DOCSLIB.ORG

Runtime Dynamic Path Identification for Preventing Ddos Attacks 1Shaik Zahanath Ali, 2Shobini.B and 3G.Shiva Krishna

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Science, Technology and Development ISSN : 0950-0707 Runtime Dynamic Path Identification for Preventing DDoS Attacks 1Shaik Zahanath Ali, 2Shobini.B and 3G.Shiva Krishna 1 Computer science and Engineering ,Swathi Institute of Technology & Sciences Near Ramoji Film City Beside Kothagudem 'X' Roads, Hyderabad, Telangana 501512 2 Computer science and Engineering, Swathi Institute of Technology & Sciences Near Ramoji Film City Beside Kothagudem 'X' Roads, Hyderabad, Telangana 501512 3Computer science and Engineering, Swathi Institute of Technology & Sciences Near Ramoji Film City Beside Kothagudem 'X' Roads, Hyderabad, Telangana 501512 ,[email protected] ,[email protected] ,[email protected] Abstract Cyber security is a biggest Challenge. Protecting our digital lives is an issue of paramount importance. DDOS attacks are launched by adversaries using botnet, an army of compromised nodes hidden in the network. Compromised nodes are a set of nodes controlled by a botnet.DDOS attack is a most popular threat and is categorized as volumetric attack where the target destination is overwhelmed with large number of requests leading to impossibility of serving any users. In DDOS attack large number of machines act cooperatively under the supervision of one or more bot masters. These bots may be malicious users by themselves or maybe preliminarily infected.In recent years, there are increasing interests in using path identifiers (PIDs) as inter-domain routing objects. However, the PIDs used in existing approaches are static, which makes it easy for attackers to launch distributed denial-of service (DDoS) flooding attacks. To address this issue, we present the design, implementation, and evaluation of dynamic path identification based approach or a framework that uses PIDs negotiated between neighboring domains as inter-domain routing objects. We built an application to show the effectiveness and the results revealed usefulness of our framework. Key Words –DDoS attack, flooding DDoS, dynamic path identification, cyber security 1. INTRODUCTION Security plays vital role in any communication system. In the history of computing there were many instances in which large scale attack on made for many reasons. Denial of Service (DoS) is one of the attacks that ensure disruption of legitimate communication between two systems. When such attack is made in large scale, it is known as DDoS attack whose impact is more on the victim server and corresponding business in distributed environment. DDoS attack, when compared with other attacks is complex in nature and adversaries compromise vast number of nodes in order to launch distributed DoS attack. Many companies like Facebook, Google and Twitter are victims of such attacks. The HTTP flooding attacks include session flooding attacks, request flooding attacks, asymmetric attacks, slow request or response attacks, HTTP fragmentation attack, slow post attack, and slow reading attack. Zargar, Joshi, and David (2013) made a review of different DDoS flooding attacks. The motivation these attacks is classified into financial Volume VIII Issue X OCTOBER 2019 Page No : 16 Science, Technology and Development ISSN : 0950-0707 gain, revenge, ideological belief, intellectual challenge, and cyber warfare. This way many other researchers contributed towards preventing DDoS attacks. As far as flooding-based DDoS attacks is concerned, it is understood from the literature that there needs to be further research to be carried out. In this paper we proposed a methodology that caters to the needs of a system which can use runtime path-based solution to detect and prevent flooding DDoS attacks. 1.1 Bandwidth DDoS Bandwidth Distributed Denial of Service (BW-DDoS) attack results in network congestion as it consumes more bandwidth. Such attacks are explored in they include UDP Flood, DNS Reflection and ACK Storm to mention few. There is a specific procedure in which attackers make DDoS attacks. First, they need to identify and select agents, then take steps to compromise the agents, then perform needed communication and launch attacks. In such attacks are described as scalability problem. 1.2 DDoS Flooding Attacks A review is made in on DDoS flooding attacks. The reasons for the attacks include cyber warfare, ideological belief, revenge, financial gain and intellectual challenge. These attacks may be made at network level or transport level. Application level attacks are meant for spending resources at server side. There are different kinds of flooding attacks. They include HTTP flooding attacks and reflection-based flooding attacks. Figure 1: Botnet for Causing DDoS Attacks As presented in Figure 1, handlers are the machines used by adversaries indirectly to launch flooding attacks. Bots are nothing but machines that are compromised by attackers. Botnets can be of many kinds. They include IRC-based, P2P based and web-based. The response to such attacks can be maintained at different locations as explored. Volume VIII Issue X OCTOBER 2019 Page No : 17 Science, Technology and Development ISSN : 0950-0707 Figure 2: Possible DDoS detection and response locations As presented in Figure 2, detection of DDoS is made at different locations. The locations may be various intermediate networks or attack destinations. The normal packets in case of DDoS attacks increases from bottom to top. Similarly, the response mechanisms are better from bottom to top. On the other hand, the detection accuracy increases from top to bottom. 1.3 Other DDoS Attacks and Botnet Detection Techniques SYN flooding kind of DDoS attack is explored. It is made for monetary gains. There is vulnerability in TCP 3-way handshake which is exploited by SYN flood attacks. Different kinds of bots used in the attacks are studied. Net Flow is the solution employed in to handle bonnets. DDoS attacks in distributed P2P networks are explored in while counter measures for the same are found. From the literature it is understood that flooding DDoS attacks need further research to have runtime path identification-based solution. The remainder of the paper is as follows. Section 2 reviews literature. Section 3 presents the proposed framework. Section 4 provides results and section 5 concludes the paper. 2. RELATED WORK This section provides review of literature pertaining to DDoS attacks and the methods to detect and prevent them. The performance of the methods depends on network conditions and is influenced by many parameters. There should be a generic method to defend most of the attacks irrespective of the protocol used; A trace back mechanism should be implemented with customization support. It should be cost effective without compromising Quality of service [9]. A mathematical model to detect shrew attacks was proposed by taking into account the explicit behavior of TCP’s congestion window adaptation mechanism [3]. It can evaluate attack effect from attack pattern and network environment. The analytical results instruct how to tune the attack parameters to improve attack effect in a given network and how to configure the network resources to mitigate a given shrew attack [16]. Information distance is calculated between attack traffic and legitimate traffic [3]. Methods to identify DDOS attacks not only at edge routers but also at core of the network by computing entropy and frequency sorted distribution [1], A detailed discussion of botnet relationship between network visibility, botnet invariant behavior and existing botnet based techniques is carried out. Volumetric attacks have a severe impact on data plane but not on controller. The impact is visible only in attack phase [9]. Protocol exploitation doesn’t have effect on network band width. The effect Volume VIII Issue X OCTOBER 2019 Page No : 18 Science, Technology and Development ISSN : 0950-0707 is on consumption of resources like logical ports. More detailed detection system is proposed which will analyze where the attack occurred either in transit or source. The dynamic nature of the stealthy attacks is studied because the technique benefits from increased correlation arising under shifting patterns in network traffic [2]. More investigation is required to evaluate the trade - -offs among space and time granularity of monitoring the number of observations and the ability to detect attacks under decreasing levels of intensity [2]. TCP SYN attack consumes data structure on the server operating system[3]. Retransmission leads to severe congestion and finally time out. Once a malicious host is detected the packets are filtered and the services get resumed. Anomaly detection is done by various statistical methods, machine learning and softcomputing.Routers can be configured via the access control list to access the network and drop suspected traffic If you filter all incoming ICMP traffic to broad cast address at the router none of the machines will respond and the attack will not work. Based on macroscopic level a hierarchical method is proposed in order to capture traffic patterns with spatial-temporal domains [2]. Macroscopic characteristics found in network traffic are one of the ways to detect DDoS. When this approach is coupled with a dynamic monitoring capabilities, it will have higher utility. The solution in [2] could provide warnings when detection is made. The model used to launch attack was made with minimal cost and attacks are prevented for showing the performance of the approach. From the literature [1]- [16], it is found that there is need for further investigation on handling DDoS attacks.
Recommended publications
  • Estimating Network Loss Rates Using Active Tomography

