• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 4
  • 1
  • Tagged with
  • 5
  • 5
  • 3
  • 3
  • 3
  • 2
  • 2
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Using Probing Packets to Repair The Incomplete IP Traceback

Huang, Ming-Cheng 23 June 2004 (has links)
An enhancement of probability packet marking (PPM) used to trace back the DoS attacker is proposed by this paper. Our work is based on the probabilistic packet marking algorithm by Savage[1] in which an attack graph can be reconstructed by a victim site. Furthermore, we discuss some routers which do not support PPM in attacked path called non-PPM router. We use algorithm to recover one and two successive non-PPM routers. Recover three and four successive non-PPM routers by using IP RR (record routing) option. Five successive non-PPM routers and above are between two PPM routers, we discuss about Loosen Source Routing that record all traveled IP addresses into IP header. The temp table record edges which produced by proposed algorithm. And the hop table records which path the packet come from. Before the PPM system run, routers send probe packets we proposed above to recover the incomplete attack path.
2

Denial of Service Traceback: an Ant-Based Approach

Yang, Chia-Ru 14 July 2005 (has links)
The Denial-of-Service (DoS) attacks with the source IP address spoofing techniques has become a major threat to the Internet. An intrusion detection system is often used to detect DoS attacks and to coordinate with the firewall to block them. However, DoS attack packets consume and may exhaust all the resources, causing degrading network performance or, even worse, network breakdown. A proactive approach to DoS attacks is allocating the original attack host(s) issuing the attacks and stopping the malicious traffic, instead of wasting resources on the attack traffic. In this research, an ant-based traceback approach is proposed to identify the DoS attack origin. Instead of creating a new type or function needed by the router or proceeding the high volume, find-grained data, the proposed traceback approach uses flow level information to spot the origin of a DoS attack. Two characteristics of ant algorithm, quick convergence and heuristic, are adopted in the proposed approach on finding the DoS attack path. Quick convergence efficiently finds out the origin of a DoS attack; heuristic gives the solution even though partial flow information is provided by the network. The proposed method is validated and evaluated through the preliminary experiments and simulations generating various network environments by network simulator, NS-2. The simulation results show that the proposed method can successfully and efficiently find the DoS attack path in various simulated network environments, with full and partial flow information provided by the network.
3

Denial of Service attacks: path reconstruction for IP traceback using Adjusted Probabilistic Packet Marking

Dube, Raghav 17 February 2005 (has links)
The use of Internet has revolutionized the way information is exchanged, changed business paradigms and put mission critical and sensitive systems online. Any dis- ruption of this connectivity and the plethora of services provided results in significant damages to everyone involved. Denial of Service (DoS) attacks are becoming increas- ingly common and are the cause of lost time and revenue. Flooding type DoS attacks use spoofed IP addresses to disguise the attackers. This makes identification of the attackers extremely difficult. This work proposes a new scheme that allows the victim of a DoS attack to identify the correct origin of the malicious traffic. The suggested mechanism requires routers to mark packets using adjusted probabilistic marking. This results in a lower number of packet-markings required to identify the traffic source. Unlike many related works, we use the existing IPv4 header structure to incorporate these markings. We simulate and test our algorithms using real Internet trace data to show that our technique is fast, and works successfully for a large number of distributed attackers.
4

The Research of Network Security in IP Traceback

Tseng, Yu-kuo 29 September 2004 (has links)
With the dramatic expansion of computers and communication networks, computer crimes, such as threatening letters, fraud, and theft of intellectual property have been growing at a dreadful rate. The increasing frequency of malicious computer attacks on government agencies and Internet businesses has caused severe economic waste and unique social threats. The problems of protecting data and information on computers and communication networks has become even more critical and challenging, since the widespread adoption of the Internet and the Web. Consequently, it is very urgent to design an integrated network-security architecture so as to make information safer, proactively or reactively defeat any network attack, make attackers accountable, and help the law enforcement system to collect the forensic evidences. Among a variety of attacks on computer servers or communication networks, a prevalent, famous, and serious network-security subject is known as "Denial of Service" (DoS) or "Distributed Denial of Service" (DDoS) attacks. According to an investigation on computer crime conducted by CSI/FBI in 2003, Internet DoS/DDoS have increased in frequency, severity, and sophistication, and have caught international attentions to the vulnerability of the Internet. DoS/DDoS attacks consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Such attacks are among the hardest security problems to address because they are simple to implement, difficult to prevent, and very difficult to trace. Therefore, this dissertation will firstly concentrate on how to resolve these troublesome DoS/DDoS problems. This is considered as the first step to overcome generic network security problems, and to achieve the final goal for accomplishing a total solution of network security. Instead of tolerating DoS/DDoS attacks by mitigating their effect, to trace back the attacking source for eliminating the attacker is an aggressive and better approach. However, it is difficult to find out the true attacking origin by utilizing the incorrect source IP address faked by the attacker. Accordingly, this dissertation will aim at conquering this representative network security problem, i.e. DoS/DDoS attacks, with IP traceback, and designing an optimal IP traceback. IP traceback ¡X the ability to trace IP packets to their origins¡Xis a significant step toward identifying, and thus stopping, attackers. A promising solution to the IP traceback is probabilistic packet marking (PPM). This traceback approach can be applied during or after an attack, and it does not require any additional network traffic, router storage, or packet size increase. Therefore, the IP traceback research on countering DoS/DDoS attacks will be based on PPM scheme. In this dissertation, three outstanding improvements among four PPM criteria¡Xthe convergency, the computational overhead, and the incomplete PPM deployment problem¡Xhas been achieved. PPM-NPC is proposed to improve the PPM convergency and computational overhead. With non-preemptively compensation, the probability of each marked packet arrived at the victim equals its original marking probability. Therefore, PPM-NPC will efficiently achieve the optimal convergent situation by simply utilizing a 2-byte integer counter. Another better scheme, CPPM, is also proposed, such that the marked packets can be fully compensated as well while they are remarked. With CPPM, the probability of each marked packet arrived at the victim will also equal its original marking probability. Consequently, CPPM will achieve the optimal convergent situation efficiently as well. Furthermore, RPPM-NPC is presented to advance the accuracy of a reconstructed path in an incomplete PPM deployment environment by correcting and recovering any discontinuous individual transparent router and any segment of consecutive double transparent routers. This scheme may also reduce the deployment overhead without requiring the participation of all routers on the attack path. Except for these improved criteria, PPM robustness, some weak assumptions in PPM, and a few unsolved problems for PPM, e.g. reflective DDoS attacks, will also be improved in the future. It is also interesting in combining other network security researches, such as IDS, system access control mechanism, etc., for constructing a more complete network security architecture. Therefore, this research hereby is done in order to completely resolve the troublesome flood-style DoS/DDoS problems, and as the basis for accomplishing a total solution of network security.
5

PERFORMANCE EVALUATION OF A TTL-BASED DYNAMIC MARKING SCHEME IN IP TRACEBACK

Devasundaram, Shanmuga Sundaram January 2006 (has links)
No description available.

Page generated in 0.0761 seconds