.

Wednesday, June 5, 2019

Detection and Mitigation of DDOS Attack

Detection and Mitigation of DDOS AttackA Survey on Detection and Mitigation of Distri excepted defensive measure of dish of process ardor in NamedData NetworkingSandesh Rai1*, Dr. Kalpana Sharma 2, and Dependra Dhakal 31Sikkim Manipal Institute of Tech noogy, Student, estimator Science Engineering, Rangpo, Sikkim.2Sikkim Manipal Institute of Technology, Head of Department, Professor, Com wanderer Science Engineering, Rangpo, Sikkim3Sikkim Manipal Institute of Technology, Assistant Professor, Computer Science Engineering, Rangpo ,SikkimAbstract. There atomic number 18 heterogeneous yield of on-going research are taking place thats aims to provide next best Internet computer computer architecture although on that point are varieties of scope and maturity. This research is mainly base on to provide better certificate and better privacy as basic requirements of the protocol. Denial of Service Attacks which is a major issue in current Internet architecture also plays a crit ical issue in any virgin upcoming internet architecture and requires major focus for the same. The makeup focus on the Interest flooding bam which is one the different pillow slip of Distributed Denial of service fight (DDOS).NDN incorporates better security features that detect and mitigate certain dishonor in the networks. But its resiliency to the attacks has not analyzed yet. It presents the Distributed Denial of Service (DDOS) in Named Data Networking where an adversary sends out Interest mailboat with spoof differentiates as an attacking packet to the NDN router.Keywords NDN, DDOS, pith store, Pending Interest Table, Cache pollution.1 IntroductionClearly internet has become a part of the day todays life of the people. Millions of people around the world handling it to do various type of day todays task. It connect millions of people around the world via wired ,wireless, mobile or fixed computing devices and host huge amount of information(which is in the digital fo rm) to be implementd by people. Internet provides information to be exchanged and has exponenti aloney grown over time. The main ideas of the Todays internet architecture were developed in 70s.The telephone where conversation was point to point. The utilization of the Internet has dramatically changed since 70s and current internet has to adapt well with modernistic usage model, revolutionary application and new services. To cope up with these changes, a variety number of research is taking place to design a new Internet architecture.Named Data Networking (NDN) 1 is one of the on-going research .Its main objective is to developed a next best Internet architecture for upcoming generation. Its an instantiation of the of the Information Centric approach (ICN) or Content Centric approach (CCN) 123. The main objective of the CCN is to provide to a greater extent flexibility, security and scalability. CCN provide more security by securing the individual pieces of content rather than s ecuring the connection. It provides more flexibility by using content name instead of using IP addresses. NDN is one of the instances of Information Centric Networking (ICN).NDN is based on the working belief of Content-Centric Networking (CCN) 3, where content instead of hosts are the main focus in the communications architecture. NDN is one of the research projects funded by the United State of National Science tail (NSF) which is under Future Internet Architecture (FIA) Program 3.NDN focus on the name rather than the location of the host. In NDN every pieces of the information is digitally write by its source producer. The signing in data allows the producer to be trusted and authenticated. Caching of the data is one of the core features of the NDN which helps to optimum use of network bandwidth use in the network . NDN provide an attractive architecture for the data distribution, anonymous communication.1.1 Distributed Denial of service attackAs the years goes by, Distribute d denial of service (DDOS) attack have become common and dangerous and it remains among the most critical threats on the current Internet. They are very difficult to detect and mitigate. Any new architecture should detect and mitigate country attack or at least minimum their effeteness. NDN appear to be efficient for the distribution of the content for the legitimate parties but unknown to malicious parties. Instead of using single host computer and single connection for the internet, the DDOS attack utilizes various number of host computers and various number of internet connections. The host computers for an attack are distributed across the whole wide world. The difference between a DOS attack VS a DDOS attack is that the victim host will be overloaded by thousands number of resources requests. In the attacks process, the adversary host node in the network sends request a huge number of zombie for the attack to take place. A malicious substance abuser attacks the network host b y requesting resources in a huge number in the form of Interest packets with spoofed names or without spoofed name. These huge numbers of Interest consumes the bandwidth of the network and exhaust a routers memory. This type of attack is known as Interest fill up Attack (IFA) and this paper exclusively focus on this problem and their proposed countermeasures.2 Overview of NDN ArchitectureNamed data networking is an new and ongoing research architecture whose motivation is the architectural mixed of current internet architecture and its various usage. However the architecture design and principles are motivational derivation from the successes of todays Internet architecture 4. The thin waist as can be seen in Figure 1 of hour glass architecture was the key service of the enormous ontogenesis of the internet by allowing both upside layer and bottom layer technologies to innovate independently. The NDN architecture contains the same hourglass shape as shown in Figure 1.2.1, but chan ges the thin waist by using data directly rather than its location.Figure 2.1 4 NDN Hourglass ArchitecturesFor communication, NDN provide two different packets i.e. Interest and Data packets. A user asks for resources by issuing Interest packet to the router in the network, which contains a name for those particular resources that identifies and verifies the desired data for the host. Different fields of a data packet 51.Signature To verify data.2. Key locator To verify signature.3. Publisher Public Key Digest Public key hash of the producer.4. Content name Name of the pass a ache data.5 Selector which include scope and reserved.Figure 2.2 6 Packets in the NDN ArchitectureAny node having data that satisfies it, a Data packet is issued by the fulfil router 7, each router of NDN contains following different three data