Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art

Botnets are prevailing mechanisms for the facilitation of the distributed denial of service (DDoS) attacks on computer networks or applications. Currently, Botnet-based DDoS attacks on the application layer are latest and most problematic trends in network security threats. Botnet-based DDoS attacks on the application layer limits resources, curtails revenue, and yields customer dissatisfaction, among others. DDoS attacks are among the most difficult problems to resolve online, especially, when the target is the Web server. In this paper, we present a comprehensive study to show the danger of Botnet-based DDoS attacks on application layer, especially on the Web server and the increased incidents of such attacks that has evidently increased recently. Botnet-based DDoS attacks incidents and revenue losses of famous companies and government websites are also described. This provides better understanding of the problem, current solution space, and future research scope to defend against such attacks efficiently

CALD : surviving various application-layer DDoS attacks that mimic flash crowd

Distributed denial of service (DDoS) attack is a continuous critical threat to the Internet. Derived from the low layers, new application-layer-based DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. The case may be more serious when suchattacks mimic or occur during the flash crowd event of a popular Website. In this paper, we present the design and implementation of CALD, an architectural extension to protect Web servers against various DDoS attacks that masquerade as flash crowds. CALD provides real-time detection using mess tests but is different from other systems that use resembling methods. First, CALD uses a front-end sensor to monitor thetraffic that may contain various DDoS attacks or flash crowds. Intense pulse in the traffic means possible existence of anomalies because this is the basic property of DDoS attacks and flash crowds. Once abnormal traffic is identified, the sensor sends ATTENTION signal to activate the attack detection module. Second, CALD dynamically records the average frequency of each source IP and check the total mess extent. Theoretically, the mess extent of DDoS attacks is larger than the one of flash crowds. Thus, with some parameters from the attack detection module, the filter is capable of letting the legitimate requests through but the attack traffic stopped. Third, CALD may divide the security modules away from the Web servers. As a result, it keeps maximum performance on the kernel web services, regardless of the harassment from DDoS. In the experiments, the records from www.sina.com and www.taobao.com have proved the value of CALD

Packet filter performance monitor (anti-DDOS algorithm for hybrid topologies)

DDoS attacks are increasingly becoming a major problem. According to Arbor Networks, the largest DDoS attack reported by a respondent in 2015 was 500 Gbps. Hacker News stated that the largest DDoS attack as of March 2016 was over 600 Gbps, and the attack targeted the entire BBC website. With this increasing frequency and threat, and the average DDoS attack duration at about 16 hours, we know for certain that DDoS attacks will not be going away anytime soon. Commercial companies are not effectively providing mitigation techniques against these attacks, considering that major corporations face the same challenges. Current security appliances are not strong enough to handle the overwhelming traffic that accompanies current DDoS attacks. There is also a limited research on solutions to mitigate DDoS attacks. Therefore, there is a need for a means of mitigating DDoS attacks in order to minimize downtime. One possible solution is for organizations to implement their own architectures that are meant to mitigate DDoS attacks. In this dissertation, we present and implement an architecture that utilizes an activity monitor to change the states of firewalls based on their performance in a hybrid network. Both firewalls are connected inline. The monitor is mirrored to monitor the firewall states. The monitor reroutes traffic when one of the firewalls become overwhelmed due to a HTTP DDoS flooding attack. The monitor connects to the API of both firewalls. The communication between the rewalls and monitor is encrypted using AES, based on PyCrypto Python implementation. This dissertation is structured in three parts. The first found the weakness of the hardware firewall and determined its threshold based on spike and endurance tests. This was achieved by flooding the hardware firewall with HTTP packets until the firewall became overwhelmed and unresponsive. The second part implements the same test as the first, but targeted towards the virtual firewall. The same parameters, test factors, and determinants were used; however a different load tester was utilized. The final part was the implementation and design of the firewall performance monitor. The main goal of the dissertation is to minimize downtime when network firewalls are overwhelmed as a result of a DDoS attack

