A Control Theoretic Approach for Resilient Network Services

Vempati, Jagannadh Ambareesh

12 1900

Resilient networks have the ability to provide the desired level of service, despite challenges such as malicious attacks and misconfigurations. The primary goal of this dissertation is to be able to provide uninterrupted network services in the face of an attack or any failures. This dissertation attempts to apply control system theory techniques with a focus on system identification and closed-loop feedback control. It explores the benefits of system identification technique in designing and validating the model for the complex and dynamic networks. Further, this dissertation focuses on designing robust feedback control mechanisms that are both scalable and effective in real-time. It focuses on employing dynamic and predictive control approaches to reduce the impact of an attack on network services. The closed-loop feedback control mechanisms tackle this issue by degrading the network services gracefully to an acceptable level and then stabilizing the network in real-time (less than 50 seconds). Employing these feedback mechanisms also provide the ability to automatically configure the settings such that the QoS metrics of the network is consistent with those specified in the service level agreements.

Control Theory

Resilient

Network

DDoS

Feedback control

Graceful Degradation

System Identification

Computer Science

Computer networks -- Security measures.

Feedback control systems.

Control theory.

System identification.

Implementation of Cache Attack on Real Information Centric Networking System

Anto Morais, Faustina J.

01 January 2018

Network security is an ongoing major problem in today’s Internet world. Even though there have been simulation studies related to denial of service and cache attacks, studies of attacks on real networks are still lacking in the research. In this thesis, the effects of cache attacks in real information-centric networking systems were investigated. Cache attacks were implemented in real networks with different cache sizes and with Least Recently Used, Random and First In First Out algorithms to fill the caches in each node. The attacker hits the cache with unpopular content, making the user request that the results be fetched from web servers. The cache hit, time taken to get the result, and number of hops to serve the request were calculated with real network traffic. The results of the implementation are provided for different topologies and are compared with the simulation results.

Thesis

University of North Florida

UNF

DoS

DDoS

ICN

Cache

Cache Attack

Caching

Computer and Systems Architecture

Digital Communications and Networking

Využití jazyka P4 k popisu akcelerovaného zařízení na ochranu před DoS útoky / P4 Language-Based Description of Accelerated Device against DoS Attacks

Kuka, Mário

January 2019

This thesis describes the development of a networking device used to defend against (D)DoS attacks using P4 language. The main purpose was to design flexible device using P4 lan-guage based on already existing device, this would allow us to quickly react and respond to new more complex DDoS attacks. The design of the device dealt with the transfer of individual parts of the firmware into the P4 language. Subsequently, the entire device firmware was designed for hardware accelerators with FPGA technology. The firmware had been designed with respect to the limitations of current P4 language compilers. The device has been tested under laboratory conditions for functionality and performance. The device will be deployed in the network infrastructure of CESNET.

Hacking for the State? : The Use of Private Persons in Cyber Attacks and State Responsibility

Olovson, Natali

January 2020

While there are many examples to turn to regarding the thriving phenomenon of private persons being exploited to launch cyber attacks on behalf of states, this thesis will direct it’s attention onto two special cases. Russia has been accused of being the state actor behind the cyber attacks on Estonia in 2007 and Georgia in 2008. The cases are chosen as Estonia have been recognised as the first coordinated cyber attack on a foreign country, and Georgia being the first case were cyber attacks have been utilised in synchronisation with military action. The purpose of the thesis is to analyse the facts of each case in relation to the International Law Commission’s Draft Articles on Responsibility of States for Internationally Wrongful Acts (DARSIWA). The analysis will work through article 4, article 5, article 8 and article 11. The main question is how Russia may be hold as legally responsible under international law for the private conduct of ’patriotic’ hackers, the Nashi Youth Group and the Russian Business Network. The thesis concludes that while the circumstances of each case highly indicate state-involvement, this cannot be proven under the respective criterias of the articles and Russia does therefore not bear legal responsibility.

state responsibility

cyber attack

Russia

hacktivism

Nashi

Russian Business Network

effective control

adoption of act

government authority

Estonia

Georgia

DDoS

Law (excluding Law and Society)

Implementation of data-collection tools using NetFlow for statistical analysis at the ISP level / Implementation av datainsamlingsverktyg med NetFlow på ISP-nivå för statistisk analys av datatrafik

Karlström, Daniel

January 2012

Defending against Dos- and DDoS attacks is difficult to accomplish; finding and filtering out illegitimate traffic from the legitimate flow is near impossible. Taking steps to mitigate or even block the traffic can only be done once the IP addresses of the attackers are known. This is achievable by monitoring the flows to- and from the target and identifying the attacker's IP addresses, allowing the company or their ISP to block the addresses itself by blackholing them (also known as a null route). Using the IP accounting and monitoring tool “pmacct”, this thesis aims to investigate whether or not the pmacct suite is suited for larger installations when tracking and mitigating DDoS-attacks, such at an Internet Service Provider (ISP). Potential problems are the amount of traffic that need to be analyzed and the computational power required to do it. This thesis also provide information about the pmacct suite at large. The conclusions are positive, indicating it does scale up to handle larger installations when given careful consideration and planning. / Att försvara sig mot DoS-och DDoS-attacker är svårt att åstadkomma; att hitta och filtrera ut illegitim trafik från det legitima flödet är nästan omöjligt. Att vidta åtgärder när en sådan attack upptäcks kan endast göras när IP-adresserna från angriparna är kända. Detta kan uppnås genom att man övervakar trafikflödet mellan målet för attacken och angriparna och ser vilka som sänder mest data och på så sätt identifierar angriparna.. Detta tillåter företaget eller dess ISP att blockera trafiken ifrån dessa IP-adresser genom att sända trafiken vidare till ingenstans. Detta kallas blackhole-routing eller null-routing. Genom att använda redovisnings- och övervakningsprogrammet pmacct syftar denna uppsats på att undersöka hurvida pmacct-sviten är lämpad för större installationer när det gäller att spåra och förhindra DDoS-attacker, såsom hos en Internetleverantör eller dylikt. Potentialla problem som kan uppstå är att mängden trafik som måste analyserar blir för stor och för krävande. Denna avhandling går även igenom pmacct-verktyget i sig. Slutsatserna är lovande, vilket indikerar att den har potential av att kunna hantera sådana stora miljöer med noggrann planering.

