Embed Size (px)
Citation preview
ATTACK PACKET TRACEBACK SYSTEM
Team Mentor:Miss. Shivani Singh
Team Members:Vikram Shukla(0709110112)Vishal Yadav(0709110117)
Shweta Singh(0709110095) Sanjay Mishra(0709110084)
PROBLEM INTRODUCTION
In this era of computers and internet, computer crimes such as
threatening letters, eavesdropping of confidential information
to physical damage of equipments are growing at a dreadful rate.
Even defense mechanisms are also unreliable.
Whether the spreading mechanism was a computer virus or
a worm, thousands of computers could be affected within a
short period of time.
MOTIVATION
• The increasing frequency of malicious computer attacks on government agencies and Internet business causing severe economic waste and unique social threats.
• Among various attacks, a prevalent, famous and serious network security subject : “Denial of Service(DoS)” or “Distributed Denial of Service(DDoS)”
Losses caused by various Attacks
PROJECT OBJECTIVE
• To resolve the troublesome DoS/DDoS attack problems.
• To solve DoS/DDoS with optimal traceback.
• It not only tracebacks but can also stop attack by detecting it before the actual attack.
SCOPE
1.Study of various type of network security components.
2.Study and survey of nature and scale of DDOS Attacks faced by web servers.
3.Study of various evolutionary traceback systems and algorithms used.
4. Design of APTS algorithm.
5. Study of SSFNET Simulation tool.
a) Study of various module of simulation tool package.
b) Encoding of network using DML.
6. Implementation of APTS algorithm and simulate network using SSFNET.
LITERATURE SURVEY
• The problems of DoS/DDoS attacks limited to network-based flooding-style attack only (e.g. TCP SYN Flooding or Smurf), not logic-style attack (e.g. ping-of-death) are discussed.
• The research direction of the project will focus mainly on solving DoS/DDoS problems with tracing back to the origins of DoD/DDoS attacks.
DoS Attack
• In the last several years, DoS/DDoS, which takes advantage of a large number of unwilling agents, a.k.a. zombies, for launching many DDoS attacks simultaneously, have increased in frequency, severity and sophistication.
• Recent analysis, by Moore, shows that there are an average of at least 4,000 DoS attacks per week on the Internet.
• 50% of attacks have an intensity of at least 1,000 packets per second, 25% have an intensity of at least 5,000 packets per second, and some attacks have intensities in excess, 500,000 packets per second.
• Most attacks last at least 10 minutes, 10% last more than an hour, and 2% last at least 5 hours (some even last days).
General DoS Attack Methods
DoS attack methods can also be summarized into two types:
• Direct flooding attack.• Reflector flooding attack.
IP Traceback Algorithms
• The main objective of IP traceback algorithm is to identify the routers directly connected to Attacker.
• The key issue here is to completely identify the routers with low false positive rates in a single traceback process.
• Current IP traceback schemes can be classified into five categories: – Link testing– Messaging– Logging– Packet marking and – Hybrid schemes.
Probabilistic Packet Marking Scheme
• PPM assumes that the attacking packets are much more frequent than the normal packets.
• It marks the packets with path information in a probabilistic manner and enables the victim to reconstruct the attack path by using the marked packets.
• PPM encodes the information in rarely used 16-bit Fragment ID field in the IP header.
Shortcomings of PPM
• Path reconstruction process requires high computational work, especially when there are many sources.
• When there are a large number of attack sources, the possible rebuilt path braches are actually useless to the victim because of the high false positives.
Deterministic Packet Marking Scheme
• It stores the source address in the marking field.
• Deterministic approaches only keep the first ingress edge router’s information in the marks (but not the whole path).
• Moreover, they record marks in a deterministic manner (but not a probabilistic manner as in PPM).
ADVANTAGES
Simple implementation,
No additional bandwidth requirement and
Less computation overhead.
SYSTEM DESIGN AND METHODOLOGIES
• The APTS scheme utilizes various bits (called marks) in the IP header. The mark has flexible lengths depending on the network protocols used, which is called flexible mark length strategy.
