Detection of DDoS attacks in Windows Communication Foundation Services

Internet provides many critical services so it has become very important to monitor the network traffic so that the resources of the network can be prevented from being depleted from malicious hackers. In this paper, we have presented a mechanism to detect and defense a web-server against a Distributed Denial of Service (DDoS) attack. We have presented simulation of specific kind of DDoS attack i.e. identity spoofing and SYN flood attack on an application similar to shopping portal and its results to demonstrate the effectiveness of the mechanism. Then, the attack is monitored in resource monitor of the server side monitor showing CPU utilization.Also,some defense mechanisms to defend the server against such attacks has been presented. DOI: 10.17762/ijritcc2321-8169.15029

NetworkMonitoring System (NMS)

Due to rapid changes and consequent new threats to computer networks there is a need for the design of systems that enhance network security. These systems make network administrators fully aware of the potential vulnerability of their networks. This paperdesigns a Network Monitoring System (NMS) which is an active defense and complex network surveillance platform designed for ISPs to meet their most rigorous security requirements. This system is motivated by the great needof government agencies, ecommerce companies and Web development organizations to secure their computer networks. The proposed system is also used by network administrators to enable them understand the vulnerabilities affecting computer networks. This enables these administrators to improve network security. The proposed system is a lawful network traffic (Internet Service Provider IP trffic) interception system with the main task of obtaining network communications, giving access to intercepted traffic to lawful authorities for the purpose of data analysis and/or evidence. Such data generally consist of signaling, network management information, or the content of network communications. The intercepted IP traffic is gathered and analyzed for network vulnerability in real time. Then, the corresponding TCP/UDP traffic (Web page, email message, VOIP calls, DHCP traffic, files transferred over the LAN such as HTML files, images, and video files, etc.) is rebuilt and displayed. Based on the results of the analysis of the rebuilt TCP/UDP an alarm could be generatedif amalicious behavior is detected. Experimental results show that the proposed system has many

A Novel High-Speed Architecture for Integrating Multiple DDoS Countermeasure Mechanisms Using Reconfigurable Hardware

In this paper, we proposed a novel high-speed architecture to incorporate multiple stand-alone DDoS countering mechanisms. The architecture separates DDoS filtering mechanisms, which are algorithms, out of packet decoder, which is the basement. The architecture not only helps developers to give more concentration on optimizing algorithms but also integrate multiple algorithms to achieve more efficient DDoS defense mechanism. The architecture is implemented on reconfigurable hardware, which helps algorithms to be flexibly changed or updated. We implemented and experimented the system using NetFPGA 10G board with incorporation of Port Ingress/Egress Filtering and Hop-Count Filtering to classify IP spoofing packets. The synthesis results show that the system runs at 118.907 MHz, utilizes 38.99% Registers, and 44.75% BlockRAMs/FIFOs of the NetFPGA 10G board. The system achieves the detection rate of 100% with false negative rate at 0%, and false positive rate closed to 0.16%. The experimental results prove that the system achieves packet decoding throughput at 9.869 Gbps in half-duplex mode and 19.738 Gbps in full-duplex mode

Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists

Network measurements are an important tool in understanding the Internet. Due to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not possible for IPv6. In recent years, several studies have proposed the use of target lists of IPv6 addresses, called IPv6 hitlists. In this paper, we show that addresses in IPv6 hitlists are heavily clustered. We present novel techniques that allow IPv6 hitlists to be pushed from quantity to quality. We perform a longitudinal active measurement study over 6 months, targeting more than 50 M addresses. We develop a rigorous method to detect aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining to about half of our target addresses. Using entropy clustering, we group the entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform client measurements by leveraging crowdsourcing. To encourage reproducibility in network measurement research and to serve as a starting point for future IPv6 studies, we publish source code, analysis tools, and data.Comment: See https://ipv6hitlist.github.io for daily IPv6 hitlists, historical data, and additional analyse

Accountable infrastructure and its impact on internet security and privacy

The Internet infrastructure relies on the correct functioning of the basic underlying protocols, which were designed for functionality. Security and privacy have been added post hoc, mostly by applying cryptographic means to different layers of communication. In the absence of accountability, as a fundamental property, the Internet infrastructure does not have a built-in ability to associate an action with the responsible entity, neither to detect or prevent misbehavior. In this thesis, we study accountability from a few different perspectives. First, we study the need of having accountability in anonymous communication networks as a mechanism that provides repudiation for the proxy nodes by tracing back selected outbound traffic in a provable manner. Second, we design a framework that provides a foundation to support the enforcement of the right to be forgotten law in a scalable and automated manner. The framework provides a technical mean for the users to prove their eligibility for content removal from the search results. Third, we analyze the Internet infrastructure determining potential security risks and threats imposed by dependencies among the entities on the Internet. Finally, we evaluate the feasibility of using hop count filtering as a mechanism for mitigating Distributed Reflective Denial-of-Service attacks, and conceptually show that it cannot work to prevent these attacks.Die Internet-Infrastrutur stützt sich auf die korrekte Ausführung zugrundeliegender Protokolle, welche mit Fokus auf Funktionalität entwickelt wurden. Sicherheit und Datenschutz wurden nachträglich hinzugefügt, hauptsächlich durch die Anwendung kryptografischer Methoden in verschiedenen Schichten des Protokollstacks. Fehlende Zurechenbarkeit, eine fundamentale Eigenschaft Handlungen mit deren Verantwortlichen in Verbindung zu bringen, verhindert jedoch, Fehlverhalten zu erkennen und zu unterbinden. Diese Dissertation betrachtet die Zurechenbarkeit im Internet aus verschiedenen Blickwinkeln. Zuerst untersuchen wir die Notwendigkeit für Zurechenbarkeit in anonymisierten Kommunikationsnetzen um es Proxyknoten zu erlauben Fehlverhalten beweisbar auf den eigentlichen Verursacher zurückzuverfolgen. Zweitens entwerfen wir ein Framework, das die skalierbare und automatisierte Umsetzung des Rechts auf Vergessenwerden unterstützt. Unser Framework bietet Benutzern die technische Möglichkeit, ihre Berechtigung für die Entfernung von Suchergebnissen nachzuweisen. Drittens analysieren wir die Internet-Infrastruktur, um mögliche Sicherheitsrisiken und Bedrohungen aufgrund von Abhängigkeiten zwischen den verschiedenen beteiligten Entitäten zu bestimmen. Letztlich evaluieren wir die Umsetzbarkeit von Hop Count Filtering als ein Instrument DRDoS Angriffe abzuschwächen und wir zeigen, dass dieses Instrument diese Art der Angriffe konzeptionell nicht verhindern kann