    Estimating Network Loss Rates Using Active Tomography

    Estimating Network Loss Rates Using Active Tomography Bowei XI, George MICHAILIDIS, and Vijayan N. NAIR Active network tomography refers to an interesting class of large-scale inverse problems that arise in estimating the quality of service parameters of computer and communications networks. This article focuses on estimation of loss rates of the internal links of a network using end-to-end measurements of nodes located on the periphery. A class of flexible experiments for actively probing the network is introduced, and conditions under which all of the link-level information is estimable are obtained. Maximum likelihood estimation using the EM algorithm, the structure of the algorithm, and the properties of the maximum likelihood estimators are investigated. This includes simulation studies using the ns (network simulator) to obtain realistic network traffic. The optimal design of probing experiments is also studied. Finally, application of the results to network monitoring is briefly illustrated. KEY WORDS: EM algorithm; Inference on graphs; Network modeling; Network monitoring; Network tomography; Probing experiments. 1. INTRODUCTION parameters requires access to the internal links and routers. But the lack of centralized control of modern networks means that The term “network tomography” was introduced by Vardi Internet service providers typically do not have access to all the (1996) to characterize a certain class of inverse problems nodes of interest, making collection of detailed QoS informa- in computer and communication networks. The goal here, tion at the individual router/link level difficult. Active tomogra- as in medical tomography problems, is to recover higher- phy provides an alternative approach through the use of active dimensional network information from lower-dimensional data.
  • Georgios B. Giannakis, DTC Director ECE, Mcknight Presidential Chair (Last Update on 09/08/2021)

    Georgios B. Giannakis, DTC Director ECE, Mcknight Presidential Chair (Last Update on 09/08/2021)

