StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Techniques for Detecting, Preventing or Mitigating Distributed Denial of Service - Essay Example

Cite this document
Summary
The paper "Techniques for Detecting, Preventing or Mitigating Distributed Denial of Service " highlights that the random access memory to facilitate fast and voluminous processing of data (Tuncer, & Takar, 2011). Thirdly, the on-chip memory stores data collected and program for the device (Tuncer, & Takar, 2011)…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.8% of users find it useful
Techniques for Detecting, Preventing or Mitigating Distributed Denial of Service
Read Text Preview

Extract of sample "Techniques for Detecting, Preventing or Mitigating Distributed Denial of Service"

Techniques for Detecting, Preventing or Mitigating Distributed Denial of Service (DDoS) s s Introduction When using the internet, individuals and companies face a threat from attackers with the aim of depleting internet resource in their target network (Patrikakis, Masikos, & Zouraraki, n.d.). The weakness they utilize is the nodes from the interconnectedness of world computers in a worldwide web, which makes it possible for them to access resources on their target, exhaust them and launch a DDoS attack against them (Glen, 2013; Nagesh, Kordcal, & Sekaran, 2007). The resources targeted by the attacker are their target`s bandwidth, data structure of their operating system and computing power of the system (Patrikakis, Masikos, & Zouraraki, n.d.). This process requires a large network of computers running malicious program. To acquire the network, the attacker uses software that recruits vulnerable computers (Glen, 2013). That is, the computers with improperly patched antivirus, out of date antivirus and without antivirus (FU, 2012). To recruit machines into his/her DDoS attack, the attacker may follow several processes. Firstly, the attacker may use a machine infected with malicious programs to search, find, and infect another machine (Patrikakis, Masikos, & Zouraraki, n.d.). The infected machine joins the previous in the haunt of the unprotected machine and infects them. Secondly, the attacker may create a long list of the machine he/she want to recruit before infecting them with the malicious software to make them join his/her army of attacking computers (Glen, 2013; Patrikakis, Masikos, & Zouraraki, n.d.). Notably, some public servers, when compromised, become effective to the attacker when creating the hit list (Patrikakis, Masikos, & Zouraraki, n.d.). For instance, the attacker may run topological scanning where one machine is infected and finds other machine to infect through url it stores (UMUC, 2012). Local subnet scanning uses a compromised host to attack another computer within its own network without firewall detection as it uses the information stored in the local addresses (UMUC, 2012). Lastly, permutation scanning infects the machines allocated a regular pseudorandom combination record of IP addresses (Patrikakis, Masikos, & Zouraraki, n.d.). It searches for uninfected machine in the IP addresses and infect it. When it identifies the infected machine, it jumps over it to the uninfected (UMUC, 2012). The process stops when the infected machine finds several infected machines while it scans (Patrikakis, Masikos, & Zouraraki, n.d.). Body i. Preventing Wireless DDoS Attack There are various frames used in the wireless network as a way of complementing and facilitating how data is transmitted effectively. Request-to-Send (RTS) system addresses the problems associate with hidden nodes in the virtual transporter sensing system (Malekzadeh, Ghani, & Subramaniam, 2011). Clear-to-Send (CTS) is transmitted once RTS has responded while the Acknowledgement (ACK) recognises the successfully transmitted data (Malekzadeh, Ghani, & Subramaniam, 2011). The Contention-free control frames reorganizes the Network Allocation Vector (NAV) before discharging the channel (Malekzadeh, Ghani, & Subramaniam, 2011). Each of the data frame structure has a duration frame (Malekzadeh, Ghani, & Subramaniam, 2011). The duration frame reserves the channel to accommodate the length of time needed for the needed data frame. It is this duration frame the wireless network utilises to reset the NAV (Malekzadeh, Ghani, & Subramaniam, 2011). The wireless network is only allowed to send packets when the NAV value is zero. Therefore, the operation process of NAV and the duration of field minimize the possibility of collision. However, this is a chief chance for the DDoS attacker to damage the wireless network (UMUC, 2012). Utilising this loophole, the attacker continuously sends forged data frames set at large duration as a way of exhausting computing power and memory of the wireless network (UMUC, 2012). The recipient of the forged data frames can never verify the validity or duplication of the control frames received and the targeted wireless network accepts the forged frames (UMUC, 2012). The DDoS attack utilises the bandwidth. Without bandwidth, the wireless network can no longer operate the way it was designed (Glen, 2013). This