0 penilaian0% menganggap dokumen ini bermanfaat (0 suara)
17 tayangan7 halaman
The Denial of Service attack, in particular the
Distributed Denial of Service (DDoS) attack, has become one of
the key intimidations to the Internet. In general, attackers launch
DDoS attacks by directing an enormous number of attack
sources to send worthless traffic to the victim system. The
victim's services are interrupting when its host or network
resources are engaged by the attack traffic. The threat of DDoS
attacks has become even more brutal as attackers can
conciliation a huge number of computers by scattering a
computer worm using vulnerabilities in the most popular
operating systems.
To counteract the same problem we consider the Online Auction
Model where auctions run concurrently but independently of
each other. Each auction has an auctioneer and a number of
bidders that could be located anywhere on the Internet.
We develop a novel technique for identifying attack traffic based
on the connection history at the victim. We present an algorithm
to filter attack traffic in a precise and efficient manner.
In this algorithm we have to check the vulnerability of the user.
If user is valid in that case algorithm has to check the load
compiled by the user IP Address and calculate the complete load
that is how much time is required by the user to complete the
activities also to send and received the request to and from the
system. If that load is in between the max_threshold and
min_threshold which are two useful parameters to check the
DDos attack then also we need to check the user profile for
vulnerability issues. If everything is under the threshold values
then algorithm will pass the user as a non attacker and allow
user to use the system.
Judul Asli
Impact of DDoS attack in Online Auction System
and Proposed Lightweight Solution Based on
Software Agent
The Denial of Service attack, in particular the
Distributed Denial of Service (DDoS) attack, has become one of
the key intimidations to the Internet. In general, attackers launch
DDoS attacks by directing an enormous number of attack
sources to send worthless traffic to the victim system. The
victim's services are interrupting when its host or network
resources are engaged by the attack traffic. The threat of DDoS
attacks has become even more brutal as attackers can
conciliation a huge number of computers by scattering a
computer worm using vulnerabilities in the most popular
operating systems.
To counteract the same problem we consider the Online Auction
Model where auctions run concurrently but independently of
each other. Each auction has an auctioneer and a number of
bidders that could be located anywhere on the Internet.
We develop a novel technique for identifying attack traffic based
on the connection history at the victim. We present an algorithm
to filter attack traffic in a precise and efficient manner.
In this algorithm we have to check the vulnerability of the user.
If user is valid in that case algorithm has to check the load
compiled by the user IP Address and calculate the complete load
that is how much time is required by the user to complete the
activities also to send and received the request to and from the
system. If that load is in between the max_threshold and
min_threshold which are two useful parameters to check the
DDos attack then also we need to check the user profile for
vulnerability issues. If everything is under the threshold values
then algorithm will pass the user as a non attacker and allow
user to use the system.
The Denial of Service attack, in particular the
Distributed Denial of Service (DDoS) attack, has become one of
the key intimidations to the Internet. In general, attackers launch
DDoS attacks by directing an enormous number of attack
sources to send worthless traffic to the victim system. The
victim's services are interrupting when its host or network
resources are engaged by the attack traffic. The threat of DDoS
attacks has become even more brutal as attackers can
conciliation a huge number of computers by scattering a
computer worm using vulnerabilities in the most popular
operating systems.
To counteract the same problem we consider the Online Auction
Model where auctions run concurrently but independently of
each other. Each auction has an auctioneer and a number of
bidders that could be located anywhere on the Internet.
We develop a novel technique for identifying attack traffic based
on the connection history at the victim. We present an algorithm
to filter attack traffic in a precise and efficient manner.
In this algorithm we have to check the vulnerability of the user.
If user is valid in that case algorithm has to check the load
compiled by the user IP Address and calculate the complete load
that is how much time is required by the user to complete the
activities also to send and received the request to and from the
system. If that load is in between the max_threshold and
min_threshold which are two useful parameters to check the
DDos attack then also we need to check the user profile for
vulnerability issues. If everything is under the threshold values
then algorithm will pass the user as a non attacker and allow
user to use the system.
Impact of DDoS attack in Online Auction System and Proposed Lightweight Solution Based on Software Agent
Mandakini vishwakarma #1 , Brajesh Patel *2
# Department of Computer Science (CTA) Shri Ram Institute of Technology, Jabalpur(India)
Abstract---The Denial of Service attack, in particular the Distributed Denial of Service (DDoS) attack, has become one of the key intimidations to the Internet. In general, attackers launch DDoS attacks by directing an enormous number of attack sources to send worthless traffic to the victim system. The victim's services are interrupting when its host or network resources are engaged by the attack traffic. The threat of DDoS attacks has become even more brutal as attackers can conciliation a huge number of computers by scattering a computer worm using vulnerabilities in the most popular operating systems.
