A Preventive Measure to Protect from Denial of Service Attack

As the number of users in the internet is increasing rapidly, various attacks are becoming an important issue which needs to be analyzed at the earliest. There exist various attacks like, ARP poisoning, IP spoofing, Denial of Service (DOS) etc. Now-a-days one of the major threats on the internet is Denial of Service (DOS) attack. As this attack slows down a particular system, the resources of that system becomes unavailable to others. DOS attack is mounted by consuming the resources of the victim system. By doing this, it can no longer provide the normal service to others. As the universe of DOS attack is large, there exists various different kind of DOS attacks like Distributive DOS attack, Low rate DOS attack etc. In this paper we have proposed a simple hashing based authentication technique which can protect computers from different DOS attacks. The main contribution of this paper is that, here prior to making a connection between source and destination, an authentication must take place at network layer. So before sending a packet to upper layer protocol such as TCP or UDP, this technique will ensure the authentication of the source in network layer. Here a Hash based DOS Attack Analyzer (HDAA) is used whose main job is to capture the packets in the network layer and perform an authentication. For the proposed method it; is necessary for both source and destination to agree upon a set of rules and to pass the authentication process. If authentication passes, then it will deliver the data packet to upper layer protocol. If authentication does not pass then it will drop that packet and block that source address from entering the network. A thorough analysis have been made and compared with some existing techniques. The main advantage of this method lies in the application of simple hashing method in network layer which restricts the packet from entering our system initially. The computation overhead is also very less as this scheme can be implemented in network layer with respect to other techniques.