Detection of Denial of Service (DoS) Attacks in Local Area Networks Based on Outgoing Packets
Denial of Service (DoS) is a security threat which compromises the confidentiality of information stored in Local Area Networks (LANs) due to unauthorized access by spoofed IP addresses. DoS is harmful to LANs as the flooding of packets may delay other users from accessing the server and in severe...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | eng eng |
| Published: |
2012
|
| Subjects: | |
| Online Access: | https://etd.uum.edu.my/2922/1/Mehdi_Ebady_Manaa.pdf https://etd.uum.edu.my/2922/3/Mehdi_Ebady_Manaa.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-uum-etd.2922 |
|---|---|
| record_format |
uketd_dc |
| institution |
Universiti Utara Malaysia |
| collection |
UUM ETD |
| language |
eng eng |
| advisor |
Amphawan, Angela |
| topic |
TK5101-6720 Telecommunication |
| spellingShingle |
TK5101-6720 Telecommunication Manaa, Mehdi Ebady Detection of Denial of Service (DoS) Attacks in Local Area Networks Based on Outgoing Packets |
| description |
Denial of Service (DoS) is a security threat which compromises the confidentiality of information stored in Local Area Networks (LANs) due to unauthorized access by spoofed IP addresses. DoS is harmful to LANs as the flooding of packets may delay other users from accessing the server and in severe cases, the server may need to be shut down, wasting valuable resources, especially in critical real-time services such as in e-commerce and the medical field. The objective of this project is to propose a new DoS detection system to protect organizations from unauthenticated access to important information which may jeopardize the confidentiality, privacy and integrity of information in Local Area Networks. The new DoS detection system monitors the traffic flow of packets and filters the packets based on their IP addresses to determine whether they are genuine requests for network services or DoS attacks.
Results obtained demonstrate that the detection accuracy of the new DoS detection system was in good agreement with the detection accuracy from the network protocol analyzer, Wireshark. For high-rate DoS attacks, the accuracy was 100% whereas for low-rate DoS attacks, the accuracy was 67%. |
| format |
Thesis |
| qualification_name |
masters |
| qualification_level |
Master's degree |
| author |
Manaa, Mehdi Ebady |
| author_facet |
Manaa, Mehdi Ebady |
| author_sort |
Manaa, Mehdi Ebady |
| title |
Detection of Denial of Service (DoS) Attacks in Local Area Networks Based on Outgoing Packets |
| title_short |
Detection of Denial of Service (DoS) Attacks in Local Area Networks Based on Outgoing Packets |
| title_full |
Detection of Denial of Service (DoS) Attacks in Local Area Networks Based on Outgoing Packets |
| title_fullStr |
Detection of Denial of Service (DoS) Attacks in Local Area Networks Based on Outgoing Packets |
| title_full_unstemmed |
Detection of Denial of Service (DoS) Attacks in Local Area Networks Based on Outgoing Packets |
| title_sort |
detection of denial of service (dos) attacks in local area networks based on outgoing packets |
| granting_institution |
Universiti Utara Malaysia |
| granting_department |
Awang Had Salleh Graduate School of Arts & Sciences |
| publishDate |
2012 |
| url |
https://etd.uum.edu.my/2922/1/Mehdi_Ebady_Manaa.pdf https://etd.uum.edu.my/2922/3/Mehdi_Ebady_Manaa.pdf |
| _version_ |
1747827461567021056 |
| spelling |