To counteract the same problem we consider the Online Auction Model where auctions run concurrently but independently of each other. Each auction has an auctioneer and a number of bidders that could be located anywhere on the Internet.
We develop a novel technique for identifying attack traffic based on the connection history at the victim. We present an algorithm to filter attack traffic in a precise and efficient manner.
In this algorithm we have to check the vulnerability of the user. If user is valid in that case algorithm has to check the load compiled by the user IP Address and calculate the complete load that is how much time is required by the user to complete the activities also to send and received the request to and from the system. If that load is in between the max_threshold and min_threshold which are two useful parameters to check the DDos attack then also we need to check the user profile for vulnerability issues. If everything is under the threshold values then algorithm will pass the user as a non attacker and allow user to use the system.
When a denial of service (DoS) attack occurs, a computer or a network user is unable to access resources like e-mail and the Internet. An attack can be directed at an operating systemor at the network. Denial-of-service (DoS) attacks continue to cause major service disruptions and economic losses to both Internet users and service providers. DoS attacks could damage a companys image and reputation. They could also affect the confidence of users and investors in Internet businesses. DoS incidents of increasing complexity and scale are very common nowadays and tend to be distributed (DDoS). In recent years, DoS attacks have been used as a tool of cyber warfare, retaliation, and protest. Recent events include the December 2010 incident that disabled Visa and Master card websites for more than a day and the August 2009 series of attacks that affected various social networks, causing degraded service quality for various days. Despite a single user was believed to be the target of these attacks, a good proportion of users of Google blogging and Livejournal, and Facebook, were also affected.
The series of attacks also targeted Twitter, which was rendered unusable for nearly 44 million users for several hours. A definitive solution is unlikely to surface in the near future given that DoS attacks usually take advantage of legitimate communication mechanisms to perpetrate malicious activities. In spite of the vast literature available on the topic, existing techniques can only offer limited success.
During congestion, large amounts of packet experience interruption delay or even be dropped due to the queue overflow. Severe congestion problems result in degradation of the throughput and large packet loss rate. Congestion also decreases effectiveness and reliability of the whole network; furthermore, if at very high traffic, performance crumples completely and almost no packets are delivered. As a result, many congestion control techniques are planned to solve this problemand avoid the damage. Most of the congestion controls algorithms are based on estimate the network feedbacks to identify when and where congestion occurs and take actions to adjust the output source, such as reduce the congestion windowpane (cwnd). Various feedback schemes are used in the congestion detection and analysis. However, there are mainly two categories: Explicit feedback and implicit feedback.
International Journal of Computer Trends and Technology (IJCTT) volume 5 number 6 Nov 2013
A computer under the complete control of an intruder is known as a zombie or bot. A cluster of co-opted workstation is known as a botnet or a zombie army. Symantec and Kaspersky Labs and many others also have identified botnets not viruses, spamor worms as the biggest threat to Internet security.
A. MOTIVATION
The Underground Economy (UE) is a termused to describe the massive communications and economic infrastructure used by criminals who engage in crime against, and facilitated by, the Internet and its users. Primarily designed for acquisitive crime, transactions seen in the UE generally tend to shy away from DDoS attacks, after all nobody makes some money if you crack the Internet. However, DDoS attacks clearly do occur, for some of the following reasons:
Revenge attacks against a rival, typically to take that persons defense or home connection offline, traditionally part of little disputes on Internet Relay Chat (IRC).
Demonstration DDoS attacks normally exploit botnets systemof computers that are all contaminated with the same virus that are all under the control of one individual. DDoS attacks can be used to prove the size and power of a botnet before it is borrowed or sold. Many times it appears that gratuitous attacks have been demonstrations with a victim picked essentially at arbitrary.
Extortion A favourite of Russian Organized Crime groups, DDoS attacks on ecommerce, and legitimate online gambling sites in particular, can yield ransomof a few tens of thousands of dollars in exchange for allowing the victimsite to resume big business. Discussions with perpetrators now in top- security prison have confirmed that they will ignore possible victims who ignore their demands and move against new targets in the hope of engaging in negotiations with them.
Competitive advantage DDoS services can be rented to take a competitors website offline, causing lost business or awkwardness and forcing in progress or potential customers to use a rival who can often claimconceivable deniability for any attack.
