings of The Third DARPA Information Survivability Conference and Exposition, Washington, D.C. USA, 2003. Further approaches are discussed in X. Yang, “A DoS-limiting Network Architecture,” in ACM SIGCOMM, Philadelphia, Pa. USA, 2005.
Conventional techniques do not provide a system or method for monitoring traffic to reliably determine when an attack occurs so as to alert the operator of the network or sub-network so that defensive measures can be initiated. There is a need for such a system.