Académique Documents
Professionnel Documents
Culture Documents
1. INTRODUCTION
Internet services are indispensable and yet, vulnerable to Denial of Service (DoS)
attacks, and especially to Distributed Denial of Service (DDoS) attacks. DDoS attacks,
which many attacking agents cooperate to cause excessive load to a victim host, service,
or network. DDoS attacks have increased in importance, number and strength over the
years, becoming a major problem. Furthermore, significant growth in size of attacks
and in their sophistication is reported. BW-DDoS employed relatively crude, inefficient,
brute force mechanisms; future attacks may be significantly more effective, and hence
much more harmful. To meet the increasing threats, more advanced defenses should be
deployed. This may involve some proposed mechanisms (not yet deployed), as well as
new approaches.
A denial-of-service attack is characterized by an explicit attempt by attackers to
prevent legitimate users of a service from using that service. Examples include attempts
to flood a network, thereby preventing legitimate network traffic attempts to disrupt
connections between two machines, thereby preventing access to a service attempts to
prevent a particular individual from accessing a service attempts to disrupt service to a
specific system or person Denial-of-service attacks come in a variety of forms and aim
at a variety of services. There are three basic types of attack: consumption of scarce,
limited, or non-renewable resources by sending illegitimate traffic there by denying
service to the legitimate users.
BW-DDoS Attacks
BW-DDoS attacks are usually generated from a large number of compromised
computers (zombies or pup- pets). According to recent surveys, BW-DDoS attacks are
the most frequently used DoS method.1,2 Most BW- DDoS attacks use a few simple
ideas, mainly flooding (many agents sending packets at the maximal rate) and reflection
(sending requests to an uncompromised server with a spoofed sender IP address,
causing the server to send longer response packets to the victim). Table 1 sum- marizes
the different attacks we discuss in this article.
Flooding attacks have created significant damage, because attackers were able to use a
sufficient number of agents to cause massive bandwidth consumption leading to packet
loss. However, it seems that, gradually, attackers are adopting more complex and
effective attacks. For example, the largest attacks reported in recent years consisted of
DEPARTMENT Of CSE, MCET
100 Gbps in 2010, 60 Gbps in 2011 and 2012, and 300 Gbps in 2013.2,3 The 2010,
2011, and 2013 attacks were DNS reflection and amplification attacks. In 2012, the
largest attack targeted the DNS infrastructure. Researchers have discovered even more
effective BW-DDoS techniques, for instance, with higher amplification factors.
Inducing a significant percentage of packet loss is no easy task. Generally, packet
delivery probability is the ratio between the available bottleneck link bandwidth and the
attack rate. However, as Figure 1 shows, congestion or (small) packet loss probability
causes dramatic performance degradation in TCP connections. This performance
degradation is due to TCPs congestion control mechanism, which drastically reduces
TCPs sending rate upon packet loss. Thus, BW-DDoS damage might be worse than the
mere consumed bandwidth.
Disadvantages
PPM strategy can only operate in a local range of the Internet (ISP network), where
the defender has the authority to manage. ISP networks are generally quite small,
and cannot traceback to the attack sources located out of the ISP network.
Because of the vulnerability of the original design of the Internet, we may not be
able to find the actual hackers at present.
core (that is, in routers), or close to the source. Usually, to be effective in BW-DDoS
mitigation, filtering must occur before the congested link, because the victim usually
isnt in a position to hold back the attack.One example of filtering is preventing source
IP spoofing. RFCs 2827 and 3704 recommend that ISPs employ ingress filtering and
filter packets with IP addresses external to that network. Many ISPs do this; however,
approximately 15 percent of Internet addresses can still send spoofed packets.2,6 LOT
(Lightweight Opportunistic Tunneling) is another solution to mitigate spoofing by
opportunistically establishing tunnels between gateways and adding a random tag to
tunneled packets, making it difficult for attackers to guess the correct tag value.12
Packets not carrying the correct tag are discarded, preventing the spoofing of packets
that originate from incorrect networks.
Additional filtering mechanisms include access control lists (ACLs), Remote-Triggered
Blackhole (RTBH), and firewalls. ACLs are router mechanisms that allow or deny
matching flows. Theyre often configured manually; however, some intrusion
prevention systems can configure ACLs automatically. Each ACL entry takes a
significant amount of memory and some time to process, so routers should limit ACL
rules in both number and processing time. Memory and CPU use increase as more ACL
entries are used, which might be an additional target for DDoSnot necessarily
bandwidth based.
