Processing Overhead Reduced Effficient Malicious Traffic Flow Detection using Modified Firecol
R. Rathika1, A. Marimuthu2

1R.Rathika*, M.Sc., MCA, M.Phil., (Ph.D)., Research Scholar, PG and Research Department of Computer Science, Government Arts College, Coimbatore, Tamil Nadu. India.
2Dr.A. Marimuthu MCA., MBA, M.Phil, Ph.D., Associate Professor & HOD, PG and Research Department of Computer Science, Government Arts College, Coimbatore, Tamil Nadu, India.

Manuscript received on November 15, 2019. | Revised Manuscript received on 20 November, 2019. | Manuscript published on December 10, 2019. | PP: 5194-5203 | Volume-9 Issue-2, December 2019. | Retrieval Number: B7921129219/2019©BEIESP | DOI: 10.35940/ijitee.B7921.129219
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (

Abstract: DDOS attacks are most found attack in real world which would cause the data drop/loss. DDOS attack prevention and detection is more concentrated research issue which is done in our previous work by introducing Burst Transmission aware DDOS Attack Detection (BT-DDOSAD) method. However, in this research method processing overhead will be high where traffic analysis processes would be carried out by primary server itself where there is a chance of server collapse. It is resolved in the proposed research method by introducing the Modified Firecol System (MFS) in which attack detection can be done accurately. In this work, secondary server is introduced to perform traffic flow analyses before allowing traffic data into the primary server, so that network collusion can be avoided considerably. Secondary server election is done based on trust values and resource availability such as energy and bandwidth. Here Modified genetic algorithm is applied to select the secondary server. In the modified genetic algorithm, crossover is performed by combining it with the mutation process. Here the genes to undergone cross over are selected by using diversity based mutation scheme where the variances of genes are measured. Modified Firecol is introduced by integrating the malicious traffic flow detection metrics such as “traffic flow metric, throughput metric, bandwidth allocation metrics, bandwidth deviation metric, Generalized Entropy (GE), Generalized Information Divergence (GID) metrics, Projected Entropy”. If Normalized Entropy is smaller than threshold entropy then, the received packet is from illegal user else comparison is done against another threshold value. The overall implementation of the research work is done in the Ns2 simulation environment from which it can be proved that the proposed research method can produce better result than the existing work. 
Keywords:  Processing Overhead, DDOS Attack, Secondary Server, Modified Firecol, Entropy Metrics
Scope of the Article: Network Traffic Characterization and Measurements