Active router approach to defeating denial-of-service attacks in networks

Denial-of-service attacks represent a major threat to modern organisations who are increasingly dependent on the integrity of their computer networks. A new approach to combating such threats introduces active routers into the network architecture. These active routers offer the combined benefits of intrusion detection, firewall functionality and data encryption and work collaboratively to provide a distributed defence mechanism. The paper provides a detailed description of the design and operation of the algorithms used by the active routers and demonstrates how this approach is able to defeat a SYN and SMURF attack. Other approaches to network design, such as the introduction of a firewall and intrusion detection systems, can be used to protect networks, however, weaknesses remain. It is proposed that the adoption of an active router approach to protecting networks overcomes many of these weaknesses and therefore offers enhanced protection

Automated Adaptive Intrusion Containment in Systems of Interacting Services

Large scale distributed systems typically have interactions among different services that create an avenue for propagation of a failure from one service to another. The failures being considered may be the result of natural failures or malicious activity, collectively called disruptions. To make these systems tolerant to failures it is necessary to contain the spread of the occurrence automatically once it is detected. The objective is to allow certain parts of the system to continue to provide partial functionality in the system in the face of failures. Real world situations impose several constraints on the design of such a disruption tolerant system of which we consider the following - the alarms may have type I or type II errors; it may not be possible to change the service itself even though the interaction may be changed; attacks may use steps that are not anticipated a priori; and there may be bursts of concurrent alarms. We present the design and implementation of a system named ADEPTS as the realization of such a disruption tolerant system. ADEPTS uses a directed graph representation to model the spread of the failure through the system, presents algorithms for determining appropriate responses and monitoring their effectiveness, and quantifies the effect of disruptions through a high level survivability metric. ADEPTS is demonstrated on a real e-commerce testbed with actual attack patterns injected into it

Evaluation of Windows Servers Security Under ICMP and TCP Denial of Service Attacks

Securing server from Distributed denial of service (DDoS) attacks is a challenging task for network operators. DDOS attacks are known to reduce the performance of web based applications and reduce the number of legitimate client connections. In this thesis, we evaluate performance of a Windows server 2003 under these attacks. In this thesis, we also evaluate and compare effectiveness of three different protection mechanisms, namely SYN Cache, SYN Cookie and SYN proxy protection methods, to protect against TCP SYN DDoS attacks. It is found that the SYN attack protection at the server is more effective at lower loads of SYN attack traffic, whereas the SYN cookies protection is more effective at higher loads compared to other methods

Security Vulnerability Evaluation of Popular Personal Firewalls and Operating Systems

In this thesis, experimental evaluation of security vulnerabilities has been performed under DoS attacks for popular personal firewalls from McAfee, Norton and Kaspersky; and for operating systems namely Apple’s Leopard and SnowLeopard, and Microsoft’s Windows XP and Windows 7. Our experimental results show that the firewalls and operating systems behave differently under a given DoS attack. Some of the firewalls crashed under certain DoS attacks especially when they were configured to prevent and block packets belonging to such attacks. Operating systems evaluated in this thesis were also found to have different built-in security capabilities, and some of them even crashed under certain DoS attacks requiring forced reboot of the system. Comparative performance of firewalls and operating systems under DoS attacks has been presented

Evaluation of Security Availability of Data Components for A Renewable Energy Micro Smart Grid System

In this thesis, we study the development and security testing of photovoltaic data collection system. With the introduction of the smart grid concept, a lot of research has been done on the communication aspect of energy production and distribution throughout the power network. For Smart Grid, Internet is used as the communication medium for specific required services and for data collection. Despite all the advantages of the Smart Grid infrastructure, there is also some security concern regarding the vulnerabilities associated with internet access. In this thesis, we consider security testing of the two most popular and globally deployed web server platforms Apache running on Red Had Linux 5 and IIS on Windows Server 2008, and their performance under Distributed Denial of Service Attacks. Furthermore we stress test the data collection services provided by MySQL running on both Windows and Linux Servers when it is also under DDoS attacks

Scalable Wavelet-Based Active Network Stepping Stone Detection

Network intrusions leverage vulnerable hosts as stepping stones to penetrate deeper into a network and mask malicious actions from detection. This research focuses on a novel active watermark technique using Discrete Wavelet Transformations to mark and detect interactive network sessions. This technique is scalable, nearly invisible and resilient to multi-flow attacks. The watermark is simulated using extracted timestamps from the CAIDA 2009 dataset and replicated in a live environment. The simulation results demonstrate that the technique accurately detects the presence of a watermark at a 5% False Positive and False Negative rate for both the extracted timestamps as well as the empirical tcplib distribution. The watermark extraction accuracy is approximately 92%. The live experiment is implemented using the Amazon Elastic Compute Cloud. The client system sends marked and unmarked packets from California to Virginia using stepping stones in Tokyo, Ireland and Oregon. Five trials are conducted using simultaneous watermarked and unmarked samples. The live results are similar to the simulation and provide evidence demonstrating the effectiveness in a live environment to identify stepping stones

