1
A Research Proposal for Mitigating DoS Attacksin IP-based Networks
Sakharam Lokhande
Assistant ProfessorSchool of Computational Science,Swami Ramanand Teerth Marathwada University, Nanded,MS, India, 431606. Email:lokhande_sana@rediff.com
Parag Bhalchandra
Assistant ProfessorSchool of Computational Science,Swami Ramanand Teerth Marathwada University, Nanded,MS, India, 431606. Email:srtmun.parag@gmail.com
Nilesh Deshmukh
Assistant ProfessorSchool of Computational Science,Swami Ramanand Teerth Marathwada University, Nanded,MS, India, 431606. Email: nileshkd@yahoo.com
Dr. Santosh Khamitkar
Associate ProfessorSchool of Computational Science,Swami Ramanand Teerth Marathwada University, Nanded,MS, India, 431606. Email:s.khamitkar@gmail.com
Santosh Phulari
Assistant ProfessorSchool of Computational Science, Swami Ramanand TeerthMarathwada University, Nanded,MS, India, 431606. Email:santoshphulari@gmail.com
Ravindra Rathod
Assistant ProfessorSchool of Computational Science, Swami Ramanand TeerthMarathwada University, Nanded,MS, India, 431606. Email: rpr_srtmun@rediff.com
Abstract
: T
his paper studies denial of service (DoS) attacks incomputer networks. These attacks are known for preventingavailability of network services from their legitimate users. Aftercareful review of literature, we wish to presents a structured viewon possible attack and defense mechanisms. An outline todescribe some new defense mechanisms is also presented in termsof a research proposal .
Keywords-
Denial of Service Attacks, Intrusion, Security
I.
PROBLEM DEFINATION
Defending against DoS attacks is a task from network andcomputer security. As scientific disciplines, network andcomputer security are relatively primitive. An indication of this fact is to be aware that the computer security terminologyis not yet stabilized [4]. Computer and network securityaspects were first studied in the early 1970s. As in some of theearliest security papers listed and available in, the Denial of Service attacks are timely and extremely important researchtopic. According to the CSI/FBI computer crime and securitysurvey in the United States [1] for the year 2004, DoS attacksare the second most widely detected outsider attack type incomputer networks, immediately after virus infections. Acomputer crime and security survey in Australia[1] for theyear 2004, gives similar results. It is currently not possible toprevent DoS attacks because many of these attacks are basedon using ordinary protocols and services in an overwhelmingmanner. Specific security holes in the victim hosts or networksare thus not necessarily needed. For this reason we can onlymitigate these attacks.II.
O
VERVIEW OF
D
ENIAL OF
S
ERVICE
A
TTACKS
Denials of Service (DoS) attacks have proved to be aserious and permanent threat to users, organizations, andinfrastructures of the Internet [1]. The primary goal of theseattacks is to prevent access to a particular resource like a webserver [2]. A large number of defenses against DoS attackshave been proposed in the literature, but none of them givesreliable protection. There will always be vulnerable hosts inthe Internet to be used as sources of attack traffic. It is simplynot feasible to expect all existing hosts in the Internet to beprotected well enough. In addition, it is very difficult toreliably recognize and filter only attack traffic without causingany collateral damage to legitimate traffic.A DoS attack can be carried out either as a flooding or alogic attack. A
Flooding DoS attack
is based on brute force.Real-looking but unnecessary data is sent as much as possibleto a victim. As a result, network bandwidth is wasted, disk space is filled with unnecessary data (such as spam e-mail, junk files, and intentional error messages), fixed size datastructures inside host software are filled with bogusinformation, or processing power is spent for un usefulpurposes. To amplify the effects, DoS attacks can be run in acoordinated fashion from several sources at the same time
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 2010199http://sites.google.com/site/ijcsis/ISSN 1947-5500
2(Distributed DoS, DDoS).A
logic DoS attack
is based on anintelligent exploitation of vulnerabilities in the target. Forexample, a skillfully constructed fragmented Internet Protocol(IP) datagram may crash a system due to a serious fault inthe operating system (OS) software. Another example of alogic attack is to exploit missing authentication requirementsby injecting bogus routing information to prevent traffic fromreaching a victim’s network. [5, 6]There are two major reasons that make DoS attacksattractive for attackers. The first reason is that there areeffective automatic tools available for attacking any victim, soexpertise is not necessarily required. The second reason is thatit is usually impossible to locate an attacker without extensivehuman interaction or without new features in most routers of the Internet. DoS attacks make use of vulnerabilities in end-hosts, routers, and other systems connected to a computernetwork. The size of a population having the samevulnerability can be large. In July 2003 a vulnerability wasfound from the whole population of Cisco routers andswitches running any version of the Cisco IOS software andconfigured to process Internet Protocol version 4 (IPv4)packets. This vulnerability made it possible to block aninterface, which resulted in a DoS condition without anyalarms being triggered. Another example of a large populationis the Microsoft Windows Metafile (WMF) vulnerabilitywhich was found in December 2005 from all versions of Windows 98, 98SE, ME, 2000, and XP. This vulnerabilitymade it possible to install any malicious software on thesehosts, for example, to send DoS attack traffic. User interactionwas, however, required to exploit this vulnerability.III.