disrupts the constant communication between the wireless station and presence of wireless network (Glen, 2013). The legitimate users end up without gaining access the wireless network. ACFNC Model To control and provide countermeasures against the DDoS attack on wireless networks, a lightweight non-cryptographic security solution, ACFNC model, may be used (Malekzadeh, Ghani, & Subramaniam, 2011). This model prevents DDoS attackers from utilising the control frame vulnerabilities. The model considers the limited resources on a wireless network as a major step to installing sufficient security and exactness, reducing the overhead cost, and conserves the elevated effectiveness cost (Glen, 2013; Malekzadeh, Ghani, & Subramaniam, 2011). This model is also compatible with available network facilities. Its implementation is only a firmware upgrades. This reduces the cost of massive replacement that may be needed when installing other prevention methods. ACFNC Structure Defined TS Security Field ACFNC model identifies a new placeholder field that is used to hold the security element (Malekzadeh, Ghani, & Subramaniam, 2011). The security field is called TS. It has a size of 4 bytes. It is attached at the end of control frames of a wireless network (Malekzadeh, Ghani, & Subramaniam, 2011). It is attached before FCS to provide secure control frames (UMUC, 2012). Secure Time Synchronisation Function In wireless network, time duration is an important factor. Wireless network utilises time to launch application from an event simultaneously (UMUC, 2012). Hence, ACFNC uses a time synchronising function (Malekzadeh, Ghani, & Subramaniam, 2011). By use of beacon frames, a new system clock is presented inform of timestamp field. All network systems are set at the same value, which is transmitted to them at the determined beacon interval. This assists the ACFNC model to synchronise rely time between the wireless access point and stations (Malekzadeh, Ghani, & Subramaniam, 2011). The standard TSF are efficient in transmission (Malekzadeh, Ghani, & Subramaniam, 2011). However, they do not carry the appropriate security measures. The attacker utilises them to desynchronise wireless attacks by making synchronised attacks. Mostly, the attacker manipulates the timestamp field to send mistaken instance values, counterfeit original beacon frames to incorrect timestamp field, and attacker may transmit delayed beacon frame. These misinform the TSF procedure (Malekzadeh, Ghani, & Subramaniam, 2011). The wireless station adjusts its clock to erroneous data received and it fails to synchronise to access points. This makes the network to dispose all frames, including the control frame. The station will not receive any frame. Exhaustion of resources occurs, which affects bandwidth, latency, and cause loss rate (FU, 2012). Many methods employed to organize moment synchronisation in wireless network do not regard the protection of the account by concentrating on the TSF helplessness against the synchronisation assaults. The ACFNC model employs a simplified version of TESLA protected time synchronising mechanism (Malekzadeh, Ghani, & Subramaniam, 2011). The normal TESLA uses digital signatures that are expensive to compute for a small wireless network. It also carriers 24 bytes per beacon frame, which is big for small wireless network (Malekzadeh, Ghani, & Subramaniam, 2011). The simplified version of TESLA is a lightweight broadcasting instrument, which employs one-way hash succession when providing authentication and reliability to the beacon frame (Malekzadeh, Ghani, & Subramaniam, 2011). This instrument improves security without affecting the speed of connection via the wireless network. Its process of working include calculation of the time synchronise by the access point. Later, wireless station verifies the time synchronised. Replay-Preventing Mechanism Based on a secure TSF (STSF), replay attacks are prevented by developing further extension in the ACFNC model (Malekzadeh, Ghani, & Subramaniam, 2011). The extensions are based on holding capability of time windows as a way of validating newness of arriving control frames (FU, 2012). This system tags a sent control frame to an identifier. This creates time for the control frame. By utilising the replay attack mechanism, resources such as bandwidth, battery life, buffer, and computing power on a wireless network will be limited (Malekzadeh, Ghani, & Subramaniam, 2011). Moreover, use of this method eliminates the need of keeping record of the control frames reception sequence. Its working is never memory dependent. This lowers the algorithm complexity without asking for extra memory (Malekzadeh, Ghani, & Subramaniam, 2011). Procedure of the ACFNC Model The ACTNC model prevents DDoS attacks through two ways. That is, the generation phase and verification stage (Malekzadeh, Ghani, & Subramaniam, 2011). Generation phase occurs when the sender station generates values related to TS defence field (Malekzadeh, Ghani, & Subramaniam, 2011). The sending station is the one that sets the time for the sent control frame. It tags the created value on the TS field of