RTBH (RFC 5635) uses the routers forwarding tables such that all traffic to the victim
or from attacking sources is forwarded to a blackhole, completely denying access to
the target. RTBH uses a small amount of memory and its processing is faster than ACL.
However, RTBH filtering is significantly more aggressive and might help an attacker
disconnect its victim from its sources and/or destinations, thereby potentially achieving
the goal with little resources.
Rate limiting. In contrast to completely blocking the attacking flows, rate-limiting
schemes let the offending flows transmit their typical rate or obey some other limit.
Researchers proposed rate limiting at routers in several forms, including capabilities,
packet tagging, and scheduling based. Capabilities are tokens issued by the destination
(server) to the source (client). Capabilities inform the source, and more importantly the
routers en route, that the destination is willing to accept traffic from this source. The
issued capabilities are attached to packets the source sends, allowing routers en route to
DEPARTMENT Of CSE, MCET
identify and prioritize approved flows. Note that packets without capabilities arent
filtered; instead, they get lower delivery probability, which effectively limits their rate
during attack periods. SIFF (Stateless Internet Flow Filter) proposed stateless
capabilities wherein capabilities are calculated using (keyed) hash.13 Routers check and
prioritize flows carrying verified capabilities. TVA (traffic validation architecture)
keeps a (small) state in routers and lets servers request specific restrictions per flow.
Capabilities based solutions assume that victims will authorize only legitimate sources
and wont cooperate with attackers. Deployment of capabilities-based solutions requires
changes to both end hosts and routers.
Detouring and Absorbing.
Absorption overlays are overprovisioned with bandwidth and can absorb BW-DDoS
attacks. They construct a perimeter around the victim server that only selected nodes
can penetrate; unauthorized traffic is filtered. Cloud (practical) or overlay (academic)
solutions route traffic via the cloud or overlay, which scrubs the attack flows.
Absorption clouds and overlays were designed specifically to mitigate BW-DDoS and
were investigated in several works, such as SOS (Secure Overlay Services).18 Note that
overlay solutions usually introduce new protocols and hence typically require updating
host software. Other solutions, mainly those deployed, make no protocol
Breakthrough. The final category of BW-DDoS mechanisms are those that use
aggressive clients to break through the congestion. Aggressive clients use TCPfriendly
protocols as long as they can sustain enough goodput. When TCPs goodput drops
below some threshold, aggressive clients commence using protocols without congestion
control, such as UDP, thereby exploiting the real network delivery probability. An
important design goal of aggressive clients is to avoid self-generated BW-DDoS
attacks.
Defense Mechanism Location
The various defense mechanisms can be deployed at different network locations. Some
are deployed close to the destination, that is, near the victim. Note that defense
mechanisms close to the destination might get a good idea about some of the attacks
properties, but they might not be well-positioned to mitigate BW-DDoS attacks because
many packets are discarded near the victim due to the exhausted resources. Hence,
many defense mechanisms try to mitigate attacks closer to the source. Router or
DEPARTMENT Of CSE, MCET
Advantages
2. ANALYSIS
System analysis is a general term that refers to an orderly, structured process for
identifying and solving problems. We call system analysis process lifecycle
methodology, since it relates to four significant phases in the lifecycle of all business
information system. The life cycle is divided into four phases.
Study Phase
Design Phase
Development Phase
Implementation Phase
Analysis implies the process of breaking something into parts so that the whole may be
understood. The definition of the system analysis includes not only the process of
analysis but also that of synthesis, which implies the process of putting together to form
a new whole.
All activities associated with each life cycle phase must be performed, managed and
documented. Hence we define system analysis as the performance, management,
documentation of the activities related to the life cycle phases of a computer-based
business system. In the study phase a detailed study of the project is made and clear
picture of the project is in mind. In the design phase the designing of the input, output
and table designs are made. Development phase is where the physical designing of the
input-output screens and coding of the system is done. System implementation actually
implements the system by making necessary testing.
