A Research Proposal for Mitigating DoS Attacks in IP-based Networks by ijcsis


More Info
									                                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                                          Vol. 8, No. 6, September 2010


    A Research Proposal for Mitigating DoS Attacks
                in IP-based Networks
                   Sakharam Lokhande                                                           Dr. Santosh Khamitkar
                  Assistant Professor                                                           Associate Professor
           School of Computational Science,                                              School of Computational Science,
Swami Ramanand Teerth Marathwada University, Nanded,                           Swami Ramanand Teerth Marathwada University, Nanded,
 MS, India, 431606. Email: lokhande_sana@rediff.com                                MS, India, 431606. Email: s.khamitkar@gmail.com

                                                                                                    Santosh Phulari
                   Parag Bhalchandra                                                            Assistant Professor
                 Assistant Professor                                          School of Computational Science, Swami Ramanand Teerth
         School of Computational Science,
                                                                                          Marathwada University, Nanded,
Swami Ramanand Teerth Marathwada University, Nanded,                             MS, India, 431606. Email: santoshphulari@gmail.com
   MS, India, 431606. Email: srtmun.parag@gmail.com
                                                                                                   Ravindra Rathod
                   Nilesh Deshmukh                                                               Assistant Professor
                 Assistant Professor                                          School of Computational Science, Swami Ramanand Teerth
          School of Computational Science,                                                Marathwada University, Nanded,
Swami Ramanand Teerth Marathwada University, Nanded,                               MS, India, 431606. Email: rpr_srtmun@rediff.com
    MS, India, 431606. Email: nileshkd@yahoo.com

Abstract : This paper studies denial of service (DoS) attacks in            manner. Specific security holes in the victim hosts or networks
computer networks. These attacks are known for preventing                   are thus not necessarily needed. For this reason we can only
availability of network services from their legitimate users. After         mitigate these attacks.
careful review of literature, we wish to presents a structured view
on possible attack and defense mechanisms. An outline to
                                                                                     II. OVERVIEW OF DENIAL OF SERVICE ATTACKS
describe some new defense mechanisms is also presented in terms
of a research proposal .                                                        Denials of Service (DoS) attacks have proved to be a
                                                                            serious and permanent threat to users, organizations, and
Keywords- Denial of Service Attacks, Intrusion, Security                    infrastructures of the Internet [1]. The primary goal of these
                                                                            attacks is to prevent access to a particular resource like a web
                                                                            server [2]. A large number of defenses against DoS attacks
                                                                            have been proposed in the literature, but none of them gives
                                                                            reliable protection. There will always be vulnerable hosts in
                     I.   PROBLEM DEFINATION                                the Internet to be used as sources of attack traffic. It is simply
    Defending against DoS attacks is a task from network and                not feasible to expect all existing hosts in the Internet to be
computer security. As scientific disciplines, network and                   protected well enough. In addition, it is very difficult to
computer security are relatively primitive. An indication of                reliably recognize and filter only attack traffic without causing
this fact is to be aware that the computer security terminology             any collateral damage to legitimate traffic.
is not yet stabilized [4]. Computer and network security
aspects were first studied in the early 1970s. As in some of the
earliest security papers listed and available in, the Denial of                 A DoS attack can be carried out either as a flooding or a
Service attacks are timely and extremely important research                 logic attack. A Flooding DoS attack is based on brute force.
topic. According to the CSI/FBI computer crime and security                 Real-looking but unnecessary data is sent as much as possible
survey in the United States [1] for the year 2004, DoS attacks              to a victim. As a result, network bandwidth is wasted, disk
are the second most widely detected outsider attack type in                 space is filled with unnecessary data (such as spam e-mail,
computer networks, immediately after virus infections. A                    junk files, and intentional error messages), fixed size data
computer crime and security survey in Australia[1] for the                  structures inside host software are filled with bogus
year 2004, gives similar results. It is currently not possible to           information, or processing power is spent for un useful
prevent DoS attacks because many of these attacks are based                 purposes. To amplify the effects, DoS attacks can be run in a
on using ordinary protocols and services in an overwhelming                 coordinated fashion from several sources at the same time

                                                                      199                                 http://sites.google.com/site/ijcsis/
                                                                                                          ISSN 1947-5500
                                                       (IJCSIS) International Journal of Computer Science and Information Security,
                                                       Vol. 8, No. 6, September 2010