    CV highlights - Georgios B. Giannakis, DTC Director ECE, McKnight Presidential Chair (last update on 09/08/2021) I. Leadership and administrative roles 1) Digital Technology Center (DTC) Director: College-wide, cross-disciplinary research center, University of Minnesota (2008-2021) a) Managed 12 administrative staff; space; seed funds; and endowed chairs; b) Spearheaded externally sponsored projects; facilitated resource allocation; and coordinated summer internships, industry partnerships, fellowships, and seminar series; c) Doubled DTC researchers (100 graduate students; 20+ postdoctoral fellows; 30+ research visitors; and 50 affiliated faculty) d) Increased by a factor of five publications, patents, proposals, and funding ($30M/10yrs) e) Broadened research spectrum to include Data Science, Network Science, Renewables, Grid, Environmental, and Health Informatics; f) Expanded cross-departmental/college partnerships to include the College of Liberal Arts; School of Public Affairs; Business School; Chemical Engineering, and Neuroscience; g) Enhanced community outreach (Robotics Tech Camp; Lab tours for middle and high school students; and Summer school on bioinformatics) 2) Major posts in professional society: Institute of Electrical and Electronic Engineers (IEEE) IEEE Signal Processing and Communication Societies (SPS and ComSoc) a) IEEE Fellow and IEEE Proceedings Committee Member b) Board of Governors member; and Editor-in-Chief (SPS) c) Chair of Steering and Technical Committees (SPS and ComSoc) d) General Conference Chair, including the IEEE Data Science Workshop, 2019 3) Multi-university projects and proposals a) Army Research Laboratory, Collaborative Technology Alliance; Technical Area Lead b) Medium- and large-size proposals to the National Science Foundation, NIH, DoD 4) Board of Regents elected member (University of Patras, Greece, 2014-2017) 5) Hellenic Quality Assurance and Accreditation Agency, Ministry of Education, Greece 6) Research group: 12 Ph.D.
  • Practical Network Tomography

    Practical Network Tomography

    Practical Network Tomography THÈSE NO 5332 (2012) PRÉSENTÉE LE 27 AOÛT 2012 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE POUR LES COMMUNICATIONS INFORMATIQUES ET LEURS APPLICATIONS 3 Laboratoire D'ARCHITECTURE DES RÉSEAUX PROGRAMME DOCTORAL EN INFORMATIQUE, COMMUNICATIONS ET INFORMATION ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Denisa Gabriela Ghiţă acceptée sur proposition du jury: Prof. E. Telatar, président du jury Prof. P. Thiran, Prof. A. Argyraki, directeurs de thèse Prof. A. Krishnamurthy, rapporteur Prof. J.-Y. Le Boudec, rapporteur Dr W. Willinger, rapporteur Suisse 2012 ii Bunicilor mei... iv Abstract In this thesis, we investigate methods for the practical and accurate localization of Internet performance problems. The methods we propose belong to the field of network loss tomography, that is, they infer the loss characteristics of links from end-to-end measurements. The existing versions of the problem of network loss tomography are ill-posed, hence, tomographic algorithms that attempt to solve them resort to making various assumptions, and as these assumptions do not usually hold in practice, the information provided by the algorithms might be inaccurate. We argue, therefore, for tomographic algorithms that work under weak, realistic assumptions. We first propose an algorithm that infers the loss rates of network links from end-to-end measurements. Inspired by previous work, we design an algorithm that gains initial information about the network by computing the variances of links’ loss rates and by using these variances as an indication of the congestion level of links, i.e., the more congested the link, the higher the variance of its loss rate.
  • Delay and Traffic Rate Estimation in Network Tomography

    Delay and Traffic Rate Estimation in Network Tomography

    DELAY AND TRAFFIC RATE ESTIMATION IN NETWORK TOMOGRAPHY by Neshat Etemadi Rad A Dissertation Submitted to the Graduate Faculty of George Mason University In Partial fulfillment of The Requirements for the Degree of Doctor of Philosophy Electrical and Computer Engineering Committee: Dr. Yariv Ephraim, Co-director Dr. Brian L. Mark, Co-director Dr. Jill K. Nelson, Committee Member Dr. James Gentle, Committee Member Dr. Monson H. Hayes, Department Chair Dr. Kenneth S. Ball, Dean, Volgenau School of Information Technology and Engineering Date: Fall Semester 2015 George Mason University Fairfax, VA Delay and Traffic Rate Estimation in Network Tomography A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy at George Mason University By Neshat Etemadi Rad Master of Science Sharif University of Technology, Tehran, Iran, 2010 Bachelor of Science Amirkabir University of Technology, Tehran, Iran, 2008 Co-director: Dr. Yariv Ephraim, Professor Co-director: Dr. Brian L. Mark, Professor Department of Electrical and Computer Engineering Fall Semester 2015 George Mason University Fairfax, VA Copyright c 2015 by Neshat Etemadi Rad All Rights Reserved ii Dedication To my parents, Avisa and Hamid, for without their early inspiration and coaching, none of this would have happened. To the love of my life, Abbas, for without his support and enthusiasm, none of this would have been accomplished. iii Acknowledgments I would like to thank my dissertation advisors, Professor Yariv Ephraim and Professor Brian L. Mark, for being supportive and patient throughout my PhD research at George Ma- son University. I am very grateful to them for their in-depth technical knowledge, guidance and insightful discussions.