Distributed Denial of Service Attacks (DDoS) Christos Papadopoulos.
Bandwidth Distributed Denial of SerFull Document
Transcript of Bandwidth Distributed Denial of SerFull Document
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
1/17
BANDWIDTH DISTRIBUTED DENIAL OFSERVICE: ATTACKS AND DEFENSES
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
2/17
ABSTRACT
Distributed denial of service (DDoS) attacks pose a serious threat to the
Internet. We discuss the Internets vulnerability to Bandwidth Distributed
Denial of Service (BW-DDoS) attacks where !any hosts send a hu"e
nu!ber of packets e#ceedin" network capacity and causin" con"estion and
losses thereby disruptin" le"iti!ate traffic. $%& and other protocols e!ploy
con"estion control !echanis!s that respond to losses and delays by
reducin" network usa"e hence their perfor!ance !ay be de"raded sharply
due to such attacks. 'ttackers !ay disrupt connectivity to servers networks
autono!ous syste!s or whole countries or re"ions such attacks were
already launched in several conflicts.
BW-DDoS e!ployed relatively crude inefficient brute force !echanis!s
future attacks !ay be si"nificantly !ore effective and hence !uch !ore
har!ful. $o !eet the increasin" threats !ore advanced defenses should be
deployed. $his !ay involve so!e proposed !echanis!s (not yet deployed)
as well as new approaches.
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
3/17
INTRODUCTION
Internet services are indispensable * and yet vulnerable to Denial of Service
(DoS) attacks and especially to Distributed DoS (DDoS) attacks. DDoS
attacks which !any attackin" a"ents cooperate to cause e#cessive load to a
victi! host service or network. DDoS attacks have increased in
i!portance nu!ber and stren"th over the years beco!in" a !a+or proble!.
,urther!ore si"nificant "rowth in sie of attacks and in their sophistication
is reported.
OBJECTIVES OF STUDY
$o identify Bandwidth Distributed Denial of Service (BW-DDoS) attacks
which disrupt the operation of the network infrastructure by causin"
con"estion or an e#cessive a!ount of traffic. BW-DDoS attacks can cause
loss or severe de"radation of connectivity between the Internet and victi!
networks or even whole autono!ous syste!s possibly disconnectin" whole
re"ions of the Internet.
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
4/17
SCOPE OF WORK
BW-DDoS attacks are usually "enerated fro! a lar"e nu!ber of
co!pro!ised co!puters (o!bies or puppets). Bandwidth Distributed
Denial of Service are the !ost freuently used DoS !ethod. /ost BW-
DDoS attacks use few si!ple ideas !ainly floodin" i.e. !any a"ents
sendin" packets at the !a#i!al rate and reflection i.e. sendin" reuests to
a server with fake (spoofed) sender I& address resultin" in server sendin"
(usually lon"er) packet to the victi!.
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
5/17
EXISTING SYSTEM
' nu!ber of I& traceback approaches have been su""ested to identify
attackers and there are two !a+or !ethods for I& traceback the
probabilistic packet !arkin" (&&/) and the deter!inistic packet
!arkin" (D&/).
Both of these strate"ies reuire routers to in+ect !arks into individual
packets.
$he D&/ strate"y reuires all the Internet routers to be updated for
packet !arkin". /oreover the D&/ !echanis! poses an
e#traordinary challen"e on stora"e for packet lo""in" for routers.
,urther both &&/ and D&/ are vulnerable to hackin" which is
referred to as packet pollution.
Disadva!a"#s
&&/ strate"y can only operate in a local ran"e of the Internet (IS&
network) where the defender has the authority to !ana"e. IS&
networks are "enerally uite s!all and cannot traceback to the attack
sources located out of the IS& network.
Because of the vulnerability of the ori"inal desi"n of the Internet we
!ay not be able to find the actual hackers at present.
