.

Friday, April 5, 2019

Detection and Mitigation of DDOS Attack

Detection and Mitigation of DDOS AttackA field of study on Detection and Mitigation of Distri merelyed Denial of Service polish in Named entropy Ne iirkingSandesh Rai1*, Dr. Kalpana Sharma 2, and Dependra Dhakal 31Sikkim Manipal constitute of Technology, Student, Computer science Engineering, Rangpo, Sikkim.2Sikkim Manipal Institute of Technology, Head of Department, Professor, Computer Science Engineering, Rangpo, Sikkim3Sikkim Manipal Institute of Technology, Assistant Professor, Computer Science Engineering, Rangpo ,SikkimAbstract. There argon various number of on-going interrogation atomic number 18 taking place thats aims to provide adjacent best Internet architecture although on that point ar varieties of s allot and maturity. This research is main(prenominal)ly based on to provide better warrantor and better loneliness as basic requirements of the protocol. Denial of Service Attacks which is a major step up in current Internet architecture also plays a critical issue in any new-sprung(prenominal) upcoming meshwork architecture and requires major contract for the same. The authorship strain on the disport swamp labialize which is one the different type of Distributed Denial of service bombardment (DDOS).NDN incorporates better security features that detect and mitigate certain attack in the intercommunicates. But its resilience to the attacks has not analyzed yet. It models the Distributed Denial of Service (DDOS) in Named information Nedeucerking where an adversary sends out pastime packet with pasquinade names as an attacking packet to the NDN router.Keywords NDN, DDOS, Content store, Pending bet Table, Cache pollution.1 first appearanceClearly internet has become a part of the day todays life of the people. Millions of people around the creation use it to do various type of day todays task. It connect millions of people around the world via pumped(p) ,wireless, mobile or fixed computing devices and host huge amount of information(which is in the digital form) to be use by people. Internet provides information to be exchanged and has exponentially grown over time. The main ideas of the Todays internet architecture were developed in 70s.The telephone where conversation was point to point. The utilization of the Internet has dramatically changed since 70s and current internet has to adapt well with new usage model, new application and new services. To cope up with these changes, a variety number of research is taking place to design a new Internet architecture.Named Data Networking (NDN) 1 is one of the ongoing research .Its main accusing is to developed a coterminous best Internet architecture for upcoming generation. Its an instantiation of the of the Information centrical forward motion (ICN) or Content Centric approach (CCN) 123. The main objective of the CCN is to provide more flexibility, security and scalability. CCN provide more security by securing the individual pieces of heart and sou l rather than securing the connection. It provides more flexibility by dupeisation means name or else of using IP addresses. NDN is one of the instances of Information Centric Networking (ICN).NDN is based on the working principle of Content-Centric Networking (CCN) 3, where content instead of hosts are the main focal point in the communications architecture. NDN is one of the research projects funded by the coupled State of National Science Foundation (NSF) which is under Future Internet Architecture (FIA) Program 3.NDN focus on the name rather than the location of the host. In NDN e rattling pieces of the entropy is digitally signed by its source producer. The signing in information allows the producer to be trusted and authenticated. Caching of the information is one of the core features of the NDN which helps to optimum use of network bandwidth use in the network . NDN provide an attractive architecture for the entropy distribution, anonymous communication.1.1 Distribu ted Denial of service attackAs the years goes by, Distributed denial of service (DDOS) attack hurl become common and dangerous and it remains among the most critical curses on the current Internet. They are very difficult to detect and mitigate. Any new architecture should detect and mitigate state of matter attack or at least minimum their effeteness. NDN appear to be efficient for the distribution of the content for the legitimate parties but unknown to malicious parties. Instead of using single host computer and single connection for the internet, the DDOS attack utilizes various number of host computers and various number of internet connections. The host computers for an attack are distributed crossways the whole wide world. The difference between a DOS attack VS a DDOS attack is that the victim host leave behind be overloaded by thousands number of resources requests. In the attacks process, the adversary host boss in the network sends request a huge number of zombie f or the attack to take place. A malicious user attacks the network