IP traceback system for network and application layer attacks

Distributed Denial of Service attacks pose an ever great challenge to the Internet with an increasing resources and techniques available to the attackers. From SYN flooding to spoofing it has finally arrived at application layer attacks with legitimate IP addresses. Our traceback system detects the network layer attacks carried out with spoofed IP addresses, application layer attacks carried with legitimate IP addresses and traceback the real source of the attack. In contrast to the earlier works, the proposed system detects the attack, traceback the attack source and also enhances the availability of the server by proactive traffic shaping and reactive filtering mechanism. The work is deployed in the NTRO sponsored Smart and Secure Environment Test Bed and programmable routers in real time and the efficacy of the system is evaluated. Our system not only detects and traceback the attacker but also reduces the magnitude of the attack traffic and improves the probability of survival of legitimate flow.