my-uum-etd.29222016-04-27T02:50:15Z Detection of Denial of Service (DoS) Attacks in Local Area Networks Based on Outgoing Packets 2012 Manaa, Mehdi Ebady Amphawan, Angela Awang Had Salleh Graduate School of Arts & Sciences Awang Had Salleh Graduate School of Arts and Sciences TK5101-6720 Telecommunication Denial of Service (DoS) is a security threat which compromises the confidentiality of information stored in Local Area Networks (LANs) due to unauthorized access by spoofed IP addresses. DoS is harmful to LANs as the flooding of packets may delay other users from accessing the server and in severe cases, the server may need to be shut down, wasting valuable resources, especially in critical real-time services such as in e-commerce and the medical field. The objective of this project is to propose a new DoS detection system to protect organizations from unauthenticated access to important information which may jeopardize the confidentiality, privacy and integrity of information in Local Area Networks. The new DoS detection system monitors the traffic flow of packets and filters the packets based on their IP addresses to determine whether they are genuine requests for network services or DoS attacks. Results obtained demonstrate that the detection accuracy of the new DoS detection system was in good agreement with the detection accuracy from the network protocol analyzer, Wireshark. For high-rate DoS attacks, the accuracy was 100% whereas for low-rate DoS attacks, the accuracy was 67%. 2012 Thesis https://etd.uum.edu.my/2922/ https://etd.uum.edu.my/2922/1/Mehdi_Ebady_Manaa.pdf text eng validuser https://etd.uum.edu.my/2922/3/Mehdi_Ebady_Manaa.pdf text eng public masters masters Universiti Utara Malaysia Abdelsayed, S., Glimsholt, D., Leckie, C., Ryan, S., & Shami, S. (2003). An efficient filter for denial-of-service bandwidth attacks. Paper presented at the Global Telecommunications Conference (GLOBECOM), Australia:IEEE. Aken, J. E. (2004). Management research based on the paradigm of the design sciences: The quest for field tested and grounded technological rules. Journal of management studies, 41(2), 219-246. Ardakan, M. A., & Mohajeri, K. (2009). Applying Design Research Method to IT Performance Management: Forming a New Solution. Journal of Applied Sciences, 9(7), 1227-1237. Beck, K. (2005). Extreme Programming Explained: Embrace Change. Boston: Addison-Wesley. Bellaïche, M., & Gregoire, J. C. (2009). SYN flooding attack detection based on entropy computing. Paper presented at the Global Telecommunications Conference (GLOBECOM), Honolulu, HI: IEEE . BoonPing Lim, M., & Uddin, S. (2005). Statistical-based SYN-flooding detection using programmable network processor. IEEE, 3 (2 ), 465 - 470 . Botha, M., Von Solms, R., Perry, K., Loubser, E., & Yamoyany, G. (2002). The utilization of artificial intelligence in a hybrid intrusion detection system. ACM, 149-155. Cabrera, J. B. D., Popyack Jr, L. J., Lewis, L., Ravichandran, B., & Mehra, R. K. (2001). The monitoring, detection, interpretation and response paradigm for the security of battlespace networks. IEEE, 102-106. Carl, G., Kesidis, G., Brooks, R. R., & Rai, S. (2006). Denial-of-service attack-detection techniques. Internet Computing, IEEE, 10(1), 82-89. Chang, R. K. C. (2002). Defending against flooding-based distributed denial-of-service attacks: A tutorial. Communications Magazine, IEEE, 40(10), 42-51. Chen, C. L. (2008). Detecting distributed denial-of-service attack traffic by statistical test. Paper presented at the Third International Conference on Communications and Networking, Hangzhou , China: IEEE. Cho, Y., Navab, S., & Mangione-Smith, W. (2002). Specialized hardware for deep network packet filtering. Field-Programmable Logic and Applications: Reconfigurable Computing Is Going Mainstream, 337-357. Connolly, T. M., & Begg, C. E. (2003). Database systems. Boston : Addison-Wesley. Coulouris, G., Dollimore, J., & Kindberg, T. (2005). Distribuited Systems: Concepts and Design. London & Palo Alto: Addison-Wesley. Farrow, R. (2000). Distribuited Denial of Service Attacks - how Amazon, Yahoo , eBay and others were brought down. Retrieved Sep 25, 2011, from technet.microsoft.com:http://technet.microsoft.com/en-us/library/cc722942.aspx Génova, G., & Llorens, J. (2005). The emperor’s new use case. Journal of Object Technology, 4(6), 81-94. Guilbert, L., & Toner, A. (2010). Protect your organization’s sensitive information and reputation with high-risk data discovery. Retrieved Sep 1, 2011, from www.pwc.com: http://www.pwc.com/us/en/it-risk-security/assets/high-risk-data-discovery.pdf