host by requesting resources in a huge number in the form of Interest packets with spoofed names or without spoofed name. These huge numbers of Interest consumes the bandwidth of the network and exhaust a routers retentiveness. This type of attack is known as Interest Flooding Attack (IFA) and this paper exclusively focus on this problem and their proposed countermeasures.2 Overview of NDN ArchitectureNamed data networking is an new and ongoing research architecture whose penury is the architectural mixed of current internet architecture and its various usage. However the architecture design and principles are motivational derivation from the successes of todays Internet architecture 4. The thin waist as can be seen in inning 1 of hour glass architecture was the key service of the enormous growth of the internet by allowing both upside layer and bottom layer technologies to innovate independently. The NDN architect ure contains the same hourglass excogitate as shown in Figure 1.2.1, but changes the thin waist by using data forthwith rather than its location.Figure 2.1 4 NDN Hourglass ArchitecturesFor communication, NDN provide two different packets i.e. Interest and Data packets. A user asks for resources by issuing Interest packet to the router in the network, which contains a name for those particular resources that identifies and verifies the desired data for the host. various fields of a data packet 51.Signature To verify data.2. Key locator To verify signature.3. Publisher realm-supported Key Digest Public key hash of the producer.4. Content name Name of the requested data.5 Selector which include scope and re marchd.Figure 2.2 6 Packets in the NDN ArchitectureAny node having data that satisfies it, a Data packet is issued by the satisfied router 7, each router of NDN contains following different three data structures for Interest packet and Data packet furtherance.i) Content salt away (CS) Recently used data are store.ii) in front Information Base (FIB) Routing table of name of the data and it guides Interests toward data producers 8.iii) Pending Interest Table ( score) Store unsatisfied data request. It record the requested data name8.3 Interest Flooding attacksBy using the information and state of the Pending Interest Table (PIT), a routing of content by router is performed. In the PIT the name of requesting content is looked up for identifying its entry. The malicious node uses the state of the PIT to perform DDOS attacks. Basically there are three types of Interest Flooding attack 9a) Static This type of attack attacks the infrastructure of the network and is limited and caching provides a build in resolvent. The evoke is satisfied by the content of the cache 10.b) dynamically generated Here the requested resources is dynamic and all the requested intimacy reaches to the content producer depleting the network bandwidth and state of the Pending Intere st Table (PIT).Since the requested content is dynamic, in build cache does not serve as countermeasure for the attacks10. c) Non- existing This report focus on this attack type where attacker involves non-satisfiable wager for a non-existing content in the network. These kinds of delight are not taken care by the router and are routed to the content producer depleting network bandwidth and router PIT states 11.In all three types of attacks the malicious host uses a very large number of simulated request, which are distributed in nature, An adversary host can use two features unique to NDN, namely CS and PIT, to perform D land attacks 12 in the router. We focus on attacks that overwhelm the PIT, which keeps record which are not fulfill by a router. The adversary host issues a large set of fake request, which are possibly distributed in nature, to generate a large number of Interest packets with spoofed name as shown in Figure 1.3.1 aiming to (1) overwhelm PIT table in routers, and (2) swamp the target content producers 1314.Figure 3.1 15 Example of Interest flooding attackOnce the PIT is exceed its threshold, all entryway interests are dropped as there leave no memory space available to create entries for new resourced interests. Since the names are spoofed, no Interest packets will be satisfied by the content 16. These packets request will remain in the PIT for as much as possible, which will definitely exhaust the router memory and router resources on routers. This is the goal of Interest flooding attack.4 Related WorksGasti et al. 17 analyzed the resilience of Named Data networking to the DDOS attacks. The paper discussed two different types of attacks with their effect and proposed two countermeasure mechanisms a) Router Statistics and b) Push-back approaches.Afanasyev et al. 18 addressed the flooding attack. Their works explain the feasibility of the interest flooding attacks and the requirement of the effective solution. In terms of evaluation of th e attack the proposed mitigation externalize is complementary to Poseidon mitigation .Afanasyev et al. proposed three different mitigation algorithms a) token bucket