On the Impact of the Cellular Modem on the Security of Mobile Phones

Mobile Kommunikation, Mobiltelefone und Smartphones sind ein wesentlicher Bestandteil unseres täglichen Lebens geworden. Daher ist es essentiell, dass diese sicher und zuverlässig funktionieren. Mobiltelefone und Mobilfunknetze sind hoch komplexe Systeme. Solche Systeme abzusichern ist eine anspruchsvolle Aufgabe. Vorangegangene Arbeiten haben sich meist auf die mobilen Endgeräte, im Speziellen auf die Betriebssysteme sowie Endanwendungen, konzentriert. Die vorliegende Doktorarbeit untersucht einen neuen Weg im Bereich Mobilfunksicherheit. Im Fokus steht das Modem als Schnittstelle zum Mobilfunknetz. Das Mobilfunkmodem ist die Komponente, welche die Funkverbindungzum Mobilfunknetz herstellt und ist nach unserer Auffassung eine der Schlüsselkomponenten bei der Untersuchung und Verbesserung der Mobilfunksicherheit. Mobilfunkmodems sind proprietär und können nur mit extrem hohem Aufwand untersucht werden. Für den Einbau zusätzlicher Sicherungsmaßnahmengilt dasselbe. Aus diesen Gründen analysiert diese Arbeit nicht das Innenleben eines Modems, sondern dessen Schnittstelle zum mobilen Betriebssystem. In dieser Arbeit untersuchen wir daher die folgende von uns aufgestellte These: Die Sicherheit mobiler Endgeräte sowie der Mobilfunknetze hängt direkt mit der Sicherheit der Modemschnittstelle zusammen. Diesen Zusammenhang legen wir anhand von drei Schritten dar. Im ersten Schritt führen wir eine Untersuchung der Modemschnittstelle durch. Basierend auf den Ergebnissen der Untersuchung führen wir mehrere Sicherheitsanalysen von Short-Message-Service- (SMS) Implementierungen von verschiedenen Telefontypen durch. Im zweiten Schritt untersuchen wir die Möglichkeiten, die sich Schadcode auf mobilen Endgeräten zu Nutze machen kann. Für diese Untersuchung entwickeln wir ein Proof-of-Concept-Botnetz, welches mittels des Modems verdeckt kommuniziert. Im dritten Schritt implementieren wir, basierend auf den Ergebnissen der vorangegangenen Schritte, einen Schutzmechanismus zur Absicherung des Modems gegen bösartige Zugriffe. Durch unsere Untersuchungen sind wir zu mehreren Ergebnissen gekommen. Die Software für den Empfang von SMS-Nachrichten beinhaltet oftmals (zum Teil kritische) Sicherheitsprobleme. Diese Sicherheitsprobleme haben auch Auswirkungen auf andere Komponenten der Endgeräte. Mit unserem mobilen Botnetz zeigen wir, welche Möglichkeiten Schadcode auf Mobiltelefonen grundsätzlich zur Verfügung stehen. Durch den von uns entwickelten Schutzmechanismus der Modemschnittstelle bestätigen wir unsere anfangs formulierte These. Die Absicherung der Modemschnittstelle verhindert die zuvor präsentierten Angriffe und zeigt hierdurch, dass die Modemschnittstelle einen entscheidenden Faktor der Mobilfunksicherheit darstellt.Cellular communication and especially mobile handsets are an essential part of our daily lives. Therefore, they need to be secure and work reliably. But mobile handsets and cellular networks are highly complex systems and securing them is a challenging task. Previously, most efforts concentrated on the handsets. These efforts only focused on the mobile phone operating system and applications in order to improve cellular system security. This thesis takes a new path and targets the cellular modem as the route to improve the security of mobile handsets and cellular networks. We target the modem since it is one of the essential parts of a mobile handset. It is the component that provides the radio link to the cellular network. This makes the modem a key element in the task to secure mobile phones. But cellular modems are proprietary and closed systems that cannot be easily analyzed in the full or even modified to improve security. Therefore, this thesis investigates the security of the cellular modem at its border to the mobile phone operating system. We suspect that the security of mobile handsets and cellular network strongly depends on the security of the modem interface. This is our hypothesis, which we seek to prove in this work. We solve this in three steps. In the first step, we analyze the interaction between the cellular modem and the other parts of a modern mobile phone. Based on the analysis we develop two novel vulnerability analysis methods. Using this methods we conduct vulnerability analysis of the Short Message Service implementations on various mobile phones. In the second step, we investigate the possible capabilities that malware has through unhindered access to the cellular modem. For this, we develop a cellular botnet where the bots utilize the modem for stealthy communication. In the third step, we use the results from the previous analysis steps to improve the security at the cellular modem interface. In our analysis step, we abused the cellular modem for vulnerability analysis.We discovered several security and reliability issues in the telephony softwares tack of common mobile phones. Using our cellular botnet implementation, we show how malware can abuse access to the cellular modem interface for various kinds of unwanted activities. In the final step, we show that through improving the security at the cellular modem interface the security of mobile handsets as well as the security of cellular networks can be increased. Throughout this thesis we show that the cellular modem has a significant impact on mobile phone security

Defending against an internet-based attack on the physical world

We discuss the dangers that scalable Internet functionality may present to the real world, focusing on a simple yet impactful attack that we believe may occur quite soon. We o#er and critique various solutions to this class of attack and hope to provide a warning to the Internet community of what is currently possible. The attack is, to some degree, a consequence of the availability of private information on the Web, and the increase in the amount of personal information that users must reveal to obtain Web services