2(Distributed DoS, DDoS).A
logic DoS attack
is based on anintelligent exploitation of vulnerabilities in the target. Forexample, a skillfully constructed fragmented Internet Protocol(IP) datagram may crash a system due to a serious fault inthe operating system (OS) software. Another example of alogic attack is to exploit missing authentication requirementsby injecting bogus routing information to prevent traffic fromreaching a victim’s network. [5, 6]There are two major reasons that make DoS attacksattractive for attackers. The first reason is that there areeffective automatic tools available for attacking any victim, soexpertise is not necessarily required. The second reason is thatit is usually impossible to locate an attacker without extensivehuman interaction or without new features in most routers of the Internet. DoS attacks make use of vulnerabilities in end-hosts, routers, and other systems connected to a computernetwork. The size of a population having the samevulnerability can be large. In July 2003 a vulnerability wasfound from the whole population of Cisco routers andswitches running any version of the Cisco IOS software andconfigured to process Internet Protocol version 4 (IPv4)packets. This vulnerability made it possible to block aninterface, which resulted in a DoS condition without anyalarms being triggered. Another example of a large populationis the Microsoft Windows Metafile (WMF) vulnerabilitywhich was found in December 2005 from all versions of Windows 98, 98SE, ME, 2000, and XP. This vulnerabilitymade it possible to install any malicious software on thesehosts, for example, to send DoS attack traffic. User interactionwas, however, required to exploit this vulnerability.III.
Mitigating DoS attacks is difficult especially due to thefollowing problems:1)
Very little has been done to compare, contrast, andcategorize the different ideas related to DoS attacks anddefenses. As a result it is difficult to understand what acomputer network user needs to do and why to mitigate thethreat from DoS attacks.2)
There are no effective defense mechanisms againstmany important DoS attack types. There is no guidance onhow to select defense mechanisms.3)
Existing defense mechanisms have been evaluatedaccording to very limited criteria.4)
Often relevant risks have been ignored (such as in) or evaluations have been carried out under idealconditions.5)
No research publications exist for giving asystematic list of issues related to defense evaluationIV.
BJECTIVE OF THE
The objective of this research proposal is to help any userin any network for mitigating DoS attacks in IP-basednetworks. This study concentrates especially on the followingareas:1)
One should understand existing attack mechanismsand available defense mechanisms, and have a rough ideaabout the benefits (best-case performance) of each defensemechanism.2)
One should acknowledge possible situationdependency of defense mechanisms, and be able to choose themost suitable defense when more than one defensemechanisms are available against a specific attack type.3)
One should evaluate defense mechanisms in acomprehensive way, including both benefits anddisadvantages (worst-case performance), as an attacker canexploit any weakness in a defense mechanism.Knowledge of all of these issues is necessary in successfulmitigation of DoS attacks. Without knowing how a specificdefense mechanism works under different possible conditionsand what the real benefits and weaknesses are, it is notpossible to assure the suitability of a defense mechanismagainst a certain type of a DoS attack.V.
Research methodologies aimed to be used in this proposal,are primarily based on simulating different attack scenarios,but measurements, mathematical modeling based on gametheory, and requirement specification are also planned to beused .VI.
COPE OF THE
Since this proposal studies DoS attacks in computernetworks using the Internet Protocol (IP), namely the Internetand mobile ad hoc networks, is extremely useful for thesecurity concern. DoS attacks in the physical world will not bestudied here. Major work concentrate on the fixed (wired)Internet, but most of the considered attack and defensemechanisms will be applicable to wireless networks, too. Theemphasis of this research proposal is on DoS attacks ingeneral, and DDoS attacks are treated as a subset of DoSattacks. DDoS attacks are based on the same mechanisms asbasic DoS attacks, but there is one exception during thedeployment phase .A DDoS tool needs to be installed on manyvulnerable hosts. The installation of DoS software on a singlevulnerable host is, however, a common prerequisite for mostDoS attacks. Thus attack and defense mechanisms describedin this dissertation are applicable to both DoS and DDoSattacks.VII.
The main contributions of this proposed work include,1)
A comprehensive and well-structured description canbe given about what DoS attacks really are? How DoS attackscan be carried out in IP networks? And how one can defendagainst DoS attacks in IP networks. A good understanding of existing attack mechanisms and available defense mechanismsis a prerequisite for succeeding in mitigating these attacks costeffectively.2)
An overview of an organized approach for selecting acomprehensive set of defense mechanisms against DoS attacksis given. This emphasizes the importance of basic securitymechanisms at every host in the Internet, the importance of risk management in choosing additional defenses when basicdefenses are not enough, and the necessity of implementingnew defenses against such important DoS attacks for whichthere are no existing defenses.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 2010200http://sites.google.com/site/ijcsis/ISSN 1947-5500