Partial Completion Filter Technique for Distributed Denial of Service Attacks

International Journal of Computer Science (IJCS) Published by SK Research Group of Companies (SKRGC).

Abstract

A computer system should provide confidentiality, integrity and assurance against denial of service. However, due to increased connectivity (especially Internet), and the vast spectrum of financial possibilities that are opening up, more and more systems are subject to attack by intruders. When the computer came into existence the minimum security provided is the User Name and Password protection. Through which it is easily detected and misuse can happen very often. Later when the encryption came into existence with various encryption techniques / algorithm, the intruder can able to trace out the encrypted code. Next level of improvement is in the form of Network security. The Network security with various forms and this paper concentrates on the concept of Denial of Service attack. The paper proposes a system with a novel data structure called Partial Completion Filter(PCF), which detects a wide variety of DoS and scanning attacks that belongs to several categories (bandwidth based, claim-and-hold, port-scanning).This system can also detect bandwidth attacks that are scalable in the network.

References

[1] P. Barford, J. Kline, D. Plonka, and A. Ron, ?A Signal Analysis of Network Traffic Anomalies?, in Proc. 2nd ACM SIGCOMM Internet Measurement Workshop, 2002, pp. 71–82.

[2] B. H. Bloom, ?Space/Time Tradeoffs in Hash Coding with Allowable Errors?, Communication ACM, vol. 13, no. 7, pp. 422–426, Jul. 1970.

[3] L. Carter and M. N.Wegman, ?Universal Classes of Hash Functions?, Computer. System Science. vol. 18, no. 2, pp. 143–154, 1979.

[4] C. Estan and G. Varghese, ?New Directions in Traffic Measurement and Accounting?, in Proc. ACM SIGCOMM, 2002, pp. 271–282.

[5] C. Gilbert, S. Guha, P. Indyk, S. Muthukrishnan, and M. J. Strauss, ?Quicksand: Quick Summary and Analysis of Network Data?, DIMACS, Tech. Rep. 2001-43, 2001.

[6] T. M. Gill and M. Poletto, ?MULTOPS: A DataStructure for Bandwidth Attack Detection?, in Proc. 10th USENIX Security Symp., 2001, pp. 23–38.

[7] L. T. Heberlein, G. V. Dias, K. N. Levitt, B. Mukherjee, J. Wood, and D. Wolber, ?A Network Security Monitor?, in Proc. IEEE Symp. Research in Security and Privacy, 1990, pp. 296–304.

[8] Hussain, J. Heidemann, and C. Papadopoulos, ?A Framework for Classifying Denial of Service Attacks?, in Proc. ACM SIGCOMM, 2003,pp. 99–110.

[9] J. Jung, V. Paxson, A. Berger, and H. Balakrishnan, ?Fast Portscan Detection Using Sequential Hypothesis Testing?, in Proc. IEEE Symp. Security and Privacy, 2004, pp. 211–225.

[10] B. Krishnamurthy, S. Sen, Y. Zhang, and Y. Chen, ?Sketch-Based Change Detection: Methods, Evaluation, and Applications?, in Proc. 3rd ACM SIGCOMM Internet Measurement Conf., 2003, pp. 234–247

[11] J. Lemon, ?Resisting SYN Flooding DoS Attacks with a SYN Cache?, in Proc. USENIX BSDCon‘2002, pp. 89- 98.

[12] K. Levchenko, R. Paturi, and G.Varghese, ?On the Difficulty of Scalable Detecting Network Attacks?, in Proc. 11th ACM Conf. Computer and Communications Security, 2004, pp. 12–20.

[13] R. J. Larsen and M. L. Marx, ?An Introduction to Mathematical Statistics and its Applications?, Upper Saddle River, NJ: Prentice-Hall, 2001.

[14] D. Moore, G. Voelker, and S. Savage, ?Inferring Internet Denial of Service Activity?, in Proc. 10th USENIX Security Symp., Aug. 2001, pp. 9–22.

[15] V. Paxson, ?Bro: A System for Detecting Network Intruders in Real-time?, Computer Networks, vol. 31, no. 23–24, pp. 2435–2463, 1999.

[16] V. Paxson, ?An Analysis of Using Reflectors for Distributed Denial of Service Attacks?, Computer Communication. Rev., vol. 31, no. 3, Jul. 2001.

[17] S. Robertson, E. V. Siegel, M. Miller, and S. J. Stolfo, ?Surveillance Detection in High Bandwidth Environments?, in Proc. 2003 DARPA DISCEX III Conf., pp. 229–238.

[18] S. J. Staniford, ?Containment of Scanning Worms in Enterprise Networks?, Computer Security, 2004, to be published.

[19] S. Staniford, V. Paxson, and N. Weaver, ?How to Own the Internet in Your Spare Time?, in Proc. 11th USENIX Security Symp., Aug. 2002, pp. 149–167.

[20] E. Shenk, ?Another New Thought on Dealing with SYN Flooding?, 1996

[21] N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, ?A Taxonomy of Computer Worms?, in Proc. ACM Workshop of Rapid Malcode (WORM), 2003, pp. 11–18.

[22] H.Wang, D. Zhang, and K. Shin, ?Detecting SYN Flooding Attacks?, in Proc. IEEE INFOCOM, 2002, pp. 1530–1539.

[23] H. Wang, D. Zhang, and K. Shin, ?SYN-Dog: Sniffing SYN Flooding Sources?, in Proc. IEEE Int. Conf. Distributed Computing Systems (ICDCS), 2002, pp. 421– 428.

[24]Yaar, A. Perrig, and D. Song, ?SIFF: A Stateless Internet Flow Filter to Mitigate Ddos Flooding Attacks?, in Proc. IEEE Symp. Security and Privacy, 2004, pp. 130–143

Keywords

Intrusion Detection System, Distributed Denial of Service, PCF.