ABSTRACT

DDoS attacks in MANETs needs to be handled as early as possible so as to avoid them to reach the victim node. DDoS attacks are difficult to detect due to their features like varying attack intensity, large amount of packets etc. so it becomes necessary to distinguish and filter attack traffic in source or intermediate clusters. Here the cluster heads will uses flow based monitoring schemes to identify the suspicious behaviours of incoming traffic in each clusters. Cluster head constructs flows from the incoming traffic and computes normalized entropy for specific time windows. The normalized entropy is compared against threshold entropy to identify the presence of suspicious flows. Later packet rate of suspicious flow is calculated and compared against packet rate entropy to identify the suspicious flows. Later the suspicious flow information is shared with neighbouring cluster heads to further confirm the presence of DDoS attack or not. If DDoS attack is confirmed the packets related to suspicious flows will be discarded. The efficiency and accuracy of proposed attack detection algorithm is evaluated using some performance metrics.

Keywords: - Clustering, Distributed denial of service (DDoS) attacks, Defense, Flow, MANETs