Financial Feasibility:
The analysis raises financial and economic questions during the preliminary
investigation to estimate the following:
To be judged feasible, a proposal for the specific project must pass all these
tests, otherwise it is not considered as a feasible project. I gathered the details regarding
the financial aspects incorporated in the system to make it cost efficient.
Operational Feasibility.
Suppose for a moment that technical and economic resources are both judged adequate.
The systems analyst must still consider the operational feasibility of the requested
project. Operational feasibility is dependent on human resources available for the
project and involves projecting whether the system will operate and be used once it is
installed. If users are virtually wed to the present system, see no problems with it, and
generally are not involved in requesting a new system, resistance to implementing the
new system will be strong. Chances for it ever becoming operational are low.
analysis in systems
engineering,
encompasses those tasks that go into determining the needs or conditions to meet for a
new
or
altered
product
or
project,
taking
account
of
the
possibly
taking
account
of
the
possibly
conflicting requirements of
the
10
3. DESIGN
3.1 INPUT DESIGN
Input design converts user-oriented inputs to computer-based format, which requires
careful attention. The collection of input data is the most expensive part of the system in
terms of the equipment used and the number of people involved. In input design, data is
accepted for computer processing and input to the system is done through mapping via
some map support or links.Inaccurate input data is the most common cause of errors in
data processing. The input screens need to be designed very carefully and logically. A
set of menus is provided which help for better application navigation. While entering
data in the input forms, proper validation checks are done and messages will be
generated by the system if incorrect data has been entered.
11
down to the lowest level of detail. In the normal convention a DFD has four major
symbols.
Symbols used in DFD are:
Square, this defines source or destination of data.
Level 0
Level 1
12
Level 2
Level 3
13
4. SYSTEM MODELLING
4.1 UML DIAGRAM
14
5. CODING
Coding is the software activity where the detailed design specification is implemented
as source code. Coding is the lowest level of abstraction for the software development
process. It is the last stage in decomposition of the software requirements where module
specifications are translated into a programming language.
Typical tasks for Coding
Traceability analyses
FEATURES OF JAVA
Platform Independence
The Write-Once-Run-Anywhere ideal has not been achieved (tuning for different
platforms usually required), but closer than with other languages.
Object Oriented
Object oriented throughout - no coding outside of class definitions, including main().
Compiler/Interpreter Combo
Code is compiled to byte codes that are interpreted by a Java virtual machines
(JVM).
15
This provides portability to any machine for which a virtual machine has been
written.
The two steps of compilation and interpretation allow for extensive code
checking and improved security.
Robust
Exception handling built-in, strong type checking (that is, all data must be
declared an explicit type), local variables must be initialized.
No memory pointers
No preprocessor
Security
No memory pointers
Dynamic Binding
The linking of data and methods to where they are located is done at run-time.
New classes can be loaded while a program is running. Linking is done on the
fly.
16
Even if libraries are recompiled, there is no need to recompile code that uses
classes in those libraries.
This differs from C++, which uses static binding. This can result in fragile
classes for cases where linked code is changed and memory pointers then point
to the wrong addresses.
Good Performance
Threading
Built-in Networking
Java was designed with networking in mind and comes with many classes to
develop sophisticated Internet communications.