the control frame before sending the frame to the receiver. The verification stage occurs on the receiver station as a way of verifying the legitimacy of the received control frames (Malekzadeh, Ghani, & Subramaniam, 2011). Firstly, it discards all control frames without the TS field. If it the TS field, the receiver adds 5 and subtract CCT from the value of TS field. The resultant value must be less than or equal to resultant time out. If this condition is met, the network considers the frame as valid. For ACK, CTS, or RTS frames, their request is implemented instantly after their verification is approved (Malekzadeh, Ghani, & Subramaniam, 2011). However, CF-End and CF-End-ACK frames need duration verification from the receiver (Malekzadeh, Ghani, & Subramaniam, 2011). If the duration field is zero, the frames are considered valid and implemented. Otherwise, they are discarded. ii. Preventing Client-Server DDoS Attack Another method of preventing DDoS attack is implement authentication-based DDoS attack resistance solution (Badishi, Herzberg, Idit, Oleg & Avital, 2008). The method describe here is the FI hopping, which endures high level of DDoS attack without affecting the data conveyance between the client and server (Badishi, Herzberg, Idit, Oleg & Avital, 2008). FI hopping is an improvement of per packet authentication process, IPSec (Badishi, Herzberg, Idit, Oleg & Avital, 2008). IPSec assigns secret key as a way of providing per packet some authentication (Romanov, 2008). With provision of valid secret key to traffic relayed between client and server, it is possible to prevent a DDoS attack (Badishi, Herzberg, Idit, Oleg & Avital, 2008). During transmission, the unidentified bogus traffic is recognized and discarded. The server also undertakes more work in every request as compared IPSec demands to authenticate the sent request (Badishi, Herzberg, Idit, Oleg & Avital, 2008). However, IPSec can only withstand up to medium levels of DDoS attacks (Badishi, Herzberg, Idit, Oleg & Avital, 2008). Moreover, it requires a lot of computational power in every traffic packet (Badishi, Herzberg, Idit, Oleg & Avital, 2008). Hence, when large volume of traffic is to be authenticated, the server may fail to protect the network against DDoS attacks (Romanov, 2008). Finally, matchless information added for authentication by the IPSec security has 32-bit Security Parameter Index (SPI) field (Badishi, Herzberg, Idit, Oleg & Avital, 2008). Every packet that lacks a valid SPI is thrown away while the one detected to have IPSec is passed over to identification stage. However, IPSec provides a short-lived protection as SPI value is fixed (Badishi, Herzberg, Idit, Oleg & Avital, 2008). It is therefore possible for an attacker to know the SPI fixed value. Eventually, a DDoS attack becomes successful. As a way of reducing cryptographic computation caused by severe attacks and discarding the use of a fixed SPI value, a user employs identification information that keep on changing with time instead of using changing packet (Badishi, Herzberg, Idit, Oleg & Avital, 2008). A filter Identifier (FI) is set for individual packet. The FI is obtained from a secret pseudorandom sequence (Badishi, Herzberg, Idit, Oleg & Avital, 2008). The two parties relaying information between them only know the sequence (Badishi, Herzberg, Idit, Oleg & Avital, 2008). The client creates the FI while the server shares a secret and different IPSec to each client (FU, 2012; Romanov, 2008). For every fixed time interval when client and server communicate, FI is chosen as the next number in the progression (Romanov, 2008). The party that accepts the FI verifies the FI validity against accepted value (Badishi, Herzberg, Idit, Oleg & Avital, 2008). In case validity is detected, the packet is moved to the next step (Romanov, 2008). Otherwise, the packet is discarded as irrelevant. FI is recalculated once in a given time, like 5 seconds (Badishi, Herzberg, Idit, Oleg & Avital, 2008). The time is made short to avoid attacker from detecting the changes (Romanov, 2008). iii. Preventing Website DDoS Attack The following proposed system is effective when detecting a DDoS directed to a website. The system name is Programmable Embedded System (Tuncer, & Takar, 2011). The system determines the DDoS Assault on the port 80. In the system operations, statistics related to data packet, packet header, IP number, and packet size are highly useful when establishing the DDoS assault through SYN flooding and smurf (FU, 2012; Nagesh, Kordcal, & Sekaran, 2007). The system is devised of two phases (Tuncer, & Takar, 2011). First Phase The first phase obtains fuzzy categorization regulations from the guidance data. Firstly, packet and the segment headers confine the data frames flowing in a network (Tuncer, & Takar, 2011). The data is collected within 2 seconds duration. Then, the training data from the collected data and segment headers creates statistic according to a set procedure as shown below (Tuncer, & Takar, 2011). Attribute Definition SYN Incoming connection from port 80 FIN Terminated connection from port 80 Count Incoming connection