Filtering spoofed traffic at source end for defending against DoS / DDoS attacks

Tackling the challenge of distinguishing legitimate traffic from attack would aid in the detection of denial of service (DoS) / distributed DoS (DDoS) attacks. Spoofing of source address would further harden the detection of such attacks. In this paper, we propose a flow based scheme to detect the DoS attacks that adapts itself to the changes trends of the current traffic. The proposed system weeds out most of the spurious traffic at the source end, thus avoiding clogging of the target and the network. The proposed scheme distinguishes itself from other source end defenses, which use statistics to gather profiles. Information entropy, a measure to find correlation among traffic flows, is then used. Information entropy is used to deduce the current state of the dynamic network. Since the volume of the traffic at the source end would be moderate, it would be difficult to find the suspicious traffic at the source end. We found that the parameters we considered were good in identifying such traffic. We experimented our scheme using network simulator with network traffic traces and found the results were promising and presented them.