Hellerstein, J. M., Stonebraker, M., & Hamilton, J. (2007). Architecture of a database system. Foundations and Trends in Databases, 1(2), 141-259. Huget, M. P. (2002). Extending agent UML protocol diagrams. Agent Oriented Software Engineering (AOSE-02), Bologna, Italy. Ibrahim, L. M. (2010). Anomly Network Intrusion Detection System Based On Distributed Time-Delay Neural Network (DTDNN). Journal of Engineering Science and Technology, 5(4), 457-471. James, C., & Murthy, H. A. (2011). Time Series Models and its Relevance to Modeling TCP SYN Based DoS Attacks. Next Generation Internet. India: Indian Institute of Technology Madras. Kawahara, R., Ishibashi, K., Mori, T., Kamiyama, N., Harada, S., Hasegawa, H., et al. (2007). Detection accuracy of network anomalies using sampled flow statistics. International Journal of Network Management, 1959-1964. Khosrow-Pour, M. (2006). Emerging trends and challenges in information technology management . Washington, DC, USA: IGI Global. Kuechler, B., & Vaishnavi, V. (2008). development in design science research anatomy of a research project. European Journal of Information Systems, 17(5), 489-504. Kurose, J., & Ross, K. (2005). Computer networks: A top down approach featuring the Internet. London: Addison- Wesley. Lee, W., Stolfo, S. J., & Mok, K. W. (1999). A data mining framework for building intrusion detection models. Paper presented at the Symposium on Secuirty and Privacy, Oakland, California, USA: IEEE. Li, J., Liu, Y., & Gu, L. (2010). DDoS Attack Detection Based On Neural Network. Paper presented at the 2nd International Symposium on Aware Computing (ISAC). Tainan, Taiwan: IEEE. Lifang Zi, J. Y.-W. (2011). Adaptive Clustering with Feature Ranking for DDoS Attacks Detection. Paper presented at the 7th EURO-NGI on Next Generation Internet (NGI),Germany: IEEE. Limwiwatkul, L., & Rungsawang, A. (2004). Distributed denial of service detection using TCP/IP header and traffic measurement analysis. Paper presented at the lntanational Syinposium on Communications and Information Technologes (ISCIT), Japan: IEEE. Liu, P., Yu, M., & Jing, J. (2005). Information Assurance:. John Wiley & Sons. Manusankar, C., Karthik, S., & Rajendran, T. (2010). Intrusion Detection System with Packet Filtering for IP Spoofing. Paper presented at the the International Conference on Communication and Computational Intelligence (INCOCCI), India:IEEE. Martin, R. C. (2003). Agile Software Development: Principles, Patterns, and Practices: New Jersey, USA: Prentice Hall. Mell, P., Bergeron, T., & Henning, D. (2005). Creating a patch and vulnerability management program. USA: National Institute of Standards and Technology (NIST). Mikko Sarela, C. E., Zahemszky, A., Nikander, P., & Ott, J. (2010). BloomCasting: Security in Bloom filter based multicast. Aalto University, Espoo, Finland. Finland: Springer. Moore, D., Voelker, G. M., & Savage, S. (2001). Inferring Internet denial-of-service activity. Paper presented at the in Usenix Security Symposium, Washington, D.C: CAIDA. Nandivada, V. K., & Palsberg, J. (2005). Timing analysis of TCP servers for surviving denial-of-service attacks. Paper presented at the Real-Time and Embedded Technology and Applications Symposium (RTAS), San Francisco, California: IEEE. Nashat, D., & Jiang, X. (2008). Detecting syn flooding agents under any type of ip spoofing. Paper presented at the International Conference on e-Business Engineering (ICEBC), Xi'an, China: IEEE. Nashat, D., Jiang, X., & Horiguchi, S. (2008). Router based detection for low-rate agents of DDoS attack. Paper presented at the International Conference on High Performance Switching and Routing (HSPR): IEEE. Neda Hantehzadeh, A. M., & Wilathgamuwa, G. (2010). Statistical analysis of self-similar Session Initiation Protocol (SIP) messages for anomaly detection. Paper Presented at the Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP) ,Germany: IEEE. Nyame-Asiamah, F., & Patel, N. (2009). Research methods and methodologies for studying organisational learning. Paper