from similar IP addresses RST Termination of abnormal connection request Packet Total number packet from port 80 (Tuncer, & Takar, 2011) From the generated data, there is normal and DDoS data classes. The fuzzy categorization policies from the derived training data are taken out using data mining and fuzzy judgments (Tuncer, & Takar, 2011). After the first phase, the information collected is passed over to the second phase, the test phase (Tuncer, & Takar, 2011). In the test phase, the fuzzy classification policies from the first phase run inform of a program to the memory of the embedded machine (Tuncer, & Takar, 2011). It tests in every two seconds (Tuncer, & Takar, 2011). It tests whether the traffic from a network has been observed (Tuncer, & Takar, 2011). At the beginning, it ensures the frame was captured, followed by packet and segment headers. It ensures the records were kept inform of statistics and compared to set rules of fuzzy (Tuncer, & Takar, 2011). (Tuncer, & Takar, 2011) As a way of detecting DDoS, a programmable hardware is embedded to internet (Tuncer, & Takar, 2011). The hardware is made up of several parts. Firstly, the processor to checks the DMA core and ensure transmission of frames occurs at 10/100 IP Mac Core (Tuncer, & Takar, 2011). Secondly, the random access memory to facilitate fast and voluminous processing of data (Tuncer, & Takar, 2011). Thirdly, the on chip memory stores data collected and program for the device (Tuncer, & Takar, 2011). Fourthly, the fast Ethernet (10/100 IP Mac Core) ensures frames send and received according to IEEE 802.3 format (Tuncer, & Takar, 2011). Finally, the timer regulates duration of traffic collection. The hardware is incorporated with Very High Speed Integrated Circuit Hardware Description Language (VHDL), which makes it acknowledge and send frames in authentic time (Tuncer, & Takar, 2011). Moreover, the hardware utilises a high-level language program (Tuncer, & Takar, 2011). References Badishi, G., Herzberg, A., Idit, K., Oleg, R., & Avital, Y. (2008). An empirical study of denial of service mitigation techniques. Symposium on Reliable Distributed System. Submitted to CS Department, Bar-Ilan University, 115-125. FU, Z. (2012). Multifaceted defence against distributed denial of service attack: Prevention, detection and Mitigation. Thesis Paper. Gothenburg, Sweden: Chalmers University of Technology retrieved from http://www.cse.chalmers.se/~zhafu/thesis.pdf Glen, M. (2013). A summary of DoS/DDoS prevention, monitoring, mitigation techniques in a service provider environment. SANS Institute. Retrieved from https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-prevention-monitoring-mitigation-techniques-service-provider-enviro-1212 Malekzadeh, M., Ghani, A. A. A., & Subramaniam, S. (2011). Design and implementation of a lightweight security model to prevent IEEE 802.11 wireless Dos Attack. EURASIP Journal on Wireless Communication and Networking, 105675, 1-16. DOI: 10.1155/2011/10565 Nagesh, H. R. K., Kordcal, A. R., & Sekaran, C. (2007). Proactive model for mitigating internet Denial-of-Service attacks. International Conference on Information and Technology, Department of Computer Engineering, National Institute of Technology Karnataka, India. Patrikakis, C., Masikos, M., &Zouraraki, O. (n.d.). Distributed denial of service. The internet protocol Journal, 7(4). Retrieved from http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-4/dos_attacks.html Romanov, O. (2008). Beaver on IPSec-Protection from DoS attacks. Final Paper, Masters in Science Electrical Engineering, Senate of Technion, Israel Institute of Technology. Retrieved from http://webee.technion.ac.il/~idish/ftp/romanov-msc.pdf Tuncer, T. & Takar, Y. (2011). Detection DoS attack on FPGA using fuzzy associated rules. International joint conference of IEEE Trustcom-11/IEEE ICESS-11/FCST-11, 1271-1276. DOI: 10.11109/Trustcom.2011.171 UMUC (2012). Monitoring, auditing, intrusion detection, intrusion prevention, and penetration testing, CSEC 640, 1-45. Wees, A. L. (n.d.). Denial of service detection, prevention, and mitigation techniques. CSEC 640. Retrieved from http://researchedsolution.wordpress.com/2013/09/14/denial-of-service-dos-detection-prevention-and-mitigation-techniques/ Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Detecting preventing or mitigating DoS or Distributed DoS attacks Research Paper”, n.d.)
Detecting preventing or mitigating DoS or Distributed DoS attacks Research Paper. Retrieved from https://studentshare.org/information-technology/1630797-detecting-preventing-or-mitigating-dos-or-distributed-dos-attacks
(Detecting Preventing or Mitigating DoS or Distributed DoS Attacks Research Paper)
Detecting Preventing or Mitigating DoS or Distributed DoS Attacks Research Paper. https://studentshare.org/information-technology/1630797-detecting-preventing-or-mitigating-dos-or-distributed-dos-attacks.
“Detecting Preventing or Mitigating DoS or Distributed DoS Attacks Research Paper”, n.d. https://studentshare.org/information-technology/1630797-detecting-preventing-or-mitigating-dos-or-distributed-dos-attacks.
  • Cited: 0 times

