Author Topic: Analysis of Denial of Service Attack  (Read 2900 times)

0 Members and 1 Guest are viewing this topic.

IJSER Content Writer

  • Sr. Member
  • ****
  • Posts: 327
  • Karma: +0/-1
    • View Profile
Analysis of Denial of Service Attack
« on: November 23, 2011, 09:22:39 am »
Author : Rakesh Rathi, Udai Nag
International Journal of Scientific & Engineering Research Volume 2, Issue 10, October-2011
Download Full Paper : PDF

Abstract-- Proxy network-based defense has recently emerged to address an open research challenge. protecting Internet service applications from Denial-of-Service (DoS) attacks. Such schemes use a proxy network as a mediator for a hidden application to prevent direct attacks on the application’s physical infrastructure, while maintaining communication between users and the application. The proxy network provides a distributed front-end to disperse DoS attack traffic, thereby shielding the application. However, the basic feasibility and fundamental properties of such schemes remain unclear, posing critical challenges for their use.
This Paper addresses these challenges by exploring proxy networks. Ability to resist important attacks: penetration, proxy depletion, and DoS attacks. We develop a generic analytic framework for proxy network-based systems, and use it to analyze proxy networks. resilience to penetration and proxy depletion attacks, characterizing how attacks, defenses, proxy network structure, and correlation in host vulnerabilities affect feasibility. Furthermore, using online simulation, we quantify the resistance to DoS attacks at an unprecedented scale and realism, by running real application, proxy network, and attack programs in a simulated network with a size comparable to tier-1 ISP networks.
We show that proxy network-based DoS defense can effectively resist these attacks, and protect applications successfully. Specific results are the following. First, proactive defenses, such as proxy migration, are required for penetration resistance . proxy networks can be effectively impenetrable with proxy migration, but will be penetrated easily without proactive defenses. Second, correlation in host vulnerabilities makes proxy networks vulnerable to penetration. By exploiting host diversity and intelligent proxy network construction, effective resistance can be achieved. Third, topology is crucial for resisting proxy depletion attacks: when a topology’s eigenvalue is smaller than the speed ratio between defense and attack, all compromised proxies will always be recovered; when a topology’s Palladian spectrum is larger than this ratio, compromised proxies will linger, making the proxy network unrecoverable. Last, proxy networks provide effective and scalable DoS defense. They can resist large-scale DoS attacks, while preserving performance for the majority (>90%) of users. Furthermore, increasing the proxy network size linearly improves the level of resistance to DoS attacks.
Keywords: Proxy Network, Denial of Service, Penetration, Defenses.
1. Introduction
DoS attacks are malicious attempts aiming to limit or deny service availability to legitimate users. A DoS attack on an Internet service application can be achieved by consuming critical resources (such as network bandwidth, server memory, disk space, or CPU time) on which the application or access to the application depends. Depletion of these resources can prevent the application from functioning, or disconnect the application from the Internet, and thus make the application unavailable to its users. A DoS attack occurs either at the infrastructure-level by attacking the resources directly (e.g. by flooding the application’s sub-network with IP packets), or at the application-level by attacking through the application interface (e.g. by overloading the application with abusive workload). In a typical DoS attack, an attacker first compromises a number of hosts (chosen from the hundreds of millions of vulnerable hosts) in the Internet, and then instructs these compromised hosts to attack an application by sending either infrastructure-level or application-level attack traffic to it (Figure 1.1). The recent emergence of sophisticated attacks tools, such as Trinoo [1], mstream [2], and TFN2K [3], and of Internet worms, such as CodeRed [4, 5], slammer [6], and MyDoom [7]. which automate the process of compromising hosts. makes it possible for attackers to control a large number (tens of thousands or even millions) of Internet hosts. These hosts can then be used to generate attack traffic, and to construct massive distributed DoS attacks, which can generate 
sufficient traffic to saturate even the largest Internet 
service applications. Therefore, such DoS attacks are a great threat to the availability of all Internet service applications.
Figure1.1:- Denial of Service Attacks
The real-world impact of these DoS attacks is severe. For example, in 1999, a series of large-scale DoS attacks targeted popular Internet service applications, such as Yahoo!, Amazon, eBay, and [8,9]. These attacks kept the target sites offline for several hours, causing millions of dollars in lost revenue. In 2001, the .Code Red. and .Code Red II. worms spread widely in the Internet as part of a distributed DoS attack on the White House web site, forcing it to relocate [4]. In 2003, a series of large-scale DoS attacks using Internet worms caused outages at Microsoft’s website [6] and SCO Group’s website [7]. According to a survey [10] of 251 organizations conducted by Computer Security Institute and the FBI, DoS attacks were the second-most costly computer crime, with damage exceeding 65 million dollars in 2003. These incidents and statistics show that DoS attacks have a serious economic and social impact.
Furthermore, DoS attacks are widespread in the Internet. In an attempt to characterize the frequency of DoS activities on the Internet, researchers at UCSD and CAIDA (the Cooperative Association for Internet Data Analysis) used backscatter detection techniques to infer DoS activities [18]. Their results reported more than 12,000 DoS attacks on more than 5000 targets during a span of three weeks, in February 2001. The victims of these attacks span the entire spectrum of commercial business sites, such as Yahoo!, CNN, as well as many small businesses. These numbers indicate that DoS attacks are common in the Internet, and that any Internet service application can become a victim of such attacks.
Since DoS attacks pose a critical threat to Internet service applications, researchers are exploring a wide range of defenses. As system researchers, our focus is infrastructure-level attacks, since these attacks target service infrastructures, and should be addressed at the system level. Application-level attacks are specific to the detailed structure of application interfaces, properties, and configurations, and thus can only be addressed by application designers. Existing system-level defense mechanisms [12-14] aim at blunting infrastructure-level DoS attacks1 by filtering the attack traffic. These schemes use routers to filter all the incoming network packets, and discard packets suspected to be part of an attack.
However, accurately distinguishing attack and normal packets is difficult, and increasingly so, as attack sophistication increases. As a result, these filter-based defenses are typically based on specific attack details, and do not apply generally to DoS attacks. For example, common methods use details of network packets, such as protocols (e.g. UDP or ICMP packets), the destination port, and source IP addresses [12-17], to identify attack packets. This lack of generality poses a fundamental limitation on their effectiveness.
Furthermore, in order for filter-based defenses to be effective, they must be deployed globally and in the basic Internet infrastructure of routers, since the attack traffic can come from millions of hosts dispersed across the Internet. Partial deployment leaves vast resources that can be used by attackers to generate devastating attack traffic which will saturate Internet service applications.
In summary, protecting Internet service applications from DoS attacks is a critical issue for Internet service applications. The current defense mechanisms are primarily based on filtering. They cannot protect applications from DoS attacks in general because they rely on specific attack details. Furthermore, they require global deployment with the basic Internet infrastructure. Due to these limitations, the filter-based defense mechanisms do not provide a general solution to the problem of protecting Internet service applications from DoS attacks.

Read More:
Click here...