5.2 CODES
Client
package ui;
import java.awt.Dimension;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.WindowEvent;
import java.awt.event.WindowListener;
import java.io.IOException;
import java.io.ObjectOutputStream;
DEPARTMENT Of CSE, MCET
17
18
19
20
/* Response */
JLabel jLabel2 = new JLabel("Response :");
jLabel2.setBounds(20, 180, 100, 40);
jFrame.add(jLabel2);
jTextAreaRes = new JTextArea();
jScrollPane = new JScrollPane(jTextAreaRes);
jScrollPane.setBounds(20, 230, 660, 400);
jFrame.add(jScrollPane);
/* Routing Table */
jLabel3 = new JLabel("Routing Info :");
jLabel3.setBounds(320, 30, 150, 40);
jLabel3.setVisible(false);
modelRouting = new
DefaultTableModel(Constants.routerInfo, 0);
jTableRouting = new JTable(modelRouting);
jScrollPane2 = new JScrollPane(jTableRouting);
jScrollPane2.setVisible(false);
jScrollPane2.setBounds(320, 70, 300, 100);
jFrame.add(jLabel3);
jFrame.add(jScrollPane2);
screenCenter();
}
public void screenCenter() {
Dimension dim = jFrame.getToolkit().getScreenSize();
int screenWidth = dim.width;
int screenHeight = dim.height;
int frameWidth = screenWidth / 3;
int frameHeight = screenHeight / 3;
jFrame.setSize(700, 700);
jFrame.setLocation((screenWidth - frameWidth) / 2,
(screenHeight - frameHeight) / 2);
}
public static void main(String[] args) {
DEPARTMENT Of CSE, MCET
21
22
23
Router
package ui;
import java.awt.BorderLayout;
import java.awt.Dimension;
import java.awt.event.WindowEvent;
import java.awt.event.WindowListener;
import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.swing.JButton;
import javax.swing.JFrame;
import javax.swing.JTabbedPane;
import javax.swing.UIManager;
import javax.swing.UnsupportedLookAndFeelException;
import javax.swing.UIManager.LookAndFeelInfo;
import logic.Multicst;
import logic.Receiver;
import logic.SocketListener;
24
25
26
27
IDS System
package ui;
import java.awt.BorderLayout;
import java.awt.Dimension;
import java.awt.event.WindowEvent;
import java.awt.event.WindowListener;
import java.net.InetAddress;
import javax.swing.JButton;
DEPARTMENT Of CSE, MCET
28
29
30
31
@Override
public void windowIconified(WindowEvent e) {
//throw new UnsupportedOperationException("Not supported
yet."); //To change body of generated methods, choose Tools |
Templates.
}
@Override
public void windowDeiconified(WindowEvent e) {
//throw new UnsupportedOperationException("Not supported
yet."); //To change body of generated methods, choose Tools |
Templates.
}
@Override
public void windowActivated(WindowEvent e) {
//throw new UnsupportedOperationException("Not supported
yet."); //To change body of generated methods, choose Tools |
Templates.
}
@Override
public void windowDeactivated(WindowEvent e) {
//throw new UnsupportedOperationException("Not supported
yet."); //To change body of generated methods, choose Tools |
Templates.
}
}
32
Operating System
: Windows Family.
Programming Language
Ram
: 128Mb.
Hard Disk
: 10 GB.
Input device
Output device
33
6. SYSTEM TESTING
6.1 TESTING PROCEDURES
Unit Testing
Integration Testing
Validation Testing
Output Testing
System Testing
34
35
test that input to a function is probably accepted and output is correctly produced. A
black box testing examines some aspects of a system with little regards for the internal
logical structure of the software. Errors in the following categories were found through
black box testing
Interface errors
Performance errors
Exercise all loops within their boundaries and their operational bounds
36
7. CONCLUSION
BW-DDoS attacks employed relatively crude, inefficient, brute force mechanisms.
However, several known attacks, which arent commonly used, let attackers launch
sophisticated attacks, which are difficult to detect and might considerably amplify
attackers strength. Deployed and proposed defenses might struggle to meet these
increasing threats; therefore, we need to deploy more advanced defenses. This might
involve proposed mechanisms as well as new approaches. Some proposed defenses
raise operational and political issues; these are beyond the scope of our article but
should be considered carefully. Finally, for a defense mechanism to be practical, it must
be easy to deploy and require minor changes, if any, especially to the Internets core
routers.
37
8. REFERENCE
[1] Prolexic Attack Report,Q32011Q42012,P.T.Inc.,2012;
www.prolexic.com/attackreports.
[2] Worldwide Infrastructure Security Reports
Series(20052012),ArborNetworks,2013; www.arbornetworks.com/report.
[3] M. Prince, The DDoS that Almost Broke the Internet,CloudFlare, 27 Mar.
2013; http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet.
[4] S. Wei, J. Mirkovic, and M. Swany, Distributed WormSimulation with a
Realistic Internet Model, Workshop Principles of Advanced and Distributed
Simulation(PADS 05), IEEE CS, 2005, pp. 7179.
[5] S. Antonatos et al., Puppetnets: Misusing Web Browsers as a Distributed
Attack Infrastructure, ACM Trans. Information and System Security, vol. 12,
no. 2, 2008, pp. 12:112:15.
[6] ANA Spoofer Project, Advanced Network Architecture Group, 2012;
http://spoofer.csail.mit.edu/summary.php.
38
9. SCREENSHOT
39
40
41
42
43
44