with per interface fairness b) satisfaction-based pushback c) satisfaction-based interest credenza. All the three algorithms exploit their own state information to stop Interest flooding attacks. blessedness based pushback mechanism among three algorithms effectively detect and mitigate the attack and ensure all the interest form a legitimate user.Campagno et at. 19 Addressed the flooding attacks and proposed a mitigation algorithm called Poseidon. This algorithm is rigorously used for non-existing type of interest flooding attacks. This mitigation algorithm is used for local and distributed interest flooding attacks.Dai et al. 20 addressed the flooding attacks and proposed a mitigation algorithm. The solution is based on the collaboration of the router and the content producer. Dai et al. proposed Interest abide b yback algorithm. The algorithm generates a spoof data packet to satisfy the interest in the PIT to trace the originators. According to the, the algorithm is not proactive, that overhead the network by sending out spoof data packet for the interest depleting the bandwidth of the network and creating traffic. The main shortcoming of this approach is that its take the dour unsatisfied interest in the PIT as adversary interest and others as legit interest. So the router drops any long incoming interest packet which may be a legitimate interest.Choi et al. 21 addressed the overview of the Interest Flooding attacks for strictly non-existing content only on NDN. The paper tries to explain the effectiveness of the attack in the network and in quality of services.Karami et al. 22 addressed and provide a hybrid algorithm for the solution. The algorithm is proactive. There are two phase 1) detection 2) reaction. In detection phase the attack is detect using combination of multi objective evol utionary optimization and Radial basis function (Neural Network).In the reaction phases an accommodative mechanism for reaction is used to mitigate the attacks.5 Analysis of surveyThe following table show the analysis of the all the paper and comparison related only on the project. The table is a comparison of different paper which is create verbally by well-known publishers. The Analysis try to provide a possible research gap that is present on the paper.Table 1.Comparison of different NDN related paperSLnoTitlePublication DetailsSummaryenquiry Gap1DoS DDoS in Named Data NetworkingP. Gasti, G. Tsudik, E. Uzun, and L. Zhang. DoS DDoS in named-data networking. Technical report, University of California.Discussed two types of attacks with their effectuate and potential countermeasures (Router Statistics and Push-back Mechanisms).1. The paper only put a light on the attack and its possible countermeasures.2Interest flooding attack and countermeasures in Named Data NetworkingA. Afa nasyev, P. Mahadevan, I. Moiseenko, E. Uzun, and L. Zhang. Interest flooding attack and countermeasures in Named Data Networking. In IFIP Networking.Proposed three mitigation algorithms. (token bucket with per-interface fairness, satisfaction-based Interest acceptance, and satisfaction-based pushback).1.Improvements in token bucket with per-interface fairness, satisfaction-based Interest acceptance was less effective than satisfaction based pushback.3Poseidon Mitigating interest flooding DDoS attacks in named data networking.A. Compagno, M. Conti, P. Gasti, and G. Tsudik, Poseidon Mitigating interest flooding DDoS attacks in named data networking,Conference on Local Computer Networks.Proposed a framework, named Poseidon, for mitigation of local and distributed Interest flooding attack for non-existing contents1.Fixed Threshold.4A hybrid multiobjective RBFPSO method for mitigating DoS attacks in named data networking.A. Karami and M. Guerrero-Zapata, A hybrid multiobjective RBFPSO me thod for mitigating DoS attacks in named data networking,Neurocomputing.Introduced an intelligent combination algorithm for the solution.1.Investigating inter-domain DoS attacks and applying Hybrid approach.5 brat of DoS by interest flooding attack in content-centric networkingS. Choi, K. Kim, S. Kim, and B.-H. Roh,Threat of DoS by interest flooding attack in content-centric networking, in International Conference on Information Networking.Explain the difficulty for getting a solution flooding attacks in the PIT.1.Analyzing DDoS attacks and their countermeasures.6 palliate ddos attacks in ndn by interest tracebackH. Dai, Y. Wang, J. Fan, and B. Liu. Mitigate ddos attacks in ndn by interest traceback. In NOMEN.Introduced a traceback solution where a node sends a spoof data packet to trace the host.1. Only the request which is long is considered as malicious request.6 ConclusionThis report starts with a brief introduction of the CCN, NDN architecture and which is provided followed by common and most critical attacks in todays internet. NDN mainly focuses on the data security, data privacy for the users. This report clearly represents only the starting step for mitigating DDOS attacks on the Pending Interest Table in the context of NDN. In