MODELLING DDOS TOLERANCE IN NIGERIA CYBERSECURITY CONTEXT

MODELLING DDOS TOLERANCE IN NIGERIA CYBERSECURITY CONTEXT

  • The Complete Research Material is averagely 52 pages long and it is in Ms Word Format, it has 1-5 Chapters.
  • Major Attributes are Abstract, All Chapters, Figures, Appendix, References.
  • Study Level: BTech, BSc, BEng, BA, HND, ND or NCE.
  • Full Access Fee: ₦4,000

Get the complete project » Instant Download Active

CHAPTER ONE

 INTRODUCTION

1.1 Background to the Study

Computer Networking is considered a branch in Computer Science, Electrical Engineering, Information Technology or Computer Engineering as they all rely on both practical and theoretical aspect of Network application in our society today. Computer Networks were originally developed to connect number of devices through wires so that devices can share some information and data with each other, but with the increase in the number of entities which needs network access and are not physically attached to any wired network, then the wireless network was developed to serve. These wireless networks are computer network that utilizes wireless connection network. There are two categories of wireless network namely:

a.       Infrastructure  Network

b.      Infrastructure-less Network

Infrastructure Network are networks that contains fixed and wired gateways and the Infrastructure-less Network are networks that contains multi-hop wireless nodes and it has no fixed infrastructure (Kaur and Kaur, 2013). 

Routing is the process of transferring a packet from source to its destination. In a routing process, the wireless sensor node will search for a path or route to communicate with the other nodes in the network. Protocols are set of activities or rules through which two or more devices communicate with each other. Routing is also the process of selecting best path in a network; it could also mean forwarding of network. It is performed in many kinds of network which includes Circuit Switching and Packet Switching. Some Routing schemes used in delivering semantics are: (Kaur and Kaur, 2013)

a.       Unicast – it delivers to a single node

b.      Anycast – it delivers to many of a group node

c.       Multicast – delivers to a group of nodes                                                                                       

Anycast is a method used to advertise one IP address from multiple points in the network topology, and with the help of dynamic routing method, the traffic is delivered to the nearest point. Anycast is a technique used to deliver packet to the closest in a group (Patridge et al., 1993).

 Figure 1.1: Anycast Network Topology (data:image/anycast-dns1.jpg)  

A Denial of Service (DoS) attack is an attempt by the adversary to prevent the legitimate users of a service from using that service. Generally speaking, any attack that can saturate or exhaust system resources or get the system into fault status or sometimes even crashes should be identified as a DoS attack. DoS problems are not new, as they have been there for more than 20 years and keep evolving over time. The first well-known DoS is the Morris Worm which is an Internet worm developed by a graduate student (Zhang, 2012).

Nowadays, DoS attacks are usually launched in a distributed way: the attack traffic is from many attacking sources and the aggregated traffic volume is so big that it can easily deplete the victim’s key computing resources, such as bandwidth and CPU time. When the adversary compromises multiple machines to launch a Denial-of-Service attack, this becomes a Distributed Denial of Service (DDoS) attack (Zhang, 2012).

Figure 1.2 below depicts the DDoS attack been launched on anycast network.

       Figure 1.2: DDoS attack (http://1.bp.blogspot.com/DDoS-Attack.jpg) 

Researchers found out some motives for launching DDoS attacks which are listed below:

(gathered from botnet economy)

a.       Some show off their skills or prove they found some system

vulnerabilities like the Morris Worm

b.      Economic incentive like blackmailing the victims such as companies

c.       Political reasons

In 2001, researchers from CAIDA observed 12000 attacks against more than 5000 distinct targets from a 3 weeks long dataset using backscatter analysis (Moore et al.,

2001).

According to the report from Arbor Networks the scale of the DDoS attacks evolved a lot that it was observed a significant increase in the prevalence of attack rates in the 10Bbps range. The frequency of DDoS attacks though is not as high as year 2000 to year 2004, is

still far from extinction.                      

