Analisa Pengelompokan Cyber Crime Pada Penerapan Electronic Commerce

The rapid development of Information Technology (IT) greatly influences human needs and activities. One influence occurs in buying and selling transactions carried out by two parties, namely consumers and producers or more online. The transaction process is E-commerce (Electronic Commerce). Internet use certainly has risks, one of which is Cyber Crime. Cyber Crime is a crime committed in the internet world involving individuals or groups. Types of Cyber Crime consist of hacking, craking, sniffing and so forth. Cyber Crime cases are grouped into 4 groups namely Interruption, Interception, Modification, and Fabrication. This study uses a literature study method that analyzes 21 journals that discuss Cyber Crime in E-Commerce. The purpose of this study is to determine the Cyber Crime that often occurs in E-Commerce. The results of this study provide recommendations that can be used for developers related to the Cyber Crime group that need to be watched out and prevented.Keywords- E-Commerce, Cyber Crim

Analisa Pengelompokan Cyber Crime Pada Penerapan Electronic Commerce

The rapid development of Information Technology (IT) greatly influences human needs and activities. One influence occurs in buying and selling transactions carried out by two parties, namely consumers and producers or more online. The transaction process is E-commerce (Electronic Commerce). Internet use certainly has risks, one of which is Cyber Crime. Cyber Crime is a crime committed in the internet world involving individuals or groups. Types of Cyber Crime consist of hacking, craking, sniffing and so forth. Cyber Crime cases are grouped into 4 groups namely Interruption, Interception, Modification, and Fabrication. This study uses a literature study method that analyzes 21 journals that discuss Cyber Crime in E-Commerce. The purpose of this study is to determine the Cyber Crime that often occurs in E-Commerce. The results of this study provide recommendations that can be used for developers related to the Cyber Crime group that need to be watched out and prevented.Keywords- E-Commerce, Cyber Crim

DDoS Attack Detection Using Cooperative Overlay Networks and Gossip Protocol

DDoS attacks have major impact on the affected networks viz. packet transmission delays, network outage, website sabotage, financial losses, legitimate-user blockage and reputation damage. Existing DDoS detection techniques are either implemented at the victim node (but the damage is already done) or at many intermediate routers which run DDoS detection algorithms, that adds additional delay and more processing. We aim to detect DDoS attacks by using a new technique of cooperative overlay networks which overcomes the above problems by implementing the DDoS detection algorithm at one hop distance nodes (called defense nodes) from the victim. DOI: 10.17762/ijritcc2321-8169.15062

Detection and Counter Measure of AL-DDoS Attacks in Web Traffic

Distributed Denial-of-Service (DDoS) assaults are a developing danger crosswise over Internet, disturbing access to Information and administrations. Presently days, these assaults are focusing on the application layer. Aggressors are utilizing systems that are exceptionally hard to recognize and relieve. In this task propose another technique to recognize AL-DDoS assaults. This work separates itself from past techniques by considering AL-DDoS assault location in overwhelming spine activity. In addition, the identification of AL-DDoS assaults is effectively deceived by glimmer group movement. By analyzing the entropy of AL-DDoS assaults and glimmer swarms, these model output be utilized to perceive the genuine AL-DDoS assaults. With a quick AL-DDoS identification speed, the channel is equipped for letting the real demands through yet the assault movement is halted

LOW INTERACTION HONEYPOT UNTUK MEMINIMALISIR SERANGAN DISTRIBUTED DENIAL OF SERVICE (DDOS) : Slowloris Terhadap Web Server

Slowloris merupakan salah satu open-source tool serangan DDoS yang pada umumnya menyerang web server berbasis software Apache. Selama ini, untuk mengurangi serangan Slowloris digunakanlah firewall, load balancer dan penambahan jumlah web server. Penelitian ini bertujuan untuk merancang mekanisme pertahanan yang terdiri dari Low Interaction Honeypot (HoneyPy) dan stateless firewall sehingga tak perlu menambahkan jumlah web server. Keandalan mekanisme pertahanan tersebut diuji dengan melakukan eksperimen dalam tiga kondisi, yaitu kondisi normal tanpa penyerangan sama sekali, kondisi penyerangan tanpa mekanisme pertahanan dan dengan mekanisme pertahanan. Dampak yang ditimbulkan oleh serangan Slowloris dilihat dari jumlah paket client error. Penyerangan dilakukan selama 5 menit dengan membuat 1000 koneksi ke web server. Ketika kondisi normal, jumlah paket client error tidak ada sama sekali karena tidak ada penyerangan. Ketika penyerangan tanpa mekanisme pertahanan, paket client error berjumlah 2142 paket. Sedangkan ketika dengan mekanisme pertahanan, jumlah paket client error turun menjadi 33 paket. Sehingga, dapat disimpulkan bahwa adanya Low Interaction Honeypot dalam mekanisme pertahanan dapat menurunkan dampak serangan Slowloris serta memperlambat penyerangan.;--Slowloris is an open-source DDoS attack tool that generally attacks Apache-based web servers. During this time, Firewalls, load balancers and additional numbers of web servers are used to mitigate the Slowloris attack. This research aims to design the defense mechanism consisting of Low Interaction Honeypot (HoneyPy) and the stateless firewall so we don’t need to use more web servers. The reliability of the defense mechanism was tested by conducting an experiment in three conditions, the normal condition when there are no attacks at all, the attacking condition with and without the defense mechanism. The impact caused by the Slowloris attack can be seen from the number of client error packets. The attack was carried out for 5 minutes by making 1000 connections to the webserver. There is no client error packets in the normal condition because there are no attacks. In the attacking condition without the defense mechanism, the client error packets are 2142 packets. Whereas, in the attacking condition with the defense mechanism, the number of client error packets drops to 33 packets. Thus, it can be concluded that the existence of Low Interaction Honeypot in defense mechanisms can reduce the impact of Slowloris attacks and slow down the attacks