Collateral damage often thousands of sites was hosted on the same server and IP address. An attack on one site will have the effect of enchanting themall offline. Due to the topology of the Internet, huge attacks will often cripple companies that offer connectivity, well before the attack even reaches the final intended target. Routers can be attacked just as websites and end users can be, consequential in connectivity issues for perhaps millions of users that the attacker had no reason to want to impact.
Combination attacks One that is only theoretical at this stage, but involving a conventional attack in the real world (bank robbery, terrorist bombing) that also disrupts communications links to cause panic and delay first responders.
Political attacks Now a foundation of all conventional conflicts attacks often involve regular, otherwise law abiding, Internet users or the re-tasking of botnets that are normally engaged in conventional activities. These attacks often impact IP addresses in geographic regions or the IP space used by specific function within a government, to further a political cause. Remonstration attacks are also generally considered to be a formof political attack, an example being the recent activity of the group known as Anonymous.
II. RELATED WORK
Ricardo L [1] designed a model which confirmed the high sensitivity of a distributed auction to the degrading communication conditions that a DoS flooding attack could produce. Their results suggested that service migration could have a positive influence in reducing the effects of a DoS attack, but its success will largely depend on the structure of the underlying network and on the reaction speed of the auctioneer to the attack. Within certain limits, service migration appears promising, at least to mitigate the effects of DoS attacks in applications of this kind.
Dimple J. etal. [2] proposed an ant-based framework that exploits the consequence of state less and state full signatures and hence protecting the legitimate packets only, thereby discarding the contaminated packets. A Botnet-based DDoS attack is undoubtedly a serious Internet problem that challenges the growth rate and the public acceptance of online government and business sites. Esraa A. etal. [3] represents, a lucid view of the Botnet based DDoS attack on the application layer, in particular on the Web server. Incidents around the world and revenue losses of famous companies and government Web sites were also described, indicating that extreme care should be taken and a further study should be conducted to assess the size of the problemand then derive an optimal solution.
Ketki A. etal [4] highlighted an overview on DDoS problem, major factors causing DDoS attacks, brief detail of most recent DDoS incidents on online civilization is outlined and finally, the need for a comprehensive distributed solution was demonstrated. Zhengmin X. etal. [5] presents a method that can real-time identify the incident of the DDoS flood attack and determine its intensity using the fuzzy logic. Their process consists of two stages: (i) statistical analysis of the network traffic time series using discrete wavelet transform (DWT) and Schwarz information criterion (SIC) to find out the change point of Hurst parameter resulting from DDoS flood attack, and then (ii) adaptively decide the intensity of the DDoS flood attack by using the intelligent fuzzy logic International Journal of Computer Trends and Technology (IJCTT) volume 5 number 6 Nov 2013
technology to analyse the Hurst parameter and its changing rate. Their NS2-based simulation results demonstrate that their proposed method can detect the DDoS flood attack timely, intelligently and effectively.
Yang X. etal. [6] innovatively propose using two new information metrics such as the generalized entropy metric and the information distance metric to detect low-rate DDoS attacks by measuring the difference between legitimate traffic and attack traffic. Their proposed generalized entropy metric can detect attacks several hops earlier than the traditional Shannon metric. The proposed in order distance metric outperforms the popular KullbackLeibler divergence approach as it can clearly enlarge the adjudication distance and then obtains the optimal detection sensitivity. Their experimental results show that the proposed information metrics can effectively detect low-rate DDoS attacks and clearly reduce the false positive rate.
Furthermore, their proposed IP trace-back algorithmcan find all attacks as well as attackers from their own local area networks (LANs) and discard attack traffic. Akash M. etal. [7] summarized different techniques of DDoS and its countermeasures by different methods such as BloomFilter; Independent Component Analysis, Trace back method and TCP Flow Analysis.
III. PROBLEM DEFINITION
In computer network security, backscatter is a side- effect of a spoofed denial-of-service attack. In this category of attack, the attacker spoofs the source address in IP packets sent to the victim. Frequently, the victim machine cannot distinguish between the spoofed packets and legitimate packets, so the victim responds to the spoofed packets as it usually would. These reply packets are termed as backscatter. If such attacker is spoofing source addresses randomly, the backscatter replies packets fromthe victimwill be sent back to randomdestinations. Such kind of effect can be used by network telescopes as oblique evidence.
