A Research Proposal for Mitigating DoS Attacks in IP-based Networks
IJCSIS is an open access publishing venue for research in general computer science and information security. Target Audience: IT academics, university IT faculties; industry IT departments; government departments; the mobile industry and computing industry. Coverage includes: security infrastructures, network security: Internet security, content protection, cryptography, steganography and formal methods in information security; computer science, computer applications, multimedia systems, software, information systems, intelligent systems, web services, data mining, wireless communication, networking and technologies, innovation technology and management. The average paper acceptance rate for IJCSIS issues is kept at 25-30% with an aim to provide selective research work of quality in the areas of computer science and engineering. Thanks for your contributions in September 2010 issue and we are grateful to the experienced team of reviewers for providing valuable comments.
(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 6, September 2010 1 A Research Proposal for Mitigating DoS Attacks in IP-based Networks Sakharam Lokhande Dr. Santosh Khamitkar Assistant Professor Associate Professor School of Computational Science, School of Computational Science, Swami Ramanand Teerth Marathwada University, Nanded, Swami Ramanand Teerth Marathwada University, Nanded, MS, India, 431606. Email: email@example.com MS, India, 431606. Email: firstname.lastname@example.org Santosh Phulari Parag Bhalchandra Assistant Professor Assistant Professor School of Computational Science, Swami Ramanand Teerth School of Computational Science, Marathwada University, Nanded, Swami Ramanand Teerth Marathwada University, Nanded, MS, India, 431606. Email: email@example.com MS, India, 431606. Email: firstname.lastname@example.org Ravindra Rathod Nilesh Deshmukh Assistant Professor Assistant Professor School of Computational Science, Swami Ramanand Teerth School of Computational Science, Marathwada University, Nanded, Swami Ramanand Teerth Marathwada University, Nanded, MS, India, 431606. Email: email@example.com MS, India, 431606. Email: firstname.lastname@example.org Abstract : This paper studies denial of service (DoS) attacks in manner. Specific security holes in the victim hosts or networks computer networks. These attacks are known for preventing are thus not necessarily needed. For this reason we can only availability of network services from their legitimate users. After mitigate these attacks. careful review of literature, we wish to presents a structured view on possible attack and defense mechanisms. An outline to II. OVERVIEW OF DENIAL OF SERVICE ATTACKS describe some new defense mechanisms is also presented in terms of a research proposal . Denials of Service (DoS) attacks have proved to be a serious and permanent threat to users, organizations, and Keywords- Denial of Service Attacks, Intrusion, Security infrastructures of the Internet . The primary goal of these attacks is to prevent access to a particular resource like a web server . A large number of defenses against DoS attacks have been proposed in the literature, but none of them gives reliable protection. There will always be vulnerable hosts in I. PROBLEM DEFINATION the Internet to be used as sources of attack traffic. It is simply Defending against DoS attacks is a task from network and not feasible to expect all existing hosts in the Internet to be computer security. As scientific disciplines, network and protected well enough. In addition, it is very difficult to computer security are relatively primitive. An indication of reliably recognize and filter only attack traffic without causing this fact is to be aware that the computer security terminology any collateral damage to legitimate traffic. is not yet stabilized . Computer and network security aspects were first studied in the early 1970s. As in some of the earliest security papers listed and available in, the Denial of A DoS attack can be carried out either as a flooding or a Service attacks are timely and extremely important research logic attack. A Flooding DoS attack is based on brute force. topic. According to the CSI/FBI computer crime and security Real-looking but unnecessary data is sent as much as possible survey in the United States  for the year 2004, DoS attacks to a victim. As a result, network bandwidth is wasted, disk are the second most widely detected outsider attack type in space is filled with unnecessary data (such as spam e-mail, computer networks, immediately after virus infections. A junk files, and intentional error messages), fixed size data computer crime and security survey in Australia for the structures inside host software are filled with bogus year 2004, gives similar results. It is currently not possible to information, or processing power is spent for un useful prevent DoS attacks because many of these attacks are based purposes. To amplify the effects, DoS attacks can be run in a on using ordinary protocols and services in an overwhelming coordinated fashion from several sources at the same time 199 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 6, September 2010 2 (Distributed DoS, DDoS).A logic DoS attack is based on an 2) One should acknowledge possible situation intelligent exploitation of vulnerabilities in the target. For dependency of defense mechanisms, and be able to choose the example, a skillfully constructed fragmented Internet Protocol most suitable defense when more than one defense (IP) datagram may crash a system due to a serious fault in mechanisms are available against a specific attack type. the operating system (OS) software. Another example of a logic attack is to exploit missing authentication requirements 3) One should evaluate defense mechanisms in a by injecting bogus routing information to prevent traffic from comprehensive way, including both benefits and reaching a victim’s network. [5, 6] disadvantages (worst-case performance), as an attacker can exploit any weakness in a defense mechanism. Knowledge of all of these issues is necessary in successful There are two major reasons that make DoS attacks mitigation of DoS attacks. Without knowing how a specific attractive for attackers. The first reason is that there are defense mechanism works under different possible conditions effective automatic tools available for attacking any victim, so and what the real benefits and weaknesses are, it is not expertise is not necessarily required. The second reason is that possible to assure the suitability of a defense mechanism it is usually impossible to locate an attacker without extensive against a certain type of a DoS attack. human interaction or without new features in most routers of the Internet. DoS attacks make use of vulnerabilities in end- hosts, routers, and other systems connected to a computer V. RESEARCH METHODOLOGY network. The