Bandwidth Distributed Denial of SerFull Document

7/24/2019 Bandwidth Distributed Denial of SerFull Document

1/17

BANDWIDTH DISTRIBUTED DENIAL OFSERVICE: ATTACKS AND DEFENSES


2/17

ABSTRACT

Distributed denial of service (DDoS) attacks pose a serious threat to the

Internet. We discuss the Internets vulnerability to Bandwidth Distributed

Denial of Service (BW-DDoS) attacks where !any hosts send a hu"e

nu!ber of packets e#ceedin" network capacity and causin" con"estion and

losses thereby disruptin" le"iti!ate traffic. $%& and other protocols e!ploy

con"estion control !echanis!s that respond to losses and delays by

reducin" network usa"e hence their perfor!ance !ay be de"raded sharply

due to such attacks. 'ttackers !ay disrupt connectivity to servers networks

autono!ous syste!s or whole countries or re"ions such attacks were

already launched in several conflicts.

BW-DDoS e!ployed relatively crude inefficient brute force !echanis!s

future attacks !ay be si"nificantly !ore effective and hence !uch !ore

har!ful. $o !eet the increasin" threats !ore advanced defenses should be

deployed. $his !ay involve so!e proposed !echanis!s (not yet deployed)

as well as new approaches.


3/17

INTRODUCTION

Internet services are indispensable * and yet vulnerable to Denial of Service

(DoS) attacks and especially to Distributed DoS (DDoS) attacks. DDoS

attacks which !any attackin" a"ents cooperate to cause e#cessive load to a

victi! host service or network. DDoS attacks have increased in

i!portance nu!ber and stren"th over the years beco!in" a !a+or proble!.

,urther!ore si"nificant "rowth in sie of attacks and in their sophistication

is reported.

OBJECTIVES OF STUDY

$o identify Bandwidth Distributed Denial of Service (BW-DDoS) attacks

which disrupt the operation of the network infrastructure by causin"

con"estion or an e#cessive a!ount of traffic. BW-DDoS attacks can cause

loss or severe de"radation of connectivity between the Internet and victi!

networks or even whole autono!ous syste!s possibly disconnectin" whole

re"ions of the Internet.


4/17

SCOPE OF WORK

BW-DDoS attacks are usually "enerated fro! a lar"e nu!ber of

co!pro!ised co!puters (o!bies or puppets). Bandwidth Distributed

Denial of Service are the !ost freuently used DoS !ethod. /ost BW-

DDoS attacks use few si!ple ideas !ainly floodin" i.e. !any a"ents

sendin" packets at the !a#i!al rate and reflection i.e. sendin" reuests to

a server with fake (spoofed) sender I& address resultin" in server sendin"

(usually lon"er) packet to the victi!.


5/17

EXISTING SYSTEM

' nu!ber of I& traceback approaches have been su""ested to identify

attackers and there are two !a+or !ethods for I& traceback the

probabilistic packet !arkin" (&&/) and the deter!inistic packet

!arkin" (D&/).

Both of these strate"ies reuire routers to in+ect !arks into individual

packets.

$he D&/ strate"y reuires all the Internet routers to be updated for

packet !arkin". /oreover the D&/ !echanis! poses an

e#traordinary challen"e on stora"e for packet lo""in" for routers.

,urther both &&/ and D&/ are vulnerable to hackin" which is

referred to as packet pollution.

Disadva!a"#s

&&/ strate"y can only operate in a local ran"e of the Internet (IS&

network) where the defender has the authority to !ana"e. IS&

networks are "enerally uite s!all and cannot traceback to the attack

sources located out of the IS& network.

Because of the vulnerability of the ori"inal desi"n of the Internet we

!ay not be able to find the actual hackers at present.


6/17

PROPOSED SYSTEM

BW-DDoS attack where the attacker sends as !any packets as

possible directly to the victi! or fro! an attacker controlled

!achines called o!bies or bots

$he si!plest scenario is one in which the attacker is sendin" !ultiple

packets usin" a connectionless protocol such as 0D&. In 0D& flood

attacks the attacker co!!only has a user-!ode e#ecutable on the

o!bie !achine which opens a standard 0D& sockets and sends !any

0D& packets towards the victi!.

