Countering network level denial of information attacks using information visualization

Conti, Gregory John

27 March 2006

We are besieged with information every day, our inboxes overflow with spam and our search queries return a great deal of irrelevant information. In most cases there is no malicious intent, just simply too much information. However, if we consider active malicious entities, the picture darkens. Denial of information (DoI) attacks assail the human through their computer system and manifest themselves as attacks that target the human's perceptual, cognitive and motor capabilities. By exploiting these capabilities, attackers reduce our ability to acquire and act upon desired information. Even if a traditional denial of service attack against a machine is not possible, the human utilizing the machine may still succumb to DoI attack. When successful, DoI attacks actively alter our decision making, often without our knowledge. In this dissertation, we address the problem of countering DoI attacks. We begin by presenting a taxonomy and framework of DoI attacks and countermeasures to add structure to the problem space. We then closely examine the use of information visualization as a countermeasure. Information visualization is a powerful technique that taps into the high bandwidth visual recognition capability of the human and is well suited to resist DoI attack. Unfortunately, most information visualization systems are designed without a clear emphasis on protecting the human from malicious activity. To address this issue we present a general framework for information visualization system security analysis. We then delve deeply into countering DoI in the network security domain using carefully crafted information visualization techniques to build a DoI attack resistant security visualization system. By creating such a system, we raise the bar on adversaries who now must cope with visualization enhanced humans in addition to traditional automated intrusion detection systems and text-based analysis tools. We conclude with a human-centric evaluation to demonstrate our systems effectiveness.

Computer security

Attacking information visualization

Rumint

Information visualization

Denial of information

Evaluating information visualization

Network visualization

The Research of Network Security in IP Traceback

Tseng, Yu-kuo

29 September 2004

With the dramatic expansion of computers and communication networks, computer crimes, such as threatening letters, fraud, and theft of intellectual property have been growing at a dreadful rate. The increasing frequency of malicious computer attacks on government agencies and Internet businesses has caused severe economic waste and unique social threats. The problems of protecting data and information on computers and communication networks has become even more critical and challenging, since the widespread adoption of the Internet and the Web. Consequently, it is very urgent to design an integrated network-security architecture so as to make information safer, proactively or reactively defeat any network attack, make attackers accountable, and help the law enforcement system to collect the forensic evidences. Among a variety of attacks on computer servers or communication networks, a prevalent, famous, and serious network-security subject is known as "Denial of Service" (DoS) or "Distributed Denial of Service" (DDoS) attacks. According to an investigation on computer crime conducted by CSI/FBI in 2003, Internet DoS/DDoS have increased in frequency, severity, and sophistication, and have caught international attentions to the vulnerability of the Internet. DoS/DDoS attacks consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Such attacks are among the hardest security problems to address because they are simple to implement, difficult to prevent, and very difficult to trace. Therefore, this dissertation will firstly concentrate on how to resolve these troublesome DoS/DDoS problems. This is considered as the first step to overcome generic network security problems, and to achieve the final goal for accomplishing a total solution of network security. Instead of tolerating DoS/DDoS attacks by mitigating their effect, to trace back the attacking source for eliminating the attacker is an aggressive and better approach. However, it is difficult to find out the true attacking origin by utilizing the incorrect source IP address faked by the attacker. Accordingly, this dissertation will aim at conquering this representative network security problem, i.e. DoS/DDoS attacks, with IP traceback, and designing an optimal IP traceback. IP traceback ¡X the ability to trace IP packets to their origins¡Xis a significant step toward identifying, and thus stopping, attackers. A promising solution to the IP traceback is probabilistic packet marking (PPM). This traceback approach can be applied during or after an attack, and it does not require any additional network traffic, router storage, or packet size increase. Therefore, the IP traceback research on countering DoS/DDoS attacks will be based on PPM scheme. In this dissertation, three outstanding improvements among four PPM criteria¡Xthe convergency, the computational overhead, and the incomplete PPM deployment problem¡Xhas been achieved. PPM-NPC is proposed to improve the PPM convergency and computational overhead. With non-preemptively compensation, the probability of each marked packet arrived at the victim equals its original marking probability. Therefore, PPM-NPC will efficiently achieve the optimal convergent situation by simply utilizing a 2-byte integer counter. Another better scheme, CPPM, is also proposed, such that the marked packets can be fully compensated as well while they are remarked. With CPPM, the probability of each marked packet arrived at the victim will also equal its original marking probability. Consequently, CPPM will achieve the optimal convergent situation efficiently as well. Furthermore, RPPM-NPC is presented to advance the accuracy of a reconstructed path in an incomplete PPM deployment environment by correcting and recovering any discontinuous individual transparent router and any segment of consecutive double transparent routers. This scheme may also reduce the deployment overhead without requiring the participation of all routers on the attack path. Except for these improved criteria, PPM robustness, some weak assumptions in PPM, and a few unsolved problems for PPM, e.g. reflective DDoS attacks, will also be improved in the future. It is also interesting in combining other network security researches, such as IDS, system access control mechanism, etc., for constructing a more complete network security architecture. Therefore, this research hereby is done in order to completely resolve the troublesome flood-style DoS/DDoS problems, and as the basis for accomplishing a total solution of network security.