EXECUÇÃO E ESTRATÉGIAS PARA MITIGAÇÃO DE ATAQUES DE NEGAÇÃO DE SERVIÇO EM SERVIDORES WEB: UM RELATO DE EXPERIÊNCIA

This paper describes the execution of denial of service attacks performed on web servers configured with different Apache versions, trying to reflect scenarios commonly found in Federal Institutions of Higher Education in Brazil. The approach consisted of the following steps: (i) tool selection for the experiment; (ii) definition of attack parameters; (iii) execution of attack with a selected tool in (i) on servers with similar characteristics to those in production; and (iv) execution of an attack with changes in the firewall as a strategy to mitigate the attack. Based on the observed result, the default configuration does not protect servers from simple denial of service attacks, but the settings implemented in (iv) were sufficient to prevent similar attacks from being successful in future executions.Este artigo descreve a execução de ataques de negação de serviço realizados em servidores web configurados com diferentes versões do Apache, buscando refletir cenários comumente encontrados em Instituições Federais de Ensino Superior do Brasil. A abordagem consistiu nas seguintes etapas: (i) seleção de ferramenta para o experimento; (ii) definição de parâmetros de ataque; (iii) execução de ataque com uma ferramenta selecionada em (i), em servidores com caracterı́sticas semelhantes aos em produção; e (iv) execução de ataque com alterações no firewall como estratégia para mitigação do ataque. Com base no resultado observado, a configuração padrão não protege os servidores de ataques de negação de serviço simples, mas as configurações implementadas em (iv) foram suficientes para impedir que ataques semelhantes aos que foram realizados obtenham sucesso em execuções futuras

CALD : surviving various application-layer DDoS attacks that mimic flash crowd

Distributed denial of service (DDoS) attack is a continuous critical threat to the Internet. Derived from the low layers, new application-layer-based DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. The case may be more serious when suchattacks mimic or occur during the flash crowd event of a popular Website. In this paper, we present the design and implementation of CALD, an architectural extension to protect Web servers against various DDoS attacks that masquerade as flash crowds. CALD provides real-time detection using mess tests but is different from other systems that use resembling methods. First, CALD uses a front-end sensor to monitor thetraffic that may contain various DDoS attacks or flash crowds. Intense pulse in the traffic means possible existence of anomalies because this is the basic property of DDoS attacks and flash crowds. Once abnormal traffic is identified, the sensor sends ATTENTION signal to activate the attack detection module. Second, CALD dynamically records the average frequency of each source IP and check the total mess extent. Theoretically, the mess extent of DDoS attacks is larger than the one of flash crowds. Thus, with some parameters from the attack detection module, the filter is capable of letting the legitimate requests through but the attack traffic stopped. Third, CALD may divide the security modules away from the Web servers. As a result, it keeps maximum performance on the kernel web services, regardless of the harassment from DDoS. In the experiments, the records from www.sina.com and www.taobao.com have proved the value of CALD

Harnessing the power of BitTorrent for distributed denial-of-service attacks

BitTorrent is a popular peer-to-peer (P2P) file-sharing protocol that utilizes a central server, known as a \u27tracker\u27, to coordinate connections between peers in a \u27swarm\u27, a term used to describe a Bit Torrent ad-hoc file sharing network. The tracker of a swarm is specified by the original file distributor and trusted unconditionally by peers in the swarm. This central point of control provides an opportunity for a file distributor to deploy a modified tracker to provide peers in a swarm with malicious coordination data, directing peer connection traffic toward an arbitrary target machine on an arbitrary service port. Although such an attack does not generate huge amount of attack traffic, it would set up many connections with the victim server successfully, which could cause serious denial-of-service by exhausting the victim server\u27s connection resource. In this paper, we present and demonstrate such an attack that is entirely tracker-based, requiring no modifications to Bit Torrent client software and could be deployed by an attacker right now. The results from both emulation and real-world experiments show the applicability of this attack. Due to the skyrocketing popularity of Bit Torrent and numerous large-scale swarms existed in the Internet, Bit Torrent swarms provide an intriguing platform for launching distributed denial-of-service (DDoS) attacks based on connection exhaustion. Copyright (C) 2010 John Wiley & Sons, Ltd

ShutUp: End-to-End Containment of Unwanted Traffic

While the majority of Denial-of-Service (DoS) defense proposals assume a purely infrastructure-based architecture, some recent proposals suggest that the attacking endhost may be enlisted as part of the solution, through tamper-proof software, network-imposed incentives, or user altruism. While intriguing, these proposals ultimately raise the deployment bar by requiring both the infrastructure and endhosts to cooperate. In this paper, we explore the design of a pure end-to-end architecture based on tamper-proof endhost software implemented for instance with trusted platforms and virtual machines. We present the design of a ?Shutup Service?, whereby the recipient of unwanted traffic can ask the sender to slowdown or stop. We show that this service is effective in stopping DoS attacks, and in significantly slowing down other types of unwanted traffic such as worms. The Shutup service is incrementally deployable with buy-in from OS or antivirus vendors, requiring only minimal changes to the endhost software stack and no changes to the protocol stack. We show through experimentation that the service is effective and has little impact on legitimate traffic