794 research outputs found

    Impact of denial of service solutions on network quality of service

    Get PDF
    The Internet has become a universal communication network tool. It has evolved from a platform that supports best-effort traffic to one that now carries different traffic types including those involving continuous media with quality of service (QoS) requirements. As more services are delivered over the Internet, we face increasing risk to their availability given that malicious attacks on those Internet services continue to increase. Several networks have witnessed denial of service (DoS) and distributed denial of service (DDoS) attacks over the past few years which have disrupted QoS of network services, thereby violating the Service Level Agreement (SLA) between the client and the Internet Service Provider (ISP). Hence DoS or DDoS attacks are major threats to network QoS. In this paper we survey techniques and solutions that have been deployed to thwart DoS and DDoS attacks and we evaluate them in terms of their impact on network QoS for Internet services. We also present vulnerabilities that can be exploited for QoS protocols and also affect QoS if exploited. In addition, we also highlight challenges that still need to be addressed to achieve end-to-end QoS with recently proposed DoS/DDoS solutions

    QoS Design Consideration for Enterprise and Provider’s Network at Ingress and Egress Router for VoIP protocols

    Get PDF
    Compliance with the Service Level Agreement (SLA) metric is a major challenge in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) because mandatory models must be maintained on both sides of the MPLS VPN in order to achieve end-to-end service levels. The end-to-end service of an MPLS VPN can be degraded owing to various issues such as distributed denial of service (DDoS), and Random Early Detection (RED) that prevents congestion and differentiates between legitimate and illegitimate user traffic. In this study, we propose a centralized solution that uses a SLA Violation Detector (SLAVD) and intrusion detection to prevent SLA violation

    Modern DDoS Attacks and Defences -- Survey

    Full text link
    Denial of Service (DoS) and Distributed Denial of Service of Service (DDoS) attacks are commonly used to disrupt network services. Attack techniques are always improving and due to the structure of the internet and properties of network protocols it is difficult to keep detection and mitigation techniques up to date. A lot of research has been conducted in this area which has demonstrated the difficulty of preventing DDoS attacks altogether, therefore the primary aim of most research is to maximize quality of service (QoS) for legitimate users. This survey paper aims to provide a clear summary of DDoS attacks and focuses on some recently proposed techniques for defence. The research papers that are analysed in depth primarily focused on the use of virtual machines (VMs) (HoneyMesh) and network function virtualization (NFV) (VGuard and VFence).Comment: 6 pages, 6 figure

