IJSER Home >> Journal >> IJSER
International Journal of Scientific and Engineering Research
ISSN Online 2229-5518
ISSN Print: 2229-5518 10    
Website: http://www.ijser.org
scirp IJSER >> Volume 2, Issue 10, October 2011 Edition
Analysis of Denial of Service Attack
Full Text(PDF, 3000)  PP.  
Author(s)
Rakesh Rathi, Udai Nag
KEYWORDS
Proxy Network, Denial of Service, Penetration, Defenses
ABSTRACT
Proxy network-based defense has recently emerged to address an open research challenge. protecting Internet service applications from Denial-of-Service (DoS) attacks. Such schemes use a proxy network as a mediator for a hidden application to prevent direct attacks on the application's physical infrastructure, while maintaining communication between users and the application. The proxy network provides a distributed front-end to disperse DoS attack traffic, thereby shielding the application. However, the basic feasibility and fundamental properties of such schemes remain unclear, posing critical challenges for their use. This Paper addresses these challenges by exploring proxy networks. Ability to resist important attacks: penetration, proxy depletion, and DoS attacks. We develop a generic analytic framework for proxy network-based systems, and use it to analyze proxy networks. resilience to penetration and proxy depletion attacks, characterizing how attacks, defenses, proxy network structure, and correlation in host vulnerabilities affect feasibility. Furthermore, using online simulation, we quantify the resistance to DoS attacks at an unprecedented scale and realism, by running real application, proxy network, and attack programs in a simulated network with a size comparable to tier-1 ISP networks. We show that proxy network-based DoS defense can effectively resist these attacks, and protect applications successfully. Specific results are the following. First, proactive defenses, such as proxy migration, are required for penetration resistance . proxy networks can be effectively impenetrable with proxy migration, but will be penetrated easily without proactive defenses. Second, correlation in host vulnerabilities makes proxy networks vulnerable to penetration. By exploiting host diversity and intelligent proxy network construction, effective resistance can be achieved. Third, topology is crucial for resisting proxy depletion attacks: when a topology's eigenvalue is smaller than the speed ratio between defense and attack, all compromised proxies will always be recovered; when a topology's Palladian spectrum is larger than this ratio, compromised proxies will linger, making the proxy network unrecoverable. Last, proxy networks provide effective and scalable DoS defense. They can resist large-scale DoS attacks, while preserving performance for the majority (>90%) of users. Furthermore, increasing the proxy network size linearly improves the level of resistance to DoS attacks.
References
[1} Dittrich, D., The DoS Project’s ""trinoo"" distributed denial of service attack tool, 1999, University of Washington http://staff.washington.edu/dittrich/misc/trinoo.analysis.

[2]. Dittrich, D., et al., The ""mstream"" distributed denial of service attack tool, 2000. http://staff.washington.edu/dittrich/misc/mstream.analysis.txt.

[3]. Dittrich, D., The ""Tribe Flood Network"" distributed denial of service attack tool, 1999, University of Washington, http://staff.washington.edu/dittrich/misc/tfn.analysis.txt

[4].CERT, ""Code Red"" Worm Exploiting Buffer OverflowIn IIS Indexing ServiceDLL, 2001,Pittsburgh,PA, http://www.cert.org/incident_nes/IN2001-08.html.

[5].CERT, ""Code Red II:"" Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL, 2001, Pittsburgh, PA, http://www.cert.org/incident_ notes/IN-2001-09.html

[6].Moore, D., et al., The Spread of the Sapphire/Slammer Worm. 2003, CAIDA, UCSD, ICIR & LBNL, Silicon Defense, UC Berkeley

[7]. Hines, E.S., MyDoom.B Worm Analysis, 2004, Applied Watch Technologies, Inc., http://isc.sans.org/presentations/MyDoom_B_Analysis.pdf.

[8]. Williams, M., EBay, Amazon, Buy.com hit by attacks, 2000, http://www.nwfusion.com/news/2000/0209attack.html.

[9]. Fonseca, B., Yahoo outage raises Web concerns, 2000, http://www.nwfusion.com/news/2000/0209yahoo2.html.

[10]. CSI/FBI, Cyber Attacks Continue, but Financial Losses are Down 2003, http://www.gocsi.com/press/20030528.jhtml?requestid=335314.