R
ESEARCH
P
ROBLEM
Mitigating DoS attacks is difficult especially due to thefollowing problems:1)
Very little has been done to compare, contrast, andcategorize the different ideas related to DoS attacks anddefenses. As a result it is difficult to understand what acomputer network user needs to do and why to mitigate thethreat from DoS attacks.2)
There are no effective defense mechanisms againstmany important DoS attack types. There is no guidance onhow to select defense mechanisms.3)
Existing defense mechanisms have been evaluatedaccording to very limited criteria.4)
Often relevant risks have been ignored (such as in[3]) or evaluations have been carried out under idealconditions.5)
No research publications exist for giving asystematic list of issues related to defense evaluationIV.
O
BJECTIVE OF THE
R
ESEARCH
The objective of this research proposal is to help any userin any network for mitigating DoS attacks in IP-basednetworks. This study concentrates especially on the followingareas:1)
One should understand existing attack mechanismsand available defense mechanisms, and have a rough ideaabout the benefits (best-case performance) of each defensemechanism.2)
One should acknowledge possible situationdependency of defense mechanisms, and be able to choose themost suitable defense when more than one defensemechanisms are available against a specific attack type.3)
One should evaluate defense mechanisms in acomprehensive way, including both benefits anddisadvantages (worst-case performance), as an attacker canexploit any weakness in a defense mechanism.Knowledge of all of these issues is necessary in successfulmitigation of DoS attacks. Without knowing how a specificdefense mechanism works under different possible conditionsand what the real benefits and weaknesses are, it is notpossible to assure the suitability of a defense mechanismagainst a certain type of a DoS attack.V.
R
ESEARCH
M
ETHODOLOGY
Research methodologies aimed to be used in this proposal,are primarily based on simulating different attack scenarios,but measurements, mathematical modeling based on gametheory, and requirement specification are also planned to beused .VI.
S
COPE OF THE
R
ESEARCH
Since this proposal studies DoS attacks in computernetworks using the Internet Protocol (IP), namely the Internetand mobile ad hoc networks, is extremely useful for thesecurity concern. DoS attacks in the physical world will not bestudied here. Major work concentrate on the fixed (wired)Internet, but most of the considered attack and defensemechanisms will be applicable to wireless networks, too. Theemphasis of this research proposal is on DoS attacks ingeneral, and DDoS attacks are treated as a subset of DoSattacks. DDoS attacks are based on the same mechanisms asbasic DoS attacks, but there is one exception during thedeployment phase .A DDoS tool needs to be installed on manyvulnerable hosts. The installation of DoS software on a singlevulnerable host is, however, a common prerequisite for mostDoS attacks. Thus attack and defense mechanisms describedin this dissertation are applicable to both DoS and DDoSattacks.VII.
P
OSSIBLE
O
UTCOME
The main contributions of this proposed work include,1)
A comprehensive and well-structured description canbe given about what DoS attacks really are? How DoS attackscan be carried out in IP networks? And how one can defendagainst DoS attacks in IP networks. A good understanding of existing attack mechanisms and available defense mechanismsis a prerequisite for succeeding in mitigating these attacks costeffectively.2)
An overview of an organized approach for selecting acomprehensive set of defense mechanisms against DoS attacksis given. This emphasizes the importance of basic securitymechanisms at every host in the Internet, the importance of risk management in choosing additional defenses when basicdefenses are not enough, and the necessity of implementingnew defenses against such important DoS attacks for whichthere are no existing defenses.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 2010200http://sites.google.com/site/ijcsis/ISSN 1947-5500
Search History:
Result 00 of 00
00 results for result for
p.
A Research Proposal for Mitigating DoS Attacks in IP-based Networks
Abstract: This paper studies denial of service (DoS) attacks in computer networks. These attacks are known for preventing availability of network services from their legitimate users. After careful review of literature, we wish to presents a…
(More)
1.3K
Reads
7
Readcasts
1
Embed Views
Get Scribd Mobile
To get Scribd mobile enter your number and we'll send you a link to the Scribd app for iPhone & Android.We've sent a link to the Scribd app. If you didn't receive it, try again.
We'll never share your phone number.
More From This User
Notes
Load more