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
6/17
PROPOSED SYSTEM
BW-DDoS attack where the attacker sends as !any packets as
possible directly to the victi! or fro! an attacker controlled
!achines called o!bies or bots
$he si!plest scenario is one in which the attacker is sendin" !ultiple
packets usin" a connectionless protocol such as 0D&. In 0D& flood
attacks the attacker co!!only has a user-!ode e#ecutable on the
o!bie !achine which opens a standard 0D& sockets and sends !any
0D& packets towards the victi!.
,or 0D& floods and !any other BW-DDoS attacks the attackin"a"ents !ust have o!bies i.e. hosts runnin" adversary-controlled
!alware allowin" the !alware to use the standard $%&1I& sockets.
$he first atte!pts to avoid detection and the second tries to e#ploit
le"iti!ate protocol behavior and cause le"iti!ate clients1server to
e#cessively !isuse their bandwidth a"ainst the attacked victi!.
Adva!a"#s
Bandwidth based identification
2asily identifies attacker
3i"h attack detection
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
7/17
SYSTEM SPECIFICATION
HARDWARE SPECIFICATION
&rocessor 4 'ny &rocessor above 566 /3.
7a! 4 89:/b.
3ard Disk 4 86 ;B.
Input device 4 Standard ;' and 3i"h 7esolution /onitor.
SOFTWARE SPECIFICATION
=peratin" Syste! 4 Windows ,a!ily.
&ro"ra!!in" ?an"ua"e 4 @D< 8.5 or hi"her
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
8/17
SYSTEM ARCHITECTURE
Fi": S$s!#% A&'(i!#'!)
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
9/17
MODULES
%onstruction of nor!al Dataset
?ocal Data %ollection
$rainin" nor!al data usin" cluster !echanis!
$estin" &hase
C*s!&)'!i* *+ *&%a, Da!as#!
$he data obtained fro! the audit data sources !ostly contains local routin" infor!ation
data and control infor!ation fro! /'% and routin" layers alon" with other traffic
statistics. $he trainin" of data !ay entail !odelin" the allot!ent of a "iven set of trainin"
points or characteristic network traffic sa!ples.
L*'a, Da!a C*,,#'!i*
' nor!al profile is an a""re"ated rule set of !ultiple trainin" data se"!ents. Aew and
updated detection rules across ad-hoc networks are obtained fro! nor!al profile. $he
nor!al profile consists of nor!al behavior patterns that are co!puted usin" trace data
fro! a trainin" process where all activities are nor!al. Durin" testin" process nor!al
and abnor!al activities are processed and any deviations fro! the nor!al profiles are
recorded.
T&aii" *&%a, da!a )si" ',)s!#& %#'(ais%
It calculates the nu!ber of points near each point in the feature space. In fi#ed width
clusterin" techniue set of clusters are for!ed in which each cluster has fi#ed radius also
known as cluster width in the feature space.
T#s!i" P(as#
$he testin" phase takes place by co!parin" each new traffic sa!ples with the cluster set
to deter!ine the anony!ity. $he distance between a new traffic sa!ple point and each
cluster centroid is calculated. If the distance fro! the test point s to the centroid of its
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
10/17
nearest cluster is less than cluster width para!eter w then the traffic sa!ple shares the
label as either nor!al or ano!alous of its nearest cluster. If the distance fro! s to the
nearest cluster is "reater than w then s lies in less dense re"ion of the feature space and
is labeled as ano!alous.
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
11/17
DATA FLOW DIAGRAM
?evel 64
?evel 84
L#v#, -:
%lient
%lientSearch 7outer
7outer
7outerAei"hborDetection Aode
Bandwidth7euest
Inter-Aode
selection
%lient
Send uery
7outer
Inter-Aode
Server
IDS
!onitorin"
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
12/17
L#v#, .:
%lientSend re1res
7outer
IDS !onitorin"
$ar"eted
Dataset
Inter Aode
server
7esponse'no!aly
status
'udit lo"
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
13/17
UML DIAGRAM
USE CASE DIAGRAM
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
14/17
SE/UENCE DIAGRAM
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
15/17
ACTIVITY DIAGRAM
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
16/17
COLLABORATION DIAGRAM
-
7/24/2019 Bandwidth Distributed Denial of SerFull Document
17/17
CLASS DIAGRAM