IP traceback

probabilitic packet marking

denial of service attack

computer network security

Mining Network Traffic Data for Supporting Denial of Service Attack Detection

Ma, Shu-Chen

17 August 2005

Denial of Service (DoS) attacks aim at rendering a computer or network incapable of providing normal services by exploiting bugs or holes of system programs or network communication protocols. Existing DoS attack defense mechanisms (e.g., firewalls, intrusion detection systems, intrusion prevention systems) typically rely on data gathered from gateways of network systems. Because these data are IP-layer or above packet information, existing defense mechanisms are incapable of detecting internal attacks or attackers who disguise themselves by spoofing the source IP addresses of their packets. To address the aforementioned limitations of existing DoS attack defense mechanisms, we propose a classification-based DoS attack detection technique on the basis of the SNMP MIB II data from the network interface to induce a DoS detection model from a set of training examples that consist of both normal and attack traffic data). The constructed DoS detection model is then used for predicting whether a network traffic from the network interface is a DoS attack. To empirically evaluate our proposed classification-based DoS attack detection technique, we collect, with various traffic aggregation intervals (including 1, 3, and 5 minutes), normal network traffic data from two different environments (including an enterprise network, and a university campus network) and attack network traffics (including TCP SYN Flood, Land, Fake Ping, and Angry Ping) from an independent experimental network. Our empirical evaluation results show that the detection accuracy of the proposed technique reaches 98.59% or above in the two network environments. The evaluation results also suggest that the proposed technique is insensitive to the traffic aggregation intervals examined and has a high distinguishing power for the four types of DoS attacks under investigation.

Denial of Service

Analysis of SNMP Traffic Data

Data Mining

Classification Analysis

Attack Detection

Network Security

The political power of diaspora as external actors in armed civil conflict : ethnonationalist conflict-generated diaspora use of social media in transnational political engagement in homeland conflict : the case of Rwanda

Martin, Michelle Elaine

January 2013

This study explores the power of ethnonationalist conflict-generated diasporas (CGD) as external actors in homeland conflict by exploring the nature of their political engagement on a transnational level using Internet Communication technologies (ICTs), with Rwanda as a case study. Virtual ethnography was chosen as the research methodology to explore the online activities of Rwandan CGD using social media (social networking sites) to form virtual transnational networks for political purposes. Diasporic online formations and activities were mapped in order to gain increased insights into ways that CGD use social media to engage in homeland conflict, and the effect their engagement has on the conflict cycle in the home country. Results of the study revealed that Rwandan CGDs demonstrate attitudes and motivations to act in ways that are consistent with other case studies of CGD, including exhibiting an enduring commitment and loyalty to co-ethnics, a romanticized conceptualization of homeland and a myth of return home. The results also revealed Rwandan CGDs' strong propensity to use social media to engage in homeland conflict on a political level through the development of a large and dense transnational network used for a range of political purposes, including the dissemination of genocide denial and propaganda consistent with the pre-genocide propaganda campaign. Implications for peace-building and conflict analysis are discussed.

303.6

Αναγνώριση επιθέσεων DDoS σε δίκτυα υπολογιστών

Δαμπολιάς, Ιωάννης

16 May 2014

Στόχος της εργασίας είναι η μελέτη των κατανεμημένων επιθέσεων άρνησης υπηρεσίας σε δίκτυα υπολογιστών καθώς και οι τρόποι αντιμετώπισής και αναγνώρισής τους με χρήση νευρωνικού δικτύου. / The aim of this work is the study of distributed denial of service attacks on computer networks. Analyze the methods of DDoS attacks as well as how to deal and recognize them by using neural network.

