DENIAL OF SERVICE ATTACKS

This paper describes the most common types of DoS, including the latest one, named Distributed Reflection Denial of Service. The operation of the Internet’s TCP protocol is followed by complete explanation on how several types of DoS work. Bandwidth and CPU load are very important aspects on how the resources are delivered by the servers. Therefore an attack that produces load on any of the two resources – bandwidth and processing power – can cause valid traffic not to obtain useful service, because of the malicious attack. The crucial fact is that the world is changing rapidly and the world's Internet of today and tomorrow is not the Internet of yesterday. Therefore we must be one step behind (if not forward) any attacker, in order to be prepared and make our servers stay live on the Internet.DoS, Denial of Service, hijack, DRDoS, Internet attack, vulnerability, TCP/IP, TCP, crack, sniff, routing, router

Group Scheduling in SELinux to Mitigate CPU-Focused Denial of Service Attacks

Popular security techniques such as public-private key encryption, firewalls, and role-based access control offer significant protec-tion of system data, but offer only limited protection of the computations using that data from significant interference due to accident or adversarial attack. However, in an increasing number of modern systems, ensuring the reliable execution of system activities is every bit as important as ensuring data security. This paper makes three contributions to the state of the art in protection of the execution of system activities from accidental or adversarial interference. First, we consider the motivating problem of CPU-focused denial of service attacks, and explain how limitations of current approaches to these kinds of attacks make it difficult to offer sufficiently rigorous and fine-grained assurances of protection for the execution of system computations. Second, we describe a novel solution approach in which we have integrated fine-grained scheduling decision functions with system call hooks from the Security Enhanced Linux (SELinux) framework within the Linux 2.6 kernel. Third, we present empirical evaluations of the efficacy of our approach in controlling the CPU utilization of competing greedy computations that are either completely CPU bound, or that interleave I/O and CPU access, across a range of relative allocations of the CPU

An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic

Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even if there is a disruption in services for a fraction of period. Similar to a DDoS attack is the Flash Crowd (FC) flooding traffics, in which a particular service is assessed by many legitimate users concurrently, which results in the denial of service. Overloading of network resources is a common issue associated with both of these events, which impact CPU, available bandwidth, and memory for legitimate users, thereby leading to limited accessibility. To address this issue, this thesis proposes an adaptive agent-based protection model known as Adaptive Protection of Flooding Attacks (APFA) specific for DDoS attacks and FC flooding traffics. The APFA model is aimed to protect the Network Application Layer (NAL) against such attacks. The APFA model consists of analysis, detection, decision and filter modules. The main contribution of this work in the APFA model is the decision module that employs a software agent to adapt and recognize the DDoS attacks (Demons and Zombies) and FC flooding traffics. The agent is equipped with three analysis functions that operate on three parameters of normal traffic intensity, traffic attack behavior, and IP address history log. The agent accordingly reacts on each of these attacks with different types of filtering actions as required. APFA model was implemented and tested by applying different attack scenarios using CIDDS standard dataset. The APFA model testing results achieve an accuracy of 99.64%, a precision of 99.62% and sensitivity of 99.96%. The APFA model results outperform similar models of the related work and the adaptive agent is able to distinguish between demons and zombies of the DDoS attacks with high accuracy of 99.91%

Defending Against Denial of Service

Civil Society currently faces significant cyber threats. At the top of the list of those threats are Denial of Service (DoS) attacks. The websites of many organizations and individuals have already come under such attacks, and the frequency of those attacks are on the rise. Civil Society frequently does not have the kinds of resources or technical know-how that is available to commercial enterprise and government websites, and often have to exist in adverse political environments where every avenue available, both legal and illegal, is used against them. Therefore, the threat of DoS attacks is unlikely to go away any time soon.A Denial of Service (DoS) attack is any attack that overwhelms a website, causing the content normally provided by that website to no longer be available to regular visitors of the website. Distributed Denial of Service (DDoS) attacks are traffic volumebased attacks originating from a large number of computers, which are usually compromised workstations. These workstations, known as 'zombies', form a widely distributed attack network called a 'botnet'. While many modern Denial of Service attacks are Distributed Denial of Service attacks, this is certainly not true for all denials of service experienced by websites. Therefore, when users first start experiencing difficulty in getting to the website content, it should not be assumed that the site is under a DDoS attack. Many forms of DoS are far easier to implement than DDoS, and so these attacks are still used by parties with malicious intent. Many such DoS attacks are easier to defend against once the mechanism used to cause the denial of service is known. Therefore, it is paramount to do proper analysis of attack traffic when a site becomes unable to perform its normal function. There are two parts to this guide. The first part outlines preparatory steps that can be taken by Civil Society organizations to improve their website's resilience, should it come under attack. However, we do understand that most Civil Society organizations' first introduction to DoS attacks comes when they suddenly find themselves the victim of an attack. The second part of this guide provides a step-by-step process to assist the staff of NGOs to efficiently deal with that stressful situation

Denial-of-Service Resistance in Key Establishment

Denial of Service (DoS) attacks are an increasing problem for network connected systems. Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate the protocol initiator and to generate the cryptographic keying material that will subsequently be used to secure the communications between initiator and responder. The goal of DoS resistance in key establishment protocols is to ensure that attackers cannot prevent a legitimate initiator and responder deriving cryptographic keys without expending resources beyond a responder-determined threshold. In this work we review the strategies and techniques used to improve resistance to DoS attacks. Three key establishment protocols implementing DoS resistance techniques are critically reviewed and the impact of misapplication of the techniques on DoS resistance is discussed. Recommendations on effectively applying resistance techniques to key establishment protocols are made

Telephony Denial of Service Defense at Data Plane (TDoSD@DP)

The Session Initiation Protocol (SIP) is an application-layer control protocol used to establish and terminate calls that are deployed globally. A flood of SIP INVITE packets sent by an attacker causes a Telephony Denial of Service (TDoS) incident, during which legitimate users are unable to use telephony services. Legacy TDoS defense is typically implemented as network appliances and not sufficiently deployed to enable early detection. To make TDoS defense more widely deployed and yet affordable, this paper presents TDoSD@DP where TDoS detection and mitigation is programmed at the data plane so that it can be enabled on every switch port and therefore serves as distributed SIP sensors. With this approach, the damage is isolated at a particular switch and bandwidth saved by not sending attack packets further upstream. Experiments have been performed to track the SIP state machine and to limit the number of active SIP session per port. The results show that TDoSD@DP was able to detect and mitigate ongoing INVITE flood attack, protecting the SIP server, and limiting the damage to a local switch. Bringing the TDoS defense function to the data plane provides a novel data plane application that operates at the SIP protocol and a novel approach for TDoS defense implementation.Final Accepted Versio

A trustworthy mobile agent infrastructure for network management

Despite several advantages inherent in mobile-agent-based approaches to network management as compared to traditional SNMP-based approaches, industry is reluctant to adopt the mobile agent paradigm as a replacement for the existing manager-agent model; the management community requires an evolutionary, rather than a revolutionary, use of mobile agents. Furthermore, security for distributed management is a major concern; agent-based management systems inherit the security risks of mobile agents. We have developed a Java-based mobile agent infrastructure for network management that enables the safe integration of mobile agents with the SNMP protocol. The security of the system has been evaluated under agent to agent-platform and agent to agent attacks and has proved trustworthy in the performance of network management tasks