Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack
In past two decades, Internet has developed rapidly and has integrated in many aspects of human life. Any disruption of connectivity and the overuse of services cause for service unavailability to its intended users. The Denial of Service (DoS) attacks are becoming more serious in security of Intern...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2008
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/5246/1/FSKTM_2008_14.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-upm-ir.5246 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-upm-ir.52462013-05-27T07:21:26Z Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack 2008 Izaddoost, Alireza In past two decades, Internet has developed rapidly and has integrated in many aspects of human life. Any disruption of connectivity and the overuse of services cause for service unavailability to its intended users. The Denial of Service (DoS) attacks are becoming more serious in security of Internet. DoS is a harmful attempt in targeting to limit or deny availability of service to legitimate users. This kind of attack can be done by consuming important resources. The best action is to block the attack traffic at its source. There is no easy way to this approach because attacker can spoof the source IP address easily. Traceback models try to locate source of attack regardless of whether the source address field in each packet contains false information or not. Intention-driven model, a sampling traceback technique, provides information about the attack flow and able to reconstruct the attack path to the source of attack by the aid of Intrusion Detection system (IDS). This technique does not have any flow differentiate mechanism. In other words, it is unable to differentiate legitimate user and attacker, when both of them sending packet via same route to the victim. As a result, providing incorrect information and locate false point about the source of attack. To overcome this weakness, this research aims to increase the generation of more useful ICMP traceback packets, which includes attack path information. More useful information about the attack flow provided by the routers along the attack path to the IDS, can provide higher accuracy to locate the attacker. To achieve such a goal, this research improves the Intention-driven ICMP traceback model by filtering normal flow in the specific short time and two new algorithms in UDP-based and TCP-based attack are applied. As a consequence of filtering of normal flow, the percentage of packets belonging to the attack flow will be expanded and the chance of generating ICMP traceback messages which contain attack flow information will be increased. The results show the proposed model used in this research increases the percentage of useful ICMP traceback messages in UDP-based attack about 10% and 14% in the TCP-based attack when compared to the previous work. The proposed model also decreases percentage of ineffective generated iTrace packets in both UDP-based and TCP-based attack about 10%. DOS ES (Electronic computer system) - Programming 2008 Thesis http://psasir.upm.edu.my/id/eprint/5246/ http://psasir.upm.edu.my/id/eprint/5246/1/FSKTM_2008_14.pdf application/pdf en public masters Universiti Putra Malaysia DOS ES (Electronic computer system) - Programming Computer Science and Information Technology English |
| institution |
Universiti Putra Malaysia |
| collection |
PSAS Institutional Repository |
| language |
English English |
| topic |
DOS ES (Electronic computer system) - Programming |
| spellingShingle |
DOS ES (Electronic computer system) - Programming Izaddoost, Alireza Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack |
| description |
In past two decades, Internet has developed rapidly and has integrated in many aspects of human life. Any disruption of connectivity and the overuse of services cause for service unavailability to its intended users. The Denial of Service (DoS) attacks are becoming more serious in security of Internet. DoS is a harmful attempt in targeting to limit or deny availability of service to legitimate users. This kind of attack can be done by consuming important resources. The best action is to block the attack traffic at its source. There is no easy way to this approach because attacker can spoof the source IP address easily.
Traceback models try to locate source of attack regardless of whether the source address field in each packet contains false information or not. Intention-driven model, a sampling traceback technique, provides information about the attack flow and able to reconstruct the attack path to the source of attack by the aid of Intrusion Detection system (IDS). This technique does not have any flow differentiate mechanism. In other words, it is unable to differentiate legitimate user and attacker, when both of them sending packet via same route to the victim. As a result, providing incorrect information and locate false point about the source of attack.
To overcome this weakness, this research aims to increase the generation of more useful ICMP traceback packets, which includes attack path information. More useful information about the attack flow provided by the routers along the attack path to the IDS, can provide higher accuracy to locate the attacker. To achieve such a goal, this research improves the Intention-driven ICMP traceback model by filtering normal flow in the specific short time and two new algorithms in UDP-based and TCP-based attack are applied. As a consequence of filtering of normal flow, the percentage of packets belonging to the attack flow will be expanded and the chance of generating ICMP traceback messages which contain attack flow information will be increased.
The results show the proposed model used in this research increases the percentage of useful ICMP traceback messages in UDP-based attack about 10% and 14% in the TCP-based attack when compared to the previous work. The proposed model also decreases percentage of ineffective generated iTrace packets in both UDP-based and TCP-based attack about 10%. |
| format |
Thesis |
| qualification_level |
Master's degree |
| author |
Izaddoost, Alireza |
| author_facet |
Izaddoost, Alireza |
| author_sort |
Izaddoost, Alireza |
| title |
Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack |
| title_short |
Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack |
| title_full |
Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack |
| title_fullStr |
Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack |
| title_full_unstemmed |
Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack |
| title_sort |
precise icmp traceback based on normal flow filtration in denial of services attack |
| granting_institution |
Universiti Putra Malaysia |
| granting_department |
Computer Science and Information Technology |
| publishDate |
2008 |
| url |
http://psasir.upm.edu.my/id/eprint/5246/1/FSKTM_2008_14.pdf |
| _version_ |
1747810382926315520 |