CHECK THESE SAMPLES OF Techniques for Detecting, Preventing or Mitigating Distributed Denial of Service

The Significance of Systems Configuration and Management for a UNIX System

In this scenario, all the practical systems have their own techniques for implementing security patches.... In addition, the capability to get rid of a (reminded) security patch makes simpler patch administration on these systems liberating the manager from planning routine techniques for patch management and permitting the administrator to focus on improving system security.... With the passage of time, the security arrangement moved from centralized to distributed verification and permission systems (UNIX Systems Cooperative Promotion Group, 1997) and (The Open Group, 2010)....
8 Pages (2000 words) Essay

Airport Security: Explosives Detection Systems

AIRPORT SECURITY: EXPLOSIVES DETECTION SYSTEMS by Name Class Professor University University City and State Date Airport Security: Explosives Detection Systems Aviation security holds a significant part in preventing smuggling and terrorism.... Security checks are done on airline passengers, checked luggage, hand-carried baggage, and cargo containers, and the methods are mainly based on 3 principles: 1) Reasonable efforts must be exhausted to prevent terrorist access to airports; 2) Terrorists who are able to penetrate the initial security screening will still go through weapons detection procedures and explosives detection system, and; 3) Aircraft systems and structure should be built in a way that minimizes any damage that could result from blasts and raises the chances of passenger survival (Marshall & Oxley 2009, AIRPORT SECURITY: EXPLOSIVES DETECTION SYSTEMS by and Airport Security: Explosives Detection Systems Aviation security holds a significant part in preventing smuggling and terrorism....
3 Pages (750 words) Assignment

Anomaly Detection Scheme for Prevention of Collaborative Attacks

n example of such a system is the Intrusion Prevention System, which is very useful in preventing the distributed denial of service attacks.... Some of the attackers that can collaborate to paralyze a system include, denial of Messages attacks in which corrupt nodes interfere with radio signals of the genuine nodes thus preventing them from receiving messages....
5 Pages (1250 words) Dissertation

Preparing United States Schools for International Terrorist Violence

Preparing US Schools for International Terrorist Violence Course/Number Date Introduction Terrorism refers to the strategic use of unlawful force and/ or threat of unlawful violence to inspire fear; with this fear being in turn intended for coercion or intimidation of governments, the society or members of the society in the quest for religious, political or/ and ideological goals....
12 Pages (3000 words) Essay

XIS13-6: Grid Services and Distributed Networking

Based on the service-oriented computing principles, Grids technology creates an illusion of a simple yet large powerful, virtual computer, by aggregating a heterogeneous geographically distributed data and storage resources as shown in fig.... … Grid technology promises to provide the next generation computational infrastructure; a layered network services that allow users single sign-on access to a picture perfect distributed collection of computers, data and application resources....
5 Pages (1250 words) Essay

How ISPs Can Help Fight Botnets and Cybe

Some of the users started developing scripts to attempt denial of service and distributed denial of service attacks on the servers to crash them.... They are the basis of many internet crimes like spam, phishing, denial of service attacks etc.... They adopt a distributed approach due to which it becomes difficult to control or detect them.... Botnets is one of the newer techniques that is adapted by hackers to gain access to different systems on the network and then perform inappropriate automated tasks through them....
14 Pages (3500 words) Essay

Purpose of Intrusion Detection and Detection Techniques

This coursework "Purpose of Intrusion Detection and Detection techniques" provides an insight into the IDS or Intrusion detection systems.... Revolutionary and modern intrusion detection systems are typically a blend of these two techniques (Sundaram, 1996).... There are two major techniques of network traffic monitoring, one is anomaly-based and the other is signature-based.... According to Bradley (2009), an intrusion detection system is intended for signature-based detection depends on the evaluation of traffic to a database that holds signatures of previously recognized attack techniques....
5 Pages (1250 words) Coursework

Differentiation Between DOS and DDOS

distributed denial of service (D.... hellip; denial of service in general, as the name implies, takes the users offline from the network, deactivate their resources and connection, and strangulates their utilities.... hile these malware codes act in different ways and have specialization in different zones, denial of service is one of these and has a large application area....
8 Pages (2000 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us