Figure 1.3: Bandwidth attacks reported from 114 service providers. (Moore et al.,

2001)

1.2 Categories of DDoS Attacks

Preventing or mitigating DDoS attacks is not an easy job. First we have to understand how the attacks work. Some categories of DDoS attacks are as:

1.2.1 Semantics Attacks

In semantic attacks, a single machine can complete the attack goal, since one malformed packet is enough to impede the service. Semantic attacks can be prevented by fixing the corresponding bugs in the protocols or applications. Some examples of semantics attacks are:

1.2.1.1 Teardrop

The adversary sends incorrect IP fragments to the target. The target machine may crash if it does not implement TCP/IP fragmentation re-assembly code properly (CERT, 2010).

This kind of attack can be prevented by fixing the IP implementation bugs in operating systems.

1.2.1.2 Ping of Death                                                                                                                                    

A ping of death is an attack that the adversary sends the victim a ping packet which has more than 65535 byte. Since many systems cannot handle ping packets larger than 65535 bytes, handling packets of this size may cause a buffer overflow which may cause a system crash (Kenney, 2012).

1.2.1.3 Border Gateway Protocol (BGP) Poisoning

The BGP is used to establish routing paths between networks in Autonomous system level. The routing information is updated by exchanging the BGP advertisement between routers. Usually, the routers update their routing tables without verification of the BGP advertisements. The adversary can subvert the network communication by announcing a better route to some destinations, and then all the packets to the destinations are routed to the adversary.

Also the adversary can disturb the BGP routing by announcing fake BGP advertisements with addresses of other routers. Then the corresponding traffic will be routed to those routers which do not have optimal routes to the destination (Kent et al., 2000).

1.2.2 Brute Force

Brute force attacks aim at exhausting the victim’s network bandwidth or computing resources by means of flooding massive malicious packets. To deplete the victim’s computation resources, the adversary usually uses the packets of Internet protocols which have request-reply scheme, such as TCP, HTTP. During the attacks, massive spurious requests are flooded to keep the target busy serving them, thus impeding the legitimate usage. To deplete the bandwidth, the adversary can basically flood any types of packets to congest the target network link. Examples can be UDP flooding and ICMP flooding.

1.2.2.1 SYN Flood

In a SYN flood attack, the adversary takes the advantage of the three-way handshake for a TCP connection. In normal execution, when a TCP server receives a SYN packet, it opens a session for this new connection and sends back a SYN/ACK packet to the initiator. When it reaches a timeout and there is no ACK packet received from the corresponding initiator, the session will be closed and the corresponding resources for the session are released. During the attack, the adversary continues sending SYN packets without sending back the final ACK packets for the TCP handshakes, the server’s resource (e.g. memory) can be quickly depleted by maintaining many half open sessions, thus legitimate connection requests cannot be served (Wesley, 2007).

1.2.2.2  Hypertext Transfer Protocol (HTTP) Flood

In HTTP flood attacks, the adversary floods massive spurious HTTP requests for downloading a web file from the target server. This file is usually a large file that the server may need to load from the hard disc and spend considerable CPU time to transfer it via packets. However, continuously requesting big files can be suspicious. To avoid being detected, the adversary can instruct zombie machines to get a specific web page as the start and then follow the links on that page recursively, which can mimic the normal web browsing behaviors (Peng et al., 2007).

1.2.2.3 Internet Communication Message Protocol (ICMP) Flood (Smurf Attack) In an ICMP flood attack, the adversary floods ICMP Echo packets to some network which broadcasts these messages to all the hosts in the network. These ICMP Echo packets have the victim’s IP address. All the hosts who receive the echo packet will send

Echo reply packets to the victim, which exhaust the victim’s bandwidth. Actually, this kind of attack is a mixture of a semantic attack with brute force. The way the attack works is based on response mechanism in ICMP. However, from the perspective of the victim, it is brute force, as the type of the attack is just flooding packets from many machines. Similar to ICMP flooding attack, the adversary can take advantages of any reply-based protocol to launch reflected attack, by spoofing requests from the victim to a large set of Internet servers, resulting in a big volume of reply messages towards the victim network. Common protocols used in this kind of attacks include DNS queries,

ICMP (Vaughn and Evron, 2006).