[11]. Moore, D., G.M. Voelker, and S. Savage. Inferring Internet Denial-of-Service Activity. in proceedings of the 2001 USENIX Security Symposium. 2001.

[12]. Ferguson, P. and D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing.The Internet Society, 1998.

[13]. Cisco, Defining Strategies to Protect Against TCP SYN Denial of Service Attacks, http://cio.cisco.com/warp/public/707/4.html.

[14]. Cisco, Using CAR During DOS Attacks, http://www.cisco.com/warp/public/63/car ratelimit_icmp.html.

[15]. Song, D.X. and A. Perrig. Advanced and authenticated marking schemes for IP traceback. in 20th Annual Joint Conference Of the IEEE Computer and Communications Societies. 2001.Anchorage, AK, United States: Proceedings – IEEE INFOCOM.v 2 2001.

[16]. Snoeren, A.C., et al. Hash-based IP traceback. in ACM Special Interest Group on Data Communications (SIGCOMM).2001. San Diego, CA, United States: Computer Communication Review. v 31 n 4 2001.

[17]. Savage, S., et al., Practical network support for IP traceback.Computer Communication Review, 2000. 30(4): p. 295-306.

[18]. Stavrou, A., et al., WebSOS: An Overlay-based System For Protecting Web Servers From Denial of Service Attacks. ElsevierJournal ofComputer Networks, special issue on Web and Network Security, 2005.

[19]. Keromytis, A.D., V. Misra, and D. Rubenstein. SOS:Secure Overlay Services. in ACM Special Interest Groupon Data Communications (SIGCOMM). 2002. Pittsburgh, PA:ACM.

[20] Andersen, D.G. Mayday: Distributed Filtering for Internet Services. in 4th Usenix Symposium on Internet Technologies and Systems. 2003. Seattle, Washington.

[21]. Adkins, D., et al., Towards a More Functional and Secure Network Infrastructure. 2003, Computer Science Division, UC Berkeley: Berkeley

[22]. Adkins, D., et al. Taming IP Packet Flooding Attacks. in HotNets-II. 2003.

[23]. Keromytis, A.D., V. Misra, and D. Rubenstein. Using Overlays to Improve Network Security. in the ITCom Conference, special track on Scalability and Traffic Control in IP Networks 2002.

[24]. Keromytis, A., V. Misra, and D. Rubenstein, SOS:An Architecture For Mitigating DDoS Attacks. IEEE Journal on Selected Areas of Communications ( JSAC), 2004. 21(1): p. 176-188.

[25]. Ioannidis, S., et al. Implementing a Distributed Firewall. in the 7th ACM International Conference on Computer and Communications Security (CCS). 2000.

[26]. Xuan, D., S. Chellappan, and X. Wang. Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks. in 24th International Conference on Distributed Computing Systems (ICDCS’04). 2004.

[27]. Lakshminarayanan, K., et al. Towards a Secure Indirection Infrastructure. in ACM Symposium on Principles of Distributed Computing. 2004.

[28]. Stoica, I., et al. Internet Indirection Infrastructure. in ACM Special Interest Group on Data Communications

[29]. Akamai, Akamai Technology Overview, http://www.akamai.com/en/html/technology /overview.html.

[30]. Liu, X. and A.A. Chien. Realistic Large-Scale Online Network Simulation. in SuperComputing’04. 2004. Pittsburgh, PA.

[31]. Stoica, I., et al. Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications. in ACM Special Interest Group on Data Communications (SIGCOMM). 2001.

[32]. Ratnasamy, S., et al. A Scalable Content-Addressable Network. in ACM Special Interest Group on Data Communications (SIGCOMM). 2001.

[33]. Leighton, F.T., Introduction to Parallel Algorithms and Architectures: Arrays, Trees, Hypercubes. 1991: Morgan Kaufmann Pub.

[34]. Liu, X., H. Xia, and A.A. Chien, Validating and Scaling the MicroGrid: A Scientific Instrument for Grid Dynamics. Journal of Grid Computing, 2003.

[35]. Liu, X. and A. Chien. Traffic-based Load Balance for Scalable Network Emulation. in SuperComputing 2003. Noverber 2003. Phoenix, Arizona: the Proceedings of T he ACM Conference on High Performance Computing and Networking.

Untitled Page