Δίκτυα υπολογιστών

005.8

Computer networks

Distributed denial of service (DDoS)

Προστασία συστημάτων από κατανεμημένες επιθέσεις στο Διαδίκτυο / Protecting systems from distributed attacks on the Internet

Στεφανίδης, Κυριάκος

17 March 2014

Η παρούσα διατριβή πραγματεύεται το θέμα των κατανεμημένων επιθέσεων άρνησης υπηρεσιών στο Διαδίκτυο. Αναλύει τα υπάρχοντα συστήματα αντιμετώπισης και τα εργαλεία που χρησιμοποιούνται για την εξαπόλυση τέτοιου είδους επιθέσεων. Μελετά τον τρόπο που οργανώνονται οι επιθέσεις και παρουσιάζει την αρχιτεκτονική και την υλοποίηση ενός πρωτότυπου συστήματος ανίχνευσης των πηγών μιας κατανεμημένης επίθεσης άρνησης υπηρεσιών, καθώς και αντιμετώπισης των επιθέσεων αυτών. Τέλος, ασχολείται με το θέμα της ανεπιθύμητης αλληλογραφίας ως μιας διαφορετικού είδους επίθεση άρνησης υπηρεσιών και προτείνει ένα πρωτότυπο τρόπο αντιμετώπισής της. / In our thesis we deal with the issue of Distributed Denial of Service attacks on the Internet. We analyze the current defense methodologies and the tools that are used to unleash this type of attacks. We study the way that those attacks are constructed and organized and present a novel architecture, and its implementation details, of a system that is able to trace back to the true sources of such an attack as well as effectively filter such attacks in real time. Lastly we deal with the issue of spam e-mail as a different form of a distributed denial of service attack and propose a novel methodology that deals with the problem.

Ασφάλεια δικτύων

005.8

Network security

Adolescents' Knowledge, Attitudes and Behaviour Regarding HIV/AIDS in Valhalla Park: An Exploratory Study.

Isaacs, Conrad Henry.

January 2008

<p>In South Africa there is still a substantial amount of prejudice towards people living with Aids (PLA). Initially, Aids was seen as a &lsquo / gay&rsquo / disease, then a &lsquo / black&rsquo / disease. People thus tended to avoid high-risk groups rather than high-risk behaviour, and denied their own vulnerability by displacing the disease to an &lsquo / other&rsquo / who did not belong to &lsquo / their&rsquo / group. This study focuses on factors that influence and motivate adolescents&rsquo / behavior towards HIV/AIDS at Beauvallon High School in Valhalla Park / an impoverished, peri-urban and previously coloured only community.</p>

Adolescent

Attitude

Behaviour

Beliefs

Denial

HIV/AIDS Knowledge

Perceptions

Vulnerability

Valhalla Park.

A Novel Design and Implementation of DoS-Resistant Authentication and Seamless Handoff Scheme for Enterprise WLANs

Lee, Isaac Chien-Wei

January 2010

With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design of 802.11i does not consider network availability. Therefore, it has been suggested that 802.11i is highly susceptible to malicious denial-of-service (DoS) attacks, which exploit the vulnerability of unprotected management frames. This research first investigates common DoS vulnerabilities in a Robust Security Network (RSN), which is defined in the 802.11i standard, and presents an empirical analysis of such attacks – in particular, flooding-based DoS attacks. To address those DoS issues, this thesis proposes a novel design and implementation of a lightweight stateless authentication scheme that enables wireless access points (APs) to establish a trust relationship with an associating client and derive validating keys that can be used to mutually authenticate subsequent layer-2 (link layer) management frames. The quality of service provisioning for real-time services over a WLAN requires the total latency of handoff between APs to be small in order to achieve seamless roaming. Thus, this thesis further extends the proposed link-layer authentication into a secure fast handoff solution that addresses DoS vulnerabilities as well as improving the existing 802.11i handoff performance. A location management scheme is also proposed to minimise the number of channels required to scan by the roaming client in order to reduce the scanning delay, which could normally take up 90% of the total handoff latency. In order to acquire practical data to evaluate the proposed schemes, a prototype network has been implemented as an experimental testbed using open source tools and drivers. This testbed allows practical data to be collected and analysed. The result successfully demonstrated that not only the proposed authentication scheme eradicates most of the DoS vulnerabilities, but also substantially improved the handoff performance to a level suitable for supporting real-time services.