size of a population having the same vulnerability can be large. In July 2003 a vulnerability was Research methodologies aimed to be used in this proposal, found from the whole population of Cisco routers and are primarily based on simulating different attack scenarios, switches running any version of the Cisco IOS software and but measurements, mathematical modeling based on game configured to process Internet Protocol version 4 (IPv4) theory, and requirement specification are also planned to be packets. This vulnerability made it possible to block an used . interface, which resulted in a DoS condition without any alarms being triggered. Another example of a large population VI. SCOPE OF THE RESEARCH is the Microsoft Windows Metafile (WMF) vulnerability Since this proposal studies DoS attacks in computer which was found in December 2005 from all versions of networks using the Internet Protocol (IP), namely the Internet Windows 98, 98SE, ME, 2000, and XP. This vulnerability and mobile ad hoc networks, is extremely useful for the made it possible to install any malicious software on these security concern. DoS attacks in the physical world will not be hosts, for example, to send DoS attack traffic. User interaction studied here. Major work concentrate on the fixed (wired) was, however, required to exploit this vulnerability. Internet, but most of the considered attack and defense mechanisms will be applicable to wireless networks, too. The III. RESEARCH PROBLEM emphasis of this research proposal is on DoS attacks in Mitigating DoS attacks is difficult especially due to the general, and DDoS attacks are treated as a subset of DoS following problems: attacks. DDoS attacks are based on the same mechanisms as 1) Very little has been done to compare, contrast, and basic DoS attacks, but there is one exception during the categorize the different ideas related to DoS attacks and deployment phase .A DDoS tool needs to be installed on many defenses. As a result it is difficult to understand what a vulnerable hosts. The installation of DoS software on a single computer network user needs to do and why to mitigate the vulnerable host is, however, a common prerequisite for most threat from DoS attacks. DoS attacks. Thus attack and defense mechanisms described 2) There are no effective defense mechanisms against in this dissertation are applicable to both DoS and DDoS many important DoS attack types. There is no guidance on attacks. how to select defense mechanisms. 3) Existing defense mechanisms have been evaluated according to very limited criteria. VII. POSSIBLE OUTCOME 4) Often relevant risks have been ignored (such as in The main contributions of this proposed work include, ) or evaluations have been carried out under ideal conditions. 1) A comprehensive and well-structured description can 5) No research publications exist for giving a be given about what DoS attacks really are? How DoS attacks systematic list of issues related to defense evaluation can be carried out in IP networks? And how one can defend against DoS attacks in IP networks. A good understanding of existing attack mechanisms and available defense mechanisms is a prerequisite for succeeding in mitigating these attacks cost IV. OBJECTIVE OF THE RESEARCH effectively. The objective of this research proposal is to help any user 2) An overview of an organized approach for selecting a in any network for mitigating DoS attacks in IP-based comprehensive set of defense mechanisms against DoS attacks networks. This study concentrates especially on the following is given. This emphasizes the importance of basic security areas: mechanisms at every host in the Internet, the importance of 1) One should understand existing attack mechanisms risk management in choosing additional defenses when basic and available defense mechanisms, and have a rough idea defenses are not enough, and the necessity of implementing about the benefits (best-case performance) of each defense new defenses against such important DoS attacks for which mechanism. there are no existing defenses. 200 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 6, September 2010 3 3) A new defense mechanism for protecting organization-specific name servers will be described and simulated. 4) Since knowledge about DoS and DDoS is in primitive stage, we are hopeful to extend above objectives to study DoS attack in mobile ad hoc networks. An earlier attempt is found successful in some similar work . CONCLUSION This proposal aim to evaluate the DoS problems and Authors availability of defence mechanism. It is understood that the Dr. S.D.Khamitkar: He is PhD in computer science and has 15+ research existing defence mechanisms are mainly passive, in the sense papers in International Conferences and journals. His interest area includes that the target host or network is impaired before the attack ICT, Green computing and Network Security. source(s) can be found and controlled. We wish to propose a P.U.Bhalchandra , N.K. Deshmukh , S.N.Lokhande : These are SET- novel concept of active defence against DoS attacks by NET qualified faculties and have 8+ years teaching experience. They have 5+ mitigating them in the Internet. This proposed style has research papers in international conferences and journals. At present they are sufficient advantages over conventional passive defence also working on research related to ICT and Green computing. The present mechanisms. However, this is only the first step toward paper is research topic of Mr. S.N.Lokhande realizing the secure Internet paradigm. The proposed work can S.S.Phulari , R.P.Rathod : These are also faculties and have qualified also be extended for designing of robust active defence M.Phil in computer science . They have 2+ papers in international conferences architecture, developing a sensitive and accurate surveillance and journals. system, or for a powerful active trace back system and deployment of such system in real Internet environment. REFERENCES  L. Zhou and Z. Haas. Securing ad hoc networks. IEEE Network, 13(6):24--30, November/December 1999.  Y. Zhang and W. Lee, "Intrusion detection in wireless ad hoc networks," ACM MOBICOM, 2000.  P.Papadimitratos and Z.J. Haas, "Secure Routing for Mobile Ad Hoc Networks," SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), San Antonio, TX, January 27-31, 2002.  S.Marti, T.Giuli, K.Lai and M.Baker, “Mitigating Routing Behavior in Mobile Ad Hoc Networks”, Proceedings of Mobicom 2001, Rome,2001.  X Zeng, R. Bagrodia, and M. Gerla. GloMoSim: a library for parallel simulation of large-scale wireless networks. In Proceedings of the 12th Workshop on Parallel and Distributed Simulations, May 1998. 11.  Jean-Pierre Hubaux, Levente Buttyan, Srdjan Capkun, “The Quest for Security in Mobile Ad Hoc Networks”, In Proceedings of the ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC), Long Beach, CA, USA, October 2001. 201 http://sites.google.com/site/ijcsis/ ISSN 1947-5500