    IMPLEMENTASI THREAT MITIGATION DAN TRAFFIC POLICY MENGGUNAKAN UTM PADA JARINGAN TCP/IP

    Get PDF
    Penelitian bertujuan merancang Unified Threat Management (UTM) berbasis aplikasi open-source yang mampu melakukan Threat Mitigation dan menerapkan manajemen trafik pada jaringan TCP/IP. Metoda Threat Mitigation menggunakan SNORT sebagai Intrusion Prevention System (IPS) untuk melakukan tindakan terhadap ancaman serta melakukan monitoring trafik yang diintegrasikan dengan aplikasi Splunk sebagai Security Information and Event Management (SIEM). Metoda Traffic Policy menggunakan SQUID sebagai Proxy untuk melakukan manajemen trafik. Pengujian perfomansi jaringan dilakukan dengan mengukur parameter Quality of Service (QOS) terlebih dahulu pada setiap perangkat akses untuk melihat performansi jaringan saat terjadi serangan sebelum dan sesudah implementasi UTM. Serangan Distributed Denial of Service (DDOS) berupa Internet Control Message Protocol (ICMP) Flood dan SYN Flood. Setelah melakukan simulasi serangan DDOS selama 5 menit, Threat Mitigation mampu melakukan drop terhadap paket yang berasal dari serangan DDOS sebanyak 232409 paket dengan nilai throughput maksimum 1,823 Mbps, lebih baik dari throughput yang dihasilkan serangan DDOS sebelum implementasi UTM yaitu 869 Mbps. Hasil indeks parameter QOS setiap perangkat akses jaringan memiliki nilai indeks 4, lebih baik dari indeks parameter QOS sebelum implementasi UTM yaitu 2,843. Traffic Policy pada UTM mampu melakukan efisiensi bandwidth sebesar 4,66% atau 943,6645 MB dari total volume cache 20,23 GB, dengan menerapkan web cache untuk akses Hyper Text Transfer Proctocol (HTTP) dan limitasi throughput sebesar 300 KB pada ekstensi file image, audio, video dan executeable berukuran diatas 20 MB.   Abstract This final project aims to design Unified Threat Management (UTM) based on open-source application that capable to mitigate threat and implement traffic management on TCP/IP network. Threat Mitigation method uses SNORT as Intrusion Prevention System (IPS) and integrated with Splunk as Security Information and Event Management (SIEM). Traffic Policy method use SQUID as Proxy to implement traffic management. Network performance testing will be carried out by measuring the QOS parameters on each access device to be able to see network performance when an attack occurs before and after UTM implementation. The Denial Distributed of Service attacks was simulated with Internet Control Message Protocol (ICMP) Flood and SYN Flood. After simulating DDOS attack for 5 minutes, Threat Mitigation was able to drop 232409 packet that originating from DDOS attack with a maximum throughput value 1.823 Mbps, was better before implementation of UTM which is 869 Mbps. The result of the QOS index parameters for each access device has an index value is 4, was better than before implementation of UTM, which is 2.843. Traffic Policy was able to perform bandwidth efficiency of 4.66% or 943.6645 MB from a total cache volume of 20.23 GB, by implementing web cache for Hyper Text Transfer Protocol (HTTP) access and limiting throughput of 300 KB of image, audio, video and executable file size above 20 MB.Penelitian bertujuan merancang UTM berbasis aplikasi open-source yang mampu melakukan Threat Mitigation dan menerapkan manajemen trafik pada jaringan TCP/IP. Metoda Threat Mitigation menggunakan SNORT sebagai IPS untuk melakukan tindakan terhadap ancaman serta melakukan monitoring trafik yang diintegrasikan dengan Splunk sebagai SIEM. Metoda Traffic Policy menggunakan SQUID sebagai Proxy untuk melakukan manajemen trafik. Pengujian perfomansi jaringan dilakukan dengan mengukur parameter QOS terlebih dahulu pada setiap perangkat akses untuk melihat performansi jaringan saat terjadi serangan sebelum dan sesudah implementasi UTM. Serangan DDOS berupa ICMP Flood dan SYN Flood. Setelah melakukan simulasi serangan DDOS selama 5 menit, Threat Mitigation mampu melakukan drop terhadap paket yang berasal dari serangan DDOS sebanyak 232409 paket dengan nilai throughput maksimum 1,823 Mbps, lebih baik dari throughput yang dihasilkan serangan DDOS sebelum implementasi UTM yaitu 869 Mbps. Hasil indeks parameter QOS setiap perangkat akses jaringan memiliki nilai indeks 4, lebih baik dari indeks parameter QOS sebelum implementasi UTM yaitu 2,843. Traffic Policy pada UTM mampu melakukan efisiensi bandwidth sebesar 4,66% atau 943,6645 MB selama 5 hari kerja dari total volume cache 20,23 GB, dengan menerapkan web cache untuk akses HTTP dan limitasi throughput sebesar 300 KB pada ekstensi file image, audio, video dan executeable berukuran diatas 20 MB

    The Methods to Improve Quality of Service by Accounting Secure Parameters

    Full text link
    A solution to the problem of ensuring quality of service, providing a greater number of services with higher efficiency taking into account network security is proposed. In this paper, experiments were conducted to analyze the effect of self-similarity and attacks on the quality of service parameters. Method of buffering and control of channel capacity and calculating of routing cost method in the network, which take into account the parameters of traffic multifractality and the probability of detecting attacks in telecommunications networks were proposed. The both proposed methods accounting the given restrictions on the delay time and the number of lost packets for every type quality of service traffic. During simulation the parameters of transmitted traffic (self-similarity, intensity) and the parameters of network (current channel load, node buffer size) were changed and the maximum allowable load of network was determined. The results of analysis show that occurrence of overload when transmitting traffic over a switched channel associated with multifractal traffic characteristics and presence of attack. It was shown that proposed methods can reduce the lost data and improve the efficiency of network resources.Comment: 10 pages, 1 figure, 1 equation, 1 table. arXiv admin note: text overlap with arXiv:1904.0520

    Flow-oriented anomaly-based detection of denial of service attacks with flow-control-assisted mitigation