802.11i

802.11r

WLAN

handoff

roaming

Denial of service

attacks

scanning

RSNA

client puzzle

authentication

Qualities in the short life : psychological studies relevant to patient and spouse in malignant glioma

Salander, Pär

January 1996

This thesis deals with psychological issues concerning patients with malignant gliomas, and their spouses. There is no known medical cure, and the patients have a limited survival expectancy. Therefore studies evaluating new treatment modes, an overall supportive atmosphere, and attempts to avoid imposing unnessesary strain are necessary. Thirty consecutive patients with astrocytomas, grade III-IV, were included in a clinical trial with estramustine phosphate in addition to conventional treatment with surgery and radiotherapy. Both the patients and their spouses participated in the present study which aimed at a deeper understanding of the psychological processes relevant to their situation. By means of repeated thematically structured interviews, patients and spouses were followed separately during the entire course of the disease process. In addition to these interviews, all patients were assessed with a mini-mental examination, and five-month survivors were tested with a comprehensive neuropsychological battery. Questionnaires on reaction to the diagnosis and assessing psychosocial well-being were also administered to the patients. The interviews were analysed with grounded theory methodology and the findings were juxtaposed to concepts in psychoanalysis and coping theory. The main finding was that the patients, despite or owing to their severe medical situations, showed a marked capacity to create protection and hope. By means of biased perception they created an 'illusion' that palliated their strain. This finding is related to object-relational psychoanalysis with obvious implications for the crucial discussion on telling bad news. Another finding was that the spouses displayed different crisis trajectories depending on the overall status of their partners. Different senses of the relationship were related to different modes of coping. Especially spouses to patients with personality changes were put under severe strain and ought to be acknowledged by medical staff. Patients with no obvious deficits five months after termination of primary treatment nevertheless evidenced, at neuropsychological testing, a pronounced deficiancy in long-term memory, but no clear impairment in global intellectual capacities. Estramustine phosphate was found to have a negative impact on sexuality and might be one causative agent behind the decline in long-term memory, but these adversive effects did not seem to affect psychosocial well-being. The selective reminding technique proved to be sensitive in detecting deficits and is recommended in future clinical trials affecting the CNS. / <p>Diss. (sammanfattning) Umeå : Umeå universitet, 1996, härtill 5 uppsatser.</p> / digitalisering@umu

astrocytoma

communication

coping

defence mechanism

denial

glioma

hope

memory

neuropsychology

quality of life

spouse

Ideological themes of eugenics and gender in contemporary British fascism : a discursive analysis

Miller, Laura

January 1999

This thesis is a study of contemporary British fascist ideology as expressed in the texts produced by or in association with the British National Party (BNP). It differs from previous studies in that it starts at the depth of the ideology and examines its rhetorical and ideological structure. Drawing on the theory and methodology of critical discourse analysis, this thesis explores the rhetorical and presentational strategies used in contemporary British fascist texts. As such, it examines how constructions of us and the Other are deracialised, warranted and constructed as fact. The thesis also differs from previous studies in that it explores the pattern of contemporary British fascist ideology and emphasises its intrinsically gendered nature. Eugenics is taken as the core ideological theme of fascism, whose focus is on breeding a racially pure and healthy nation. The notion of breeding ensures that gender lies at the core of the ideology. Drawing on the idea of a polarised rhetorical and argumentative structure, this thesis also examines how fascism constructs the ideological opposites of eugenics. The first opposite to eugenics explored in this thesis is liberal ideology and specifically feminism. The analysis examines how fascist opposition to these is based on the essentialist belief in the fixed biological nature of both race and gender. The analysis looks at the presentational strategies as well as the argumentative content of antifeminist discourse in contemporary British fascist texts. The second opposite to eugenics explored is multiculturalism. The thesis explores how stories about rape simultaneously construct race and warrant arguments about the harmful effects of their presence on our society. The analysis examines the various presentational strategies used to portray üs as the victims of the Other. It is by studying the interconnection between these three themes that this thesis argues that fascism, with its eugenic orientation, is not only a racial ideology but a gendered one. The analysis of contemporary British fascist accounts undertaken in this thesis goes some way to providing an understanding of the relationship between gender and race that is at the essentialist core of fascist ideology.

320