1.2.2.4  User Datagram Protocol (UDP) Flood

During a UDP flood attack, the victim’s network is overwhelmed by a large volume of UDP packets (CERT, 2010). The attack packets are usually with random port numbers. When the victim receives a packet, if there is no application listening at the corresponding port, then the victim may generate an ICMP packet of “destination unreachable” to the sender. Thus massive UDP packets to the victim’s inactive ports may exhaust both incoming and outgoing capacities of the victim.

1.3 Research Problem

Some limitations have been observed in the existing methods which need to be addressed to maximize the confidentiality of the authentication token of the outgoing packets, these are:

a.       The SHA1 hashing method used can result to collision in the hash value

b.      The checking routers are changed periodically; leading to possibility of compromising a router at the border end of the cluster. 

After studying the literature of the papers reviewed, means were devised to improve on the security of the existing system using dynamically changing checking router and the hashing method used in the proposed has more length of hash value thereby leading to less brute force attack.

1.4 Research Motivation

As recent studies have indicated, DoS and DDoS attacks remain to be a severe threat to the stability of the Internet. This area of study has received much attention in the last several years because many people believe that these attacks will be a persistent threat in the Internet and could undermine the stability and usability of the Internet (Zhang, 2012). Despite methods that are in existence today, the threat of these attacks still lingers and future attacks will be powerful (Mohammed, 2010).

So, due to the problem of less security and confidentiality of the existing system, we intend to improve on the filtering efficiency and granularity control of in the proposed system.

1.5 Research Aim and Objectives

The aim of this study is to mitigate Distributed Denial of Service (DDoS) using Enhanced Cluster based (E–CluB) proactive method in Nigeria cybersecurity.

The Objectives are to:

a.       design a system that will enhance security of packets in transmission thereby mitigating attacks in anycast networks;

b.      implement the proposed E-CluB framework; 

c.       evaluate the performance of the proposed system with the existing system (Zhang, 2012) with respect to filtering efficiency, granularity control and latency of transmission of the systems.

1.6 Research Methodology

a.       Conduct literature review to establish limitations of the existing solutions to DDoS attack in anycast networks.

b.      Design tool such as graphical network simulator 3 (GNS3) was used to design the anycast Networks including its routers. 

c.       Backtrack 5 was used to launch DDoS attack on the anycast IPv6 anycast network

d.      Blowfish was employed as a hashing method to secure the authentication tokens for packets in transmission.

e.       The message was encrypted using the public key encryption before the message leaves the cluster.

f.       The wamp server was used to implement the E-CluB framework.

g.      The wireshark analyzer was used to take the traffic readings of the attack and mitigation on both the existing and proposed systems

h.      The proposed system was compared with that of Zhang (2012) when the system is under attack based on filtering efficiency, granularity control and latency of transmission in both systems.

i.        Discussion and presentation of results in graphical and tabular form

1.7 Organization of the Dissertation

This dissertation explains “Enhanced Cluster Based (E-CluB) Proactive framework for mitigating Distributed Denial of Service (DDoS) attacks in anycast networks”, and it consists of five chapters.

Chapter one is the dissertation Introduction: Background of study, Research Motivation, Research Aim and Objectives, Research Methodology and the Organization of the

dissertation. 

Chapter two focuses on Literature Review, System Study, Review of the existing System, Problems of the existing System and Proposed Solution. 

Chapter three is the Design and Implementation, Analysis for the Proposed System and Implementation Organization.  

Chapter Four focuses on the Result discussion and Result Analysis. 

Chapter Five focuses on the Summary, Conclusions and References





Share a Comment


You can find more project topics easily, just search

Quick Project Topic Search