The term"backscatter analysis" refers to observing backscatter packets arriving at a statistically significant portion of the IP address space to determine characteristics of DoS attacks and victims. In the current Internet, the TCP detects congestion only after a packet has been crash at the gateway. However, it would clearly be adverse to have large queues that were full much of the time; this would significantly increase the average delay in the network. Therefore, with increasingly high-speed networks, it is increasingly important to have method that keeps throughput high but average queue sizes low.
Congestion in Internet occurs when the link bandwidth exceeds the capacity of accessible routers. This consequences in long delay in data delivery and wasting of resources due to lost or dropped packets. The prime role of a router is to switch packets fromthe input links to output links through buffer. Apart from frontward the packets, routers are involved for controlling the congestion in the network. It is known from that routing algorithms focus on two main concepts namely queue management and scheduling. Queue management algorithms manage the distance between end to end of packet queues by dropping packets whenever necessary whereas scheduling algorithms determine which packets to be sent next. These algorithms are used primarily to manage the allocations of bandwidth among various flows. The essence of Internet congestion control is that a sender adjusts its transmission rate according to the congestion measure of the underline networks. There are two approaches to accomplish this. One is a source algorithm that dynamically adjusts the transmission rate in response to the congestion along its path; the other one is a link algorithmthat implicitly or explicitly conveys information about the current congestion measure of the network to sources using that link.
IV. PROBLEM DOMAIN
DDoS attacks can be roughly alienated in three types:
I. Volume Based Attacks It incorporate UDP floods, ICMP floods, and other spoofed-packet floods. The attacks purpose is to flood the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).
II. Protocol Attacks It incorporate SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This type of attack consumes actual server useful resources or those of intermediary communication tools, such as firewalls and load balancers and is measured in Packets per second.
III. Application Layer Attacks It incorporate Slowloris, Zero-day DDoS attacks, DDoS attacks that target Windows, Apache or OpenBSD vulnerabilities and further. Comprised of innocent requests and seemingly legitimate the objective of these attacks is to crash the web server, and the magnitude is measured in Requests per second.
International Journal of Computer Trends and Technology (IJCTT) volume 5 number 6 Nov 2013
A DoS attack can be regarded as an attempt of attackers to prevent legal users fromgaining a normal network service.
A. Analysing the Goal of DoS Attack: Main aim to stop the victims computer machine fromdoing its essential job. Server unable to provide service to genuine clients. Damage done varies from minor inconvenience to major financial losses. Dos Attacks Affect: Software Systems, Network Routers, Servers and End-User PCs.
B. Architecture of DDoS Attack Attacker: It sends attack commands to handlers. Zombie: Zombies are appeasement and controlled by the attacker, and they also control many reflectors. A Zombie has detailed series of program installed to receive commands fromthe attacker and send such commands to reflectors. Reflectors: Reflectors are involved by the attacker through the Zombie. They run attacking series of programs and execute commands from Zombie to attack a target victim.
Fig. 1 Structure of a distributed reflector denial of service (DDoS) attack
C. DDoS Attacks: Direct DDoS attacks (flooding of request packets) Reflector DDoS attacks (flooding of response packets)
D. Direct DDoS Attacks (flooding of request packets): Attacker sends out packets directly towards the target Uses TCP, UDP, ICMP packets and uses random spoofed IP addresses Only a few compromised machines are sufficient Examples: TCP SYN flooding; based on TCP three way handshake, the final ACK from source to victim never arrives Congesting a victims incoming link using TCP RST packets, ICMP control packets or UDP packets.
E. Reflector attacks (flooding of response packets): Attackers initiate an attack that is relayed to reflector machines, such as routers, web servers etc Reflectors may or may not be aware In response to requests by the attackers, the reflectors flood victims with the reply packets Address of victimspoofed in requests to reflectors Examples: TCP SYN ACK flooding Smurf attacks. ICMP echo packets with spoofed victimaddress are broadcast. Bandwidth amplification, attack requests that send response packets of much larger size to the victim Any Type of DDoS attack might be hazardous to the computer no matter which one.
F. DDoS threat attacks the following services: Network Bandwidth Server memory CPU usage Database space Database Connection pool Application exception handling mechanism Hard disk Space
G. DDoS attacks works in two phases In the first phase it tries to compromise weak machines in different networks around the world. This phase is called Intrusion phase. In the second phase that they install DDoS tools and start attacking the victims equipment. This phase is termed as Distributed DDoS attack phase. Attackers use those security holes to conciliation the servers in diverse networks and install the DDoS tools. International Journal of Computer Trends and Technology (IJCTT) volume 5 number 6 Nov 2013
A DoS attack can be observed as an attempt of attackers to prevent authorized users fromgaining a normal network service. The TCP connection management protocol sets a position for a classic DoS attack. Our main solution is to solve the all types of DoS attack to better security against intruder.