this paper, we have explained DDOS attack and its various types namely, interest flooding attack. We have discussed current research regarding the attack, their existing solution, and try to analyze the given solution for detection and mitigation. The adversary tries to exploit interest forwarding rule to make certain interest for the packet with the never existing content name. We analyzed that the victim of the attack is host and PIT of the router. Thus a huge amount of Interest packet will reside on the PIT of the router which use and exhaust the memory of the router and computing resources of the router which will definitely repose the performance of the router. The NDN is the latest ongoing research topic and a new propo se Internet architecture where limited research have been done for the mitigation and detection of the interest flooding attack and then there is a very much need for details analysis on the security to begin with the architecture actually deployed.ReferencesV. Jacobson, M. Mosko, D. Smetters, and J. Garcia-Luna-Aceves. Content- centric networking, Whitepaper, Palo Alto Research Center, pp. 2-4 (2007)V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass, N. H. Briggs, and R. L. Braynard,.Networking named content,in Proceedings of the 5th International Conference on acclivitous Networking Experiments and Technologies, ACM(2009)L. Zhang, D. Estrin, J. Burke, V. Jacobson, J. D. Thornton, D. K. Smetters, B. Zhang, G. Tsudik, D. Massey, C. Papadopoulos et al. Named data networking (NDN) project, Relatorio Tecnico NDN-0001, Xerox Palo Alto Research Center-PARC( 2010)J. Pan, S. Paul, and R. Jain. A survey of the research on rising internet architectures, communications Magazine, IEE E (2011)A. Hoque, S. O. Amin, A. Alyyan, B. Zhang, L. Zhang, and L. Wang. NLSR Named-data link state routing protocol,in Proceedings of the 3rd ACM SIGCOMM Workshop7Information-Centric Networking, ACM, pp. 15-20(2013)V. Jacobson, J. Burke, L. Zhang, B. Zhang, K. Claffy, D. Krioukov, C. Papadopoulos, L. Wang, E. Yeh, and P. Crowley.Named data networking (NDN) project 2013- 2014 report,http//named-data.net, Annual elevate Report( 2014)C. Ghali, G. Tsudik, and E. Uzun. Elements of trust in named-data networking, ACM SIGCOMM Computer Communication Review, ACM, vol. 44, no. 5, pp. 1-9 (2014)M. Aamir and S. M. A. Zaidi,.Denial-of-service in content centric (named data) networking A tutorial and state-of-the-art survey, Security and Communication Networks, vol. 8, no. 11, pp. 2037-2059 (2015)M. Wahlisch, T. C. Schmidt, and M. Vahlenkamp. Backscatter from the data plane threats to stability and security in information-centric networking. CoRR, abs/1205.4778 (2012)Content centric networking (CCNx) project. http//www.ccnx.org.A. Afanasyev, I. Moiseenko, and L. Zhang. ndnSIM NDN simulator for NS-3. Technical Report NDN-0005, 2012, University of California, Los Angeles(2012)Wang R, Jia Z, Ju L. An Entropy-Based Distributed DDoS Detection Mechanism in Software-Defined Networking. InTrustcom/BigDataSE/ISPA, Vol. 1, pp. 310-317(2013)Kumar, K., Joshi, R.C. and Singh, K.. A distributed approach using entropy to detect DDoS attacks in ISP domain. In Signal Processing, Communications and Networking, ICSCN07. International Conference on pp. 331-337(2007)Feinstein L, Schnackenberg D, Balupari R, Kindred D. Statistical approaches to DDoS attack detection and response. InDARPA Information Survivability Conference and Exposition, 2003. Proceedings Vol. 1, pp. 303-314(2003)Krishnan, R., Krishnaswamy, D. and Mcdysan, D. Behavioral security threat detection strategies for data center switches and routers. In Distributed Computing Systems Workshops (ICDCSW), 2014 IEEE 34th International Conference on pp. 82-87(2014)Zhang Y.An adaptive flow counting method for anomaly detection in SDN. InProceedings of the ninth ACM conference on Emerging networking experiments and technologies pp. 25-30(2013)P. Gasti, G. Tsudik, E. Uzun, and L. Zhang, DoS and DDoS in named data networking, in 22nd International Conference on Computer Communications and Networks (ICCCN), pp. 1-7(2013)A. Afanasyev, P. Mahadevan, I. Moiseenko, E. Uzun, and L. Zhang.Interest flooding attack and countermeasures in named data networking, in IFIP Networking Conference, pp. 1-9(2013)A. Compagno, M. Conti, P. Gasti, and G. Tsudik,Poseidon Mitigating interest flooding DDoS attacks in named data networking,in 38th Conference on Local Computer Networks (LCN), IEEE, pp. 630- 638(2013)H. Dai, Y. Wang, J. Fan, and B. Liu, Mitigate DDoS attacks in NDN by interest traceback, in Conference on Computer Communications Workshops.(INFOCOM WKSHPS), IEEE,pp. 381- 386(2013)S. Choi, K. Kim, S. Kim, and B.-H. Roh, Threat of DoS by interest flooding attack in content-centric networking, in International Conference on Information Networking (ICOIN), pp. 315-319(2013)A. Karami and M. Guerrero-Zapata. A hybrid multiobjective RBFPSO method for mitigating DoS attacks in named data networking, Neurocomputing, vol. 151, pp. 1262-1282(2015)

No comments:

Post a Comment