pmacct

statistical analysis

bgp

peer

peering

routing

route

quagga

virtual router

virtual

router

linux

graph

graphing

mrtg

database

mysql

script

scripting

python

bash

libpcap

mdh

data collection

data

collection

collecting

ISP

internet service provider

DoS

DDoS

attack

pmacct

statistisk analys

bgp

peer

peering

peera

routing

route

quagga

virtuell router

virtuell

router

linux

graf

grafa

mrtg

databas

mysql

script

scripting

python

bash

libpcap

mdh

datainsamling

insamling

data

ISP

internetleverantör

DoS

DDoS

attack

Computer Engineering

Datorteknik

E-crimes and e-authentication - a legal perspective

Njotini, Mzukisi Niven

27 October 2016

E-crimes continue to generate grave challenges to the ICT regulatory agenda. Because e-crimes involve a wrongful appropriation of information online, it is enquired whether information is property which is capable of being stolen. This then requires an investigation to be made of the law of property. The basis for this scrutiny is to establish if information is property for purposes of the law. Following a study of the Roman-Dutch law approach to property, it is argued that the emergence of an information society makes real rights in information possible. This is the position because information is one of the indispensable assets of an information society. Given the fact that information can be the object of property, its position in the law of theft is investigated. This study is followed by an examination of the conventional risks that ICTs generate. For example, a risk exists that ICTs may be used as the object of e-crimes. Furthermore, there is a risk that ICTs may become a tool in order to appropriate information unlawfully. Accordingly, the scale and impact of e-crimes is more than those of the offline crimes, for example theft or fraud. The severe challenges that ICTs pose to an information society are likely to continue if clarity is not sought regarding: whether ICTs can be regulated or not, if ICTs can be regulated, how should an ICT regulatory framework be structured? A study of the law and regulation for regulatory purposes reveals that ICTs are spheres where regulations apply or should apply. However, better regulations are appropriate in dealing with the dynamics of these technologies. Smart-regulations, meta-regulations or reflexive regulations, self-regulations and co-regulations are concepts that support better regulations. Better regulations enjoin the regulatory industries, for example the state, businesses and computer users to be involved in establishing ICT regulations. These ICT regulations should specifically be in keeping with the existing e-authentication measures. Furthermore, the codes-based theory, the Danger or Artificial Immune Systems (the AIS) theory, the Systems theory and the Good Regulator Theorem ought to inform ICT regulations. The basis for all this should be to establish a holistic approach to e-authentication. This approach must conform to the Precautionary Approach to E-Authentication or PAEA. PAEA accepts the importance of legal rules in the ICT regulatory agenda. However, it argues that flexible regulations could provide a suitable framework within which ICTs and the ICT risks are controlled. In addition, PAEA submit that a state should not be the single role-player in ICT regulations. Social norms, the market and nature or architecture of the technology to be regulated are also fundamental to the ICT regulatory agenda. / Jurisprudence / LL. D.

Biometric characters

Computer hacking

E-authentication

Furtum,

ICT regulation

ID fraud

ID theft

Information or computer systems

Larceny

Man-in-the-middle attacks

Phishing

ICTs

PAEAN

345.268

Computer crimes -- Law and legislation

Computer networks -- Security measures

Authentication

Phishing

Intellectual property

Anonymní pohyb v síti internet / Anonymous communication on the internet

Hořejš, Jan

January 2014

The objective of this master’s thesis was to describe current capabilities of anonymous browsing over the Internet. The theoretical part focuses on three main methods of anonymization with main focus on Tor network. The master‘s thesis describes advantages and disadvantages of different solutions and possible attacks on them. In the next part is demonstrated Tor network, implementation of Hidden service and secured access to the server for clients and possible attacks against this proposal. The work also includes the results of measurements of all three anonymizers and the effects on their speed.

Odposlech moderních šifrovaných protokolů / Interception of Modern Encrypted Protocols

Marček, Ján

January 2012

This thesis deals with the introduction to the security mechanism.The procedure explains the basic concepts, principles of cryptography and security of modern protocols and basic principles that are used for information transmission network. The work also describes the most common types of attacks targeting the eavesdropping of communication. The result is a design of the eavesdropping and the implementation of an attack on the secure communication of the SSL protocol..The attacker uses a false certificate and attacks based on poisoning the ARP and DNS tables for this purpose. The thesis discusses the principles of the SSL protocol and methodology of attacks on the ARP and DNS tables.