Automated adaptive intrusion containment in systems of interacting services

Abstract Large scale distributed systems typically have interactions among different services that create an avenue for propagation of a failure from one service to another. The failures being considered may be the result of natural failures or malicious activity, collectively called disruptions. To make these systems tolerant to failures it is necessary to contain the spread of the occurrence automatically once it is detected. The objective is to allow certain parts of the system to continue to provide partial functionality in the system in the face of failures. Real world situations impose several constraints on the design of such a disruption tolerant system of which we consider the following -the alarms may have type I or type II errors; it may not be possible to change the service itself even though the interaction may be changed; attacks may use steps that are not anticipated a priori; and there may be bursts of concurrent alarms. We present the design and implementation of a system named ADEPTS as the realization of such a disruption tolerant system. ADEPTS uses a directed graph representation to model the spread of the failure through the system, presents algorithms for determining appropriate responses and monitoring their effectiveness, and quantifies the effect of disruptions through a high level survivability metric. ADEPTS is demonstrated on a real e-commerce testbed with actual attack patterns injected into it

Ein mehrschichtiges sicheres Framework für Fahrzeugsysteme

In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems distributed throughout the car, known as Electronic Control Units (ECUs). Each one of these ECUs runs a number of software components that collaborate with each other to perform various vehicle functions. Modern vehicles are also equipped with wireless communication technologies, such as WiFi, Bluetooth, and so on, giving them the capability to interact with other vehicles and roadside infrastructure. While these improvements have increased the safety of the automotive system, they have vastly expanded the attack surface of the vehicle and opened the door for new potential security risks. The situation is made worse by a lack of security mechanisms in the vehicular system which allows the escalation of a compromise in one of the non-critical sub-systems to threaten the safety of the entire vehicle and its passengers. This dissertation focuses on providing a comprehensive framework that ensures the security of the vehicular system during its whole life-cycle. This framework aims to prevent the cyber-attacks against different components by ensuring secure communications among them. Furthermore, it aims to detect attacks which were not prevented successfully, and finally, to respond to these attacks properly to ensure a high degree of safety and stability of the system.In den letzten Jahren wurden bedeutende Entwicklungen im Bereich der Fahrzeuge vorgestellt, die die Fahrzeuge zu einem Netzwerk mit vielen im gesamten Fahrzeug verteile integrierte Systeme weiterentwickelten, den sogenannten Steuergeräten (ECU, englisch = Electronic Control Units). Jedes dieser Steuergeräte betreibt eine Reihe von Softwarekomponenten, die bei der Ausführung verschiedener Fahrzeugfunktionen zusammenarbeiten. Moderne Fahrzeuge sind auch mit drahtlosen Kommunikationstechnologien wie WiFi, Bluetooth usw. ausgestattet, die ihnen die Möglichkeit geben, mit anderen Fahrzeugen und der straßenseitigen Infrastruktur zu interagieren. Während diese Verbesserungen die Sicherheit des Fahrzeugsystems erhöht haben, haben sie die Angriffsfläche des Fahrzeugs erheblich vergrößert und die Tür für neue potenzielle Sicherheitsrisiken geöffnet. Die Situation wird durch einen Mangel an Sicherheitsmechanismen im Fahrzeugsystem verschärft, die es ermöglichen, dass ein Kompromiss in einem der unkritischen Subsysteme die Sicherheit des gesamten Fahrzeugs und seiner Insassen gefährdet kann. Diese Dissertation konzentriert sich auf die Entwicklung eines umfassenden Rahmens, der die Sicherheit des Fahrzeugsystems während seines gesamten Lebenszyklus gewährleistet. Dieser Rahmen zielt darauf ab, die Cyber-Angriffe gegen verschiedene Komponenten zu verhindern, indem eine sichere Kommunikation zwischen ihnen gewährleistet wird. Darüber hinaus zielt es darauf ab, Angriffe zu erkennen, die nicht erfolgreich verhindert wurden, und schließlich auf diese Angriffe angemessen zu reagieren, um ein hohes Maß an Sicherheit und Stabilität des Systems zu gewährleisten

Autonomic Response to Distributed Denial of Service Attacks............................................................... 75

its affiliates in the U.S. and/or other countries. All registered trademarks in this document are the sole property of their respective owners. All specifications may change without notice