(Distributed DoS, DDoS).A logic DoS attack is based on an                   2) One should acknowledge possible situation
intelligent exploitation of vulnerabilities in the target. For           dependency of defense mechanisms, and be able to choose the
example, a skillfully constructed fragmented Internet Protocol           most suitable defense when more than one defense
(IP)     datagram may crash a system due to a serious fault in           mechanisms are available against a specific attack type.
the operating system (OS) software. Another example of a
logic attack is to exploit missing authentication requirements               3) One should evaluate defense mechanisms in a
by injecting bogus routing information to prevent traffic from           comprehensive way, including both benefits and
reaching a victim’s network. [5, 6]                                      disadvantages (worst-case performance), as an attacker can
                                                                         exploit any weakness in a defense mechanism.
                                                                            Knowledge of all of these issues is necessary in successful
     There are two major reasons that make DoS attacks                   mitigation of DoS attacks. Without knowing how a specific
attractive for attackers. The first reason is that there are             defense mechanism works under different possible conditions
effective automatic tools available for attacking any victim, so         and what the real benefits and weaknesses are, it is not
expertise is not necessarily required. The second reason is that         possible to assure the suitability of a defense mechanism
it is usually impossible to locate an attacker without extensive         against a certain type of a DoS attack.
human interaction or without new features in most routers of
the Internet. DoS attacks make use of vulnerabilities in end-
hosts, routers, and other systems connected to a computer                                  V. RESEARCH METHODOLOGY
network. The size of a population having the same
vulnerability can be large. In July 2003 a vulnerability was                 Research methodologies aimed to be used in this proposal,
found from the whole population of Cisco routers and                     are primarily based on simulating different attack scenarios,
switches running any version of the Cisco IOS software and               but measurements, mathematical modeling based on game
configured to process Internet Protocol version 4 (IPv4)                 theory, and requirement specification are also planned to be
packets. This vulnerability made it possible to block an                 used .
interface, which resulted in a DoS condition without any
alarms being triggered. Another example of a large population                               VI. SCOPE OF THE RESEARCH
is the Microsoft Windows Metafile (WMF) vulnerability                         Since this proposal studies DoS attacks in computer
which was found in December 2005 from all versions of                    networks using the Internet Protocol (IP), namely the Internet
Windows 98, 98SE, ME, 2000, and XP. This vulnerability
                                                                         and mobile ad hoc networks, is extremely useful for the
made it possible to install any malicious software on these              security concern. DoS attacks in the physical world will not be
hosts, for example, to send DoS attack traffic. User interaction
                                                                         studied here. Major work concentrate on the fixed (wired)
was, however, required to exploit this vulnerability.
                                                                         Internet, but most of the considered attack and defense
                                                                         mechanisms will be applicable to wireless networks, too. The
                     III. RESEARCH PROBLEM                               emphasis of this research proposal is on DoS attacks in
    Mitigating DoS attacks is difficult especially due to the            general, and DDoS attacks are treated as a subset of DoS
following problems:                                                      attacks. DDoS attacks are based on the same mechanisms as
    1) Very little has been done to compare, contrast, and               basic DoS attacks, but there is one exception during the
categorize the different ideas related to DoS attacks and                deployment phase .A DDoS tool needs to be installed on many
defenses. As a result it is difficult to understand what a               vulnerable hosts. The installation of DoS software on a single
computer network user needs to do and why to mitigate the                vulnerable host is, however, a common prerequisite for most
threat from DoS attacks.                                                 DoS attacks. Thus attack and defense mechanisms described
    2) There are no effective defense mechanisms against                 in this dissertation are applicable to both DoS and DDoS
many important DoS attack types. There is no guidance on                 attacks.
how to select defense mechanisms.
    3) Existing defense mechanisms have been evaluated
according to very limited criteria.                                                            VII. POSSIBLE OUTCOME
    4) Often relevant risks have been ignored (such as in
                                                                            The main contributions of this proposed work include,
[3]) or evaluations have been carried out under ideal
conditions.                                                                  1) A comprehensive and well-structured description can
    5)    No research publications exist for giving a                    be given about what DoS attacks really are? How DoS attacks
systematic list of issues related to defense evaluation                  can be carried out in IP networks? And how one can defend
                                                                         against DoS attacks in IP networks. A good understanding of
                                                                         existing attack mechanisms and available defense mechanisms
                                                                         is a prerequisite for succeeding in mitigating these attacks cost
                IV. OBJECTIVE OF THE RESEARCH                            effectively.
    The objective of this research proposal is to help any user              2) An overview of an organized approach for selecting a
in any network for mitigating DoS attacks in IP-based                    comprehensive set of defense mechanisms against DoS attacks
networks. This study concentrates especially on the following            is given. This emphasizes the importance of basic security
areas:                                                                   mechanisms at every host in the Internet, the importance of
   1) One should understand existing attack mechanisms                   risk management in choosing additional defenses when basic
and available defense mechanisms, and have a rough idea                  defenses are not enough, and the necessity of implementing
about the benefits (best-case performance) of each defense               new defenses against such important DoS attacks for which
mechanism.                                                               there are no existing defenses.