presented at the European and Mediterranean Conference on Information Systems (EMCIS), Izmir. Orlikowski, W. J., & Baroudi, J. J. (1991). Studying information technology in organizations: Research approaches and assumptions. Information systems research, 2(1), 1-28. P. Kiran Sree, P. K. S. (2008). Exploring a Novel Approach for providing Software Security Using Soft Computing Systems. International Journal of Security and Its Applications (IJSIA), 2(2), 51-58. Palmieri, F., & Fiore, U. (2010). Network anomaly detection through nonlinear analysis. Computers & Security, 29(7), 737-755. Parziale, L., Britt, D. T., Davis, C., Forrester, J., Liu, W., Matthews, C., et al. (2006). TCP/IP Tutorial and Technical Overview. U.S.A.: IBM. Pfleeger, C. P., & Pfleeger, S. L. (2007). Security in computing: Prentice Hall, USA. Rothenberg, C. E., & Petri Jokela, P. N. (2010). Self-routing Denial-of-Service Resistant Capabilities using In-packet Bloom Filters. Paper presented at the European Conference on Computer Network Defense (EC2ND), Milano, Italy: IEEE. Schuba, C. L., Krsul, I. V., Kuhn, M. G., Spafford, E. H., Sundaram, A., & Zamboni, D. (1997). Analysis of a denial of service attack on TCP. Paper presented at the Proceedings Symposium on Security and Privacy, Washington, DC, USA: IEEE. Sengar, H., Wang, H., Wijesekera, D., & Jajodia, S. (2006). Fast detection of denial-of-service attacks on IP telephony. Paper presented at the 14th International Workshop on Quality of Service (IWQoS), New Haven, CT, USA : IEEE. Shaikh, R. A., Iqbal, A. A., & Samad, K. (2005). Review Over Anomaly Detection Algorithms for Detecting SYN Flooding Attacks. Paper presented at the Student Conference on Engineering Sciences and Technology(SCONEST), Karachi, Pakistan: IEEE . Snoeren, A. C. (2001). Hash-based IP traceback. Paper presented at the conference on the Special Interest Group on Data Communication (SIGCOMM), San Diego, California, USA: ACM. Tabataba, F. S., & Hashemi, M. R. (2011). Improving False Positive In Bloom Filter. Paper presented at the conference on 19th Iranian Conference on Electrical Engineering (ICEE), Tehran, Iran:IEEE Tang, H., Xu, C., Luo, X., & OuYang, J. (2009). Traceback-based Bloomfilter IPS in defending SYN flooding attack. Paper presented at the 5th International Conference on Wireless Communications, Networking and Mobile Computing, USA: IEEE. Tuncer, T., & Tatar, Y. (2008). Detection SYN Flooding Attacks Using Fuzzy Logic. Paper Presented at the International Conference on Information Security and Assurance, (ISA), Busan, South Korea: IEEE Tsai, C.-L., Chang, A. Y., & Ming-Szu, H. (2010). Early Warning System for DDoS Attacking Based on Multilayer Deployment of Time Delay Neural Network. Paper Presented at the Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP),Germany: IEEE. Viana, M. M., & Neuman de Souza, J. (2007). A complex analysis approach to the modelling for the tracing and identification of Denial-of-Service attackers. Paper presented at the International Conference on Telecommunications and Malaysia International Conference on Communications, Penang, Malaysia: IEEE. Wang, H., Zhang, D., & Shin, K. G. (2002). Detecting SYN flooding attacks. IEEE, 3(23-27), 1530 - 1539. Yanchun, M. (2010). System for attack recognition based on mining fuzzy association rules. Paper present at the International Conforence On Computer Design And Appliations (ICCDA). Qinhuangdao, China: IEEE. Zadeh, L. A. (1965). Fuzzy sets. Information and control, 8(3), 338-353. Zhang, J., Chen, Y., Liu, G., & Li, H. (2009). Using Sequence Diagram to Support Aspect-Oriented Programming in MDA. Paper present at the International Conference on Intelligent Human-Machine Systems and Cybernetics (IHMSC), Hangzhou, Zhejiang , China: IEEE Zhang, Y., Liu, Q., & Zhao, G. (2010). A real-time DDoS attack detection and prevention system based on per-IP traffic behavioral analysis. Paper presented at the International Conference on Computer Science and Information Technology (ICCSIT), Chengdu, China: IEEE. |