Fig.2 Overview of detecting reflector attacks
Fig.3 Flowchart of proposed model
We will develop a lightweight and compact solution which offers quick reaction against DoS. For this we will uses the concept of Distributed agent. An agent is a code that works on behalf of humans. They are many feature like social, and roaming. So our solution is based on agent technology that will provide better solution against DoS and DDoS attack.
Attack_information () { Compare normal_profile into each trace value if (normal_profile! =new trace_value) { Check pkt_type; Count unknown pkt_type; Arrival time; Sender; Receiver; Block_Sender(); //sender as attacker } }
In this algorithmwe check the validity/vulnerability of the user. If user is valid then algorithm has to check the No Yes Yes No Start Create user Calculate load by user Is User valid? Systemunder Attack Is load correct? Get Attack Info Enter System International Journal of Computer Trends and Technology (IJCTT) volume 5 number 6 Nov 2013
load compiled by the user IP Address and calculate the complete load that is how much time is required by the user to complete the activities also to send and received the request to and from the system. If that load is in between the max_threshold and min_threshold which are two useful parameters to check the DDos attack. Also check the user profile for vulnerability issues. If everything is under the threshold values then algorithmwill pass the user as a non attacker and allow user to use the system.
If user profile and load is not satisfies the threshold rules then algorithmdetected an Attack on systemand gives an alarmof systemattack. After attack systemhas to find out the attackers basic information and compare the normal profile with the new trace value of the attack. Also calculate the data packets type, size, time and last systemwill check the IP address of the attacked user machine so that in future systemwill be more prone to user with same IP Address.
VII. AN AUCTION SYSTEM MODEL
Consider a system of distributed auctions where auctions run concurrently but independently of each other. Each auction has an auctioneer and a number of bidders that could be located anywhere on the Internet. These elements will be implemented as software agents running on a special execution environment and autonomously trading on behalf of real users. The execution environment is assumed to be purposely deployed on a number of physical machines to manage the agents execution and to enable physical resource sharing by multiple agents. Trading agents are programmed to fulfill their users interests.
Fig. 4 Software agents
An auctioneer agent will try to sell goods at the highest price, whereas a bidder agent will strive to acquire goods at a price less or equal to a prejudged value. For completeness, we consider as well an auction centre (AC) that serves to match buyers and sellers interests. Sellers use an auction centre to advertise new auctions and buyers use it to find sellers. The AC does not handle any auction execution.
It only helps to advertise ongoing auctions and their status. While an AC plays a centralized role in the system (although, its implementation could be distributed), auctions are distributed in the sense that each auction execute with auctioneer and bidders physically located on (likely) different hosts. Auctioneers need not reside on the same machine.
The last element of this systemis a traffic monitoring and analysis facility that is assumed to be provided by the host machines and made available to software agents through the execution environment.
VIII. CONCLUSIONS AND FUTURE SCOPE
To conclude, attack avoidance aims to solve IP spoofing, an elementary weakness of the Internet. However, as attackers gain control of larger numbers of computers, attackers can direct these zombies to attack by means of valid source addresses. Since the communication between attackers and zombies is encrypted, only zombies can be exposed instead of attackers. To add on, there exists no way out to enforce global deployment of a particular security mechanism. Therefore, relying on attack prevention schemes is not enough to stop DDoS attacks.
DoS attack causes either disruption or degradation on victims shared resources, as a result preventing valid users fromtheir access right on those resources. DoS attack may target on a specific section of computer, entire computer system, certain networking infrastructure, or even entire Internet. Attacks can be either by taking advantage of the ordinary weakness of a system, which is known as logical attacks or overloading the victim with high volume of traffic, which is called flooding attacks. A distributed form of DoS attack called DDoS attack, which is generated by many machines to co-ordinately hit a victim. Once a particular kind of attack is effectively countered, a slight deviation is designed that bypasses the defense and still can performan effective attack.
In this paper, we covered an overview of the DDoS problem, available DDoS attack, defense challenges and principles, and a classification of available DDoS prevention mechanisms. This provides better understanding of the problemand enables a security administrator to effectively equip his arsenal with proper prevention mechanisms for fighting against DDoS threat.