                                                                   200                                http://sites.google.com/site/ijcsis/
                                                                                                      ISSN 1947-5500
                                                                     (IJCSIS) International Journal of Computer Science and Information Security,
                                                                     Vol. 8, No. 6, September 2010

   3) A new defense mechanism for protecting
organization-specific name servers will be described and
    4) Since knowledge about DoS and DDoS is in
primitive stage, we are hopeful to extend above objectives to
study DoS attack in mobile ad hoc networks. An earlier
attempt is found successful in some similar work [6].

    This proposal aim to evaluate the DoS problems and                                                               Authors
availability of defence mechanism. It is understood that the                            Dr. S.D.Khamitkar: He is PhD in computer science and has 15+ research
existing defence mechanisms are mainly passive, in the sense                        papers in International Conferences and journals. His interest area includes
that the target host or network is impaired before the attack                       ICT, Green computing and Network Security.
source(s) can be found and controlled. We wish to propose a
                                                                                         P.U.Bhalchandra , N.K. Deshmukh , S.N.Lokhande : These are SET-
novel concept of active defence against DoS attacks by                              NET qualified faculties and have 8+ years teaching experience. They have 5+
mitigating them in the Internet. This proposed style has                            research papers in international conferences and journals. At present they are
sufficient advantages over conventional passive defence                             also working on research related to ICT and Green computing. The present
mechanisms. However, this is only the first step toward                             paper is research topic of Mr. S.N.Lokhande
realizing the secure Internet paradigm. The proposed work can                            S.S.Phulari , R.P.Rathod : These are also faculties and have qualified
also be extended for designing of robust active defence                             M.Phil in computer science . They have 2+ papers in international conferences
architecture, developing a sensitive and accurate surveillance                      and journals.
system, or for a powerful active trace back system and
deployment of such system in real Internet environment.


[1]    L. Zhou and Z. Haas. Securing ad hoc networks. IEEE Network,
      13(6):24--30, November/December 1999.
[2]   Y. Zhang and W. Lee, "Intrusion detection in wireless ad hoc
      networks," ACM MOBICOM, 2000.
[3]    P.Papadimitratos and Z.J. Haas, "Secure Routing for Mobile Ad
      Hoc Networks," SCS Communication Networks and Distributed
      Systems Modeling and Simulation Conference (CNDS 2002), San
      Antonio, TX, January 27-31, 2002.
[4]   S.Marti, T.Giuli, K.Lai and M.Baker, “Mitigating Routing
      Behavior in Mobile Ad Hoc Networks”, Proceedings of Mobicom
      2001, Rome,2001.
[5]   X Zeng, R. Bagrodia, and M. Gerla. GloMoSim: a library for
      parallel simulation of large-scale wireless networks. In Proceedings
      of the 12th Workshop on Parallel and Distributed Simulations, May
      1998. 11.
[6]   Jean-Pierre Hubaux, Levente Buttyan, Srdjan Capkun,
      “The Quest for Security in Mobile Ad Hoc Networks”,
      In Proceedings of the ACM Symposium on Mobile Ad Hoc
      Networking and Computing (MobiHOC), Long Beach, CA,
      USA, October 2001.

                                                                              201                                      http://sites.google.com/site/ijcsis/
                                                                                                                       ISSN 1947-5500

To top