• APTS is based on IPv4. Possible IPv6 implementation of APTS will involve adding an extension header in IPv6 packets, which is different with the IPv4 design.
• Three fields in the IP header that are used for marking; Type of Service (TOS), Fragment ID, and Reserved Flag.
Encoding Scheme
Before the APTS mark can be generated, the length of the mark(24 BITS, 19 BITS or 16 BITS) must be determined based on the network protocols deployed within the network to be protected.
Reconstruction Scheme
• The reconstruction process includes two steps: – Mark recognition and
– Address recovery.
CONCLUSION
We have been able to understand the severity of DDos attack, various previous algorithm for designing a system which can traceback source of DDos attack.
We have learned DML ,SSFnet network simulation tool and designed the ATPS algorithm which is suitable for not only tracing sources of DDoS attacks but also DDoS detection
PERT CHART
REFERENCES
• [1] A. Belenky, and N. Ansari, “On Deterministic Packet Marking,” Computer Networks, vol. 51, no. 10, pp. 2677-2700, 2007.
• [2] Y. Kim, J. Y. Jo, and F. L. Merat, “Defeating Distributed Denial-of- Service Attack with Deterministic Bit Marking,” in Proceedings of IEEE GLOBECOM, 2003, pp. 1363-1367.
• [3] M. Adler, “Trade-Offs in Probabilistic Packet Marking for IP Traceback,” Journal of the ACM, vol. 52, no. 2, pp. 217-244, 2005.
• [4] Savage, S., Wetherall, D., Karlin, A., & Anderson, T., (2001). “Network support for IP traceback”, IEEE/ACM Trans. Netw., Vol.9, No.3, pp.226–237. Also appeared in Proc. ACM SIGCOMM Conf., pp.295–306, Aug. 2000
• [6] Bellovin, S. M., Leech, M., Taylor, T., (2001). “ICMP traceback messages”, IETF, Internet Draft, draft-ietf-itrace-01.txt
• [5] Mahajan, R., Bellovin, S. M., Floyd, S., Ioannidis, J., Paxson, V., & Shenker, S., (2001). “Controlling high bandwidth aggregates in the network”, Computer Communications Review, pp.62–73. Also appeared in a technical report of AT&T Center for Internet Research at ICSI
• [7] Dean, D., Franklin, M., & Stubblefield, A., (2001). ”An algebraic approach to IP traceback,” Proc. of the Network and Distributed System Security Symp.(NDSS), pp.3–12
• [8] Savage, S., Wetherall, D., Karlin, A., & Anderson, T., (2001). “Network support for IP traceback”, IEEE/ACM Trans. Netw., Vol.9, No.3, pp.226–237. Also appeared in Proc. ACM SIGCOMM Conf., pp.295–306, Aug. 2000
• [9] Gao, and N. Ansari, “Tracing Cyber Attacks from the Practical Perspective,” IEEE Communications, vol. 43, no. 5, pp. 123-131, 2005.
• [10] RFC2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers: Network Working Group, 1998.
• [11] T. Wolf, and J. S. Turner, “Design Issues for High-performance Active Routers,” IEEE Journal of Selected Areas in Communications, vol. 19, no. 3, pp. 404-409, 2001.
• [12] B. Al-Duwairi, and M. Govindarasu, “Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback,” IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 5, pp. 403-418, 2006.
THANK YOU
![A Brief Survey of IP Traceback Methodologies · IP Traceback is defined in [5], as identifying a source of any packet on the Internet. The task of identifying the original source](https://img.pdfslide.net/doc/110x75/5f02edee7e708231d406b5c8/a-brief-survey-of-ip-traceback-ip-traceback-is-defined-in-5-as-identifying-a.jpg)
![On Algebraic Traceback in Dynamic Networks - arXivIP-based networks under the name of IP traceback [1]. The common goal in traceback literature is to perform a post-attack traceback](https://img.pdfslide.net/doc/110x75/60689652cb59610b2921dca0/on-algebraic-traceback-in-dynamic-networks-arxiv-ip-based-networks-under-the-name.jpg)