The current prevention mechanisms reviewed in this paper are clearly far fromadequate to protect Internet from DDoS attack. The main difficulty is that there are still numerous apprehensive machines over the Internet that can be conciliation to launch large-scale synchronized DDoS attack. One promising direction is to develop a complete solution that International Journal of Computer Trends and Technology (IJCTT) volume 5 number 6 Nov 2013
encompasses several defense activities to conquer variety of DDoS attack. If one level of defense fails, the others still have the possibility to defend against attack. A successful intrusion requires all defense level to be failed.
ACKNOWLEDGEMENTS
We would like to thanks prof. R. Ricardo Lent for their valuable suggestions on the earlier versions of this work & the anonymous references for their constructive criticism. I also grateful to Prof Brajesh Patel,Department of Computer Science & Engineering,jabalpur , India for their helpful inputs to this work.
REFERENCES
. [1]. Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art Esraa Alomari, B. B. Gupta, Shankar Karuppayah, International J ournal of Computer Applications (0975 8887) Volume 49, No.7, J uly 2012. [2]. Impact Analysis of Recent DDoS Attacks, Ketki Arora, Krishan Kumar and Monika Sachdeva, International J ournal on Computer Science and Engineering (IJ CSE), ISSN-0975-3397, Vol. 3, No. 2, Feb 2011. [3]. Enhancing DDoS Flood Attack Detection via Intelligent Fuzzy Logic, Zhengmin Xia, Songnian Lu and Jianhua Li and J unhua Tang, Informatica 34, pp. 497-507, 2010. [4]. Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics, Yang Xiang, Ke Li and Wanlei Zhou, IEEE Transactions on Information Forensics and Security, Vol. 6, No. 2, J une 2011. [5]. A Review of DDOS Attack and its Countermeasures in TCP Based Networks, Akash Mittal, Ajit Kumar Shrivastava and Manish Manoria, International J ournal of Computer Science & Engineering Survey (IJ CSES) Vol.2, No.4, November 2011 [6]. Agentouro: A Novelty Based Intrusion Detection and Prevention System, Rathore, J itendra S., Saurav Praneet and Verma Bhupendra, IEEE, Fourth International Conference on Computational Intelligence and Communication Networks (CICN), 2012. [7]. Entropybased collaborative detection of DDOS attacks on community networks, Yu, Shui and Zhou, Wanlei , in Proceedings of the 6th Annual IEEE International Conference on Pervasive Computing and Communications, IEEE, Piscataway, N.J ., pp. 566571, 2008. [8]. FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks J rme Franois, IssamAib and Raouf Boutaba, IEEE/ACM Transactions on Networking, Vol. 20, No. 6, December 2012. [9]. Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics Yang Xiang, Ke Li and Wanlei Zhou, IEEE Transactions on Information Forensics and Security, Vol. 6, No. 2, J une 2011 [10]. TCP Flow Analysis for Defense against Shrew DDoS Attacks, Yu Chen and Kai Hwang, IEEE International Conference on Communications (ICC 2007), Glasgow, Scotland, UK, J une 24-28, 2007. [11]. Distributed Denial of Service Prevention Techniques, B. B. Gupta, Student Member, IEEE, R. C. J oshi and Manoj Misra, International J ournal of Computer and Electrical Engineering, Vol. 2, No. 2, ISSN 1793-8163, April, 2010 [12]. A Survey On Active Queue Management Mechanisms, G.Thiruchelvi and J.Raja, IJ CSNS International J ournal of Computer Science and Network Security, VOL.8 No.12, December 2008 [13]. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms, J elena Mirkovic and Peter Reiher, ACM, 2004. [14]. Buffer Management for Self-Similar Network Traffic, Farnaz Amin, Kiarash Mizanian, 6thInternational Symposium on Telecommunications (IST2012), Iran, Tehran, Iran Telecom Research Center, November 2012 [15]. DDoS attacks and defense mechanisms: classification and state- of-the-art, Christos Douligeris, Aikaterini Mitrokotsa, Science Direct Elsevier, J ournal of Computer Networks 44 643666, 2004. [16]. Evaluating a migration-based response to DoS attacks in a system of distributed auctions, Ricardo Len, Elsevier, computers & security, 2012. [17]. An Ant Based Framework for Preventing DDoS Attack in Wireless Sensor Networks, Dimple J uneja and Neha Arora, International J ournal of Advancements in Technology, ISSN 0976- 4860, Vol 1, No 1, 2010.