,or 0D& floods and !any other BW-DDoS attacks the attackin"a"ents !ust have o!bies i.e. hosts runnin" adversary-controlled

!alware allowin" the !alware to use the standard $%&1I& sockets.

$he first atte!pts to avoid detection and the second tries to e#ploit

le"iti!ate protocol behavior and cause le"iti!ate clients1server to

e#cessively !isuse their bandwidth a"ainst the attacked victi!.

Adva!a"#s

Bandwidth based identification

2asily identifies attacker

3i"h attack detection


7/17

SYSTEM SPECIFICATION

HARDWARE SPECIFICATION

&rocessor 4 'ny &rocessor above 566 /3.

7a! 4 89:/b.

3ard Disk 4 86 ;B.

Input device 4 Standard ;' and 3i"h 7esolution /onitor.

SOFTWARE SPECIFICATION

=peratin" Syste! 4 Windows ,a!ily.

&ro"ra!!in" ?an"ua"e 4 @D< 8.5 or hi"her


8/17

SYSTEM ARCHITECTURE

Fi": S$s!#% A&'(i!#'!)


9/17

MODULES

%onstruction of nor!al Dataset

?ocal Data %ollection

$rainin" nor!al data usin" cluster !echanis!

$estin" &hase

C*s!&)'!i* *+ *&%a, Da!as#!

$he data obtained fro! the audit data sources !ostly contains local routin" infor!ation

data and control infor!ation fro! /'% and routin" layers alon" with other traffic

statistics. $he trainin" of data !ay entail !odelin" the allot!ent of a "iven set of trainin"

points or characteristic network traffic sa!ples.

L*'a, Da!a C*,,#'!i*

' nor!al profile is an a""re"ated rule set of !ultiple trainin" data se"!ents. Aew and

updated detection rules across ad-hoc networks are obtained fro! nor!al profile. $he

nor!al profile consists of nor!al behavior patterns that are co!puted usin" trace data

fro! a trainin" process where all activities are nor!al. Durin" testin" process nor!al

and abnor!al activities are processed and any deviations fro! the nor!al profiles are

recorded.

T&aii" *&%a, da!a )si" ',)s!#& %#'(ais%

It calculates the nu!ber of points near each point in the feature space. In fi#ed width

clusterin" techniue set of clusters are for!ed in which each cluster has fi#ed radius also

known as cluster width in the feature space.

T#s!i" P(as#

$he testin" phase takes place by co!parin" each new traffic sa!ples with the cluster set

to deter!ine the anony!ity. $he distance between a new traffic sa!ple point and each

cluster centroid is calculated. If the distance fro! the test point s to the centroid of its


10/17

nearest cluster is less than cluster width para!eter w then the traffic sa!ple shares the

label as either nor!al or ano!alous of its nearest cluster. If the distance fro! s to the

nearest cluster is "reater than w then s lies in less dense re"ion of the feature space and

is labeled as ano!alous.


11/17

DATA FLOW DIAGRAM

?evel 64

?evel 84

L#v#, -:

%lient

%lientSearch 7outer

7outer

7outerAei"hborDetection Aode

Bandwidth7euest

Inter-Aode

selection

%lient

Send uery

7outer

Inter-Aode

Server

IDS

!onitorin"


12/17

L#v#, .:

%lientSend re1res

7outer

IDS !onitorin"

$ar"eted

Dataset

Inter Aode

server

7esponse'no!aly

status

'udit lo"


13/17

UML DIAGRAM

USE CASE DIAGRAM


14/17

SE/UENCE DIAGRAM


15/17

ACTIVITY DIAGRAM


16/17

COLLABORATION DIAGRAM


17/17

CLASS DIAGRAM

Date post:	23-Feb-2018
Category:	Documents
Upload:	lechu-92
View:	221 times
Download:	0 times

Bandwidth Distributed Denial of SerFull Document

Documents