    Get PDF
    Flooding-based distributed denial-of-service (DDoS) attacks present a serious and major threat to the targeted enterprises and hosts. Current protection technologies are still largely inadequate in mitigating such attacks, especially if they are large-scale. In this doctoral dissertation, the Computer Network Management and Control System (CNMCS) is proposed and investigated; it consists of the Flow-based Network Intrusion Detection System (FNIDS), the Flow-based Congestion Control (FCC) System, and the Server Bandwidth Management System (SBMS). These components form a composite defense system intended to protect against DDoS flooding attacks. The system as a whole adopts a flow-oriented and anomaly-based approach to the detection of these attacks, as well as a control-theoretic approach to adjust the flow rate of every link to sustain the high priority flow-rates at their desired level. The results showed that the misclassification rates of FNIDS are low, less than 0.1%, for the investigated DDOS attacks, while the fine-grained service differentiation and resource isolation provided within the FCC comprise a novel and powerful built-in protection mechanism that helps mitigate DDoS attacks

    IoT-MQTT based denial of service attack modelling and detection

    Get PDF
    Internet of Things (IoT) is poised to transform the quality of life and provide new business opportunities with its wide range of applications. However, the bene_ts of this emerging paradigm are coupled with serious cyber security issues. The lack of strong cyber security measures in protecting IoT systems can result in cyber attacks targeting all the layers of IoT architecture which includes the IoT devices, the IoT communication protocols and the services accessing the IoT data. Various IoT malware such as Mirai, BASHLITE and BrickBot show an already rising IoT device based attacks as well as the usage of infected IoT devices to launch other cyber attacks. However, as sustained IoT deployment and functionality are heavily reliant on the use of e_ective data communication protocols, the attacks on other layers of IoT architecture are anticipated to increase. In the IoT landscape, the publish/- subscribe based Message Queuing Telemetry Transport (MQTT) protocol is widely popular. Hence, cyber security threats against the MQTT protocol are projected to rise at par with its increasing use by IoT manufacturers. In particular, the Internet exposed MQTT brokers are vulnerable to protocolbased Application Layer Denial of Service (DoS) attacks, which have been known to cause wide spread service disruptions in legacy systems. In this thesis, we propose Application Layer based DoS attacks that target the authentication and authorisation mechanism of the the MQTT protocol. In addition, we also propose an MQTT protocol attack detection framework based on machine learning. Through extensive experiments, we demonstrate the impact of authentication and authorisation DoS attacks on three opensource MQTT brokers. Based on the proposed DoS attack scenarios, an IoT-MQTT attack dataset was generated to evaluate the e_ectiveness of the proposed framework to detect these malicious attacks. The DoS attack evaluation results obtained indicate that such attacks can overwhelm the MQTT brokers resources even when legitimate access to it was denied and resources were restricted. The evaluations also indicate that the proposed DoS attack scenarios can signi_cantly increase the MQTT message delay, especially in QoS2 messages causing heavy tail latencies. In addition, the proposed MQTT features showed high attack detection accuracy compared to simply using TCP based features to detect MQTT based attacks. It was also observed that the protocol _eld size and length based features drastically reduced the false positive rates and hence, are suitable for detecting IoT based attacks

    Mitigating Denial-of-Service Attacks on VoIP Environment

    Get PDF
    IP telephony refers to the use of Internet protocols to provide voice, video, and data in one integrated service over LANs, BNs, MANs, not WANs. VoIP provides three key benefits compared to traditional voice telephone services. First, it minimizes the need fro extra wiring in new buildings. Second, it provides easy movement of telephones and the ability of phone numbers to move with the individual. Finally, VoIP is generally cheaper to operate because it requires less network capacity to transmit the same voice telephone call over an increasingly digital telephone network (FitzGerald & Dennis, 2007 p. 519). Unfortunately, benefits of new electronic communications come with proportionate risks. Companies experience losses resulting from attacks on data networks. There are direct losses like economic theft, theft of trade secrets and digital data, as well as indirect losses that include loss of sales, loss of competitive advantage etc. The companies need to develop their security policies to protect their businesses. But the practice of information security has become more complex than ever. The research paper will be about the major DoS threats the company’s VoIP environment can experience as well as best countermeasures that can be used to prevent them and make the VoIP environment and, therefore, company’s networking environment more secure
    • …
    corecore