CARD (Continuous and Random Dropping) based DRDOS Attack Detection and Prevention Techniques in MANET

The DDOS is “distributed-denial-of-service” meaning many “zombies or daemons” computers performing a DOS (Denial of Service) attack on one computer, usually directed by one “master”. In MANETs, DOS attacks not only consume the scarce system resources, such as bandwidth, battery energy, or CPU cycles, but also isolate legitimate users from a network. The DOS attacks may impact the network connectivity seriously and may further undermine the networking functions. In DRDOS attacks, the victim is bombarded by reflected response packets from legitimate communicating nodes, and thus it is difficult to distinguish attack packets from legitimate packets. In this paper, we propose a defense mechanism based on CARD based DRDOS attack detection and prevention techniques in MANET. The proposed rate limiting scheme will penalize the different attackers based on their rate limits and server load. The victim end defense system decrease the rate limit exponentially & increase it linearly based on the attack traffic rate. Finally this approach is discussed in three phases as detection, control and prevention which is explained in CARD detection architecture.