structures for Interest packet and Data packet forwarding.i) Content Store (CS) Recently used data are store.ii) Forward Information Base (FIB) Routing table of name o f the data and it guides Interests toward data producers 8.iii) Pending Interest Table ( jibe) Store unsatisfied data request. It record the communicate data name8.3 Interest Flooding attacksBy using the information and state of the Pending Interest Table (PIT), a routing of content by router is performed. In the PIT the name of requesting content is looked up for identifying its en effort. The malicious node uses the state of the PIT to perform DDOS attacks. Basically there are three types of Interest Flooding attack 9a) Static This type of attack attacks the infrastructure of the network and is limited and caching provides a build in solution. The rice beer is satisfied by the content of the collect 10.b) Dynamically generated Here the quest resources is dynamic and all the requested pertain reaches to the content producer depleting the network bandwidth and state of the Pending Interest Table (PIT).Since the requested content is dynamic, in build cache does not serve as coun termeasure for the attacks10. c) Non- existing This report focus on this attack type where attacker involves non-satisfiable interest for a non-existing content in the network. These kinds of interest are not taken care by the router and are routed to the content producer depleting network bandwidth and router PIT states 11.In all three types of attacks the malicious host uses a very large number of fake request, which are distributed in nature, An adversary host can use two features unique to NDN, namely CS and PIT, to perform DDoS attacks 12 in the router. We focus on attacks that overwhelm the PIT, which keeps record which are not fulfill by a router. The adversary host issues a large set of fake request, which are possibly distributed in nature, to generate a large number of Interest packets with spoofed name as shown in Figure 1.3.1 aiming to (1) overwhelm PIT table in routers, and (2) swamp the target content producers 1314.Figure 3.1 15 Example of Interest flooding attackOnce the PIT is exceed its threshold, all incoming interests are dropped as there will no memory space available to create entries for new resourced interests. Since the names are spoofed, no Interest packets will be satisfied by the content 16. These packets request will remain in the PIT for as much as possible, which will by all odds exhaust the router memory and router resources on routers. This is the goal of Interest flooding attack.4 Related WorksGasti et al. 17 analyzed the resilience of Named Data networking to the DDOS attacks. The paper discussed two different types of attacks with their effect and proposed two countermeasure mechanisms a) Router Statistics and b) Push-back approaches.Afanasyev et al. 18 addressed the flooding attack. Their works explain the feasibility of the interest flooding attacks and the requirement of the telling solution. In terms of evaluation of the attack the proposed moderateness plan is complementary to Poseidon mitigation .Afanasyev et al. pr oposed three different mitigation algorithms a) token bucket with per interface impartiality b) satisfaction-based pushback c) satisfaction-based interest acceptance. All the three algorithms exploit their own state information to stop Interest flooding attacks. Satisfaction based pushback mechanism among three algorithms effectively detect and mitigate the attack and ensure all the interest form a legitimate user.Campagno et at. 19 Addressed the flooding attacks and proposed a mitigation algorithm called Poseidon. This algorithm is strictly used for non-existing type of interest flooding attacks. This mitigation algorithm is used for local anesthetic and distributed interest flooding attacks.Dai et al. 20 addressed the flooding attacks and proposed a mitigation algorithm. The solution is based on the collaboration of the router and the content producer. Dai et al. proposed Interest traceback algorithm. The algorithm generates a spoof data packet to satisfy the interest in the PI T to trace the originators. According to the, the algorithm is not proactive, that overhead the network by sending out spoof data packet for the interest depleting the bandwidth of the network and creating traffic. The main shortcoming of this approach is that its take the long unsatisfied interest in the PIT as adversary interest and others as legit interest. So the router drops any long incoming interest packet which may be a legitimate interest.Choi et al. 21 addressed the overview of the Interest Flooding attacks for strictly non-existing content only on NDN. The paper tries to explain the effectiveness of the attack in the network and in quality of services.Karami et al. 22 addressed and provide a hybrid algorithm for the solution. The algorithm is proactive. There are two phase 1) spotting 2) reaction. In detection phase the attack is detect using combination of multi objective evolutionary optimization and Radial bag function (Neural Network).In the reaction phases an adapt ive mechanism for reaction is used to mitigate the attacks.5 Analysis of surveyThe following table show the analysis of the all the paper and comparison related only on the project. The table is a comparison of different paper which is written by well-known publishers. The Analysis try to provide a possible research gap that is present on the paper.Table 1.Comparison of different NDN related paperSLnoTitlePublication Details abridgmentResearch Gap1DoS DDoS in Named Data NetworkingP. Gasti, G. Tsudik, E. Uzun, and L. Zhang. DoS DDoS in named-data networking. Technical report, University of California.Discussed two types of attacks with their effects and potential countermeasures (Router Statistics and Push-back Mechanisms).1. The paper only put a light on the attack and its possible countermeasures.2Interest flooding attack and countermeasures in Named Data NetworkingA. Afanasyev, P. Mahadevan, I. Moiseenko, E. Uzun, and L. Zhang. Interest flooding attack and countermeasures in Nam ed Data Networking. In IFIP Networking.Proposed three mitigation algorithms. (token bucket with per-interface fairness, satisfaction-based Interest acceptance, and satisfaction-based pushback).1.Improvements in token bucket with per-interface fairness, satisfaction-based Interest acceptance was less effective than satisfaction based pushback.3Poseidon Mitigating interest flooding DDoS attacks in named data networking.A. Compagno, M. Conti, P. Gasti, and G. Tsudik, Poseidon Mitigating interest flooding DDoS attacks in named data networking,Conference on Local Computer Networks.Proposed a framework, named Poseidon, for mitigation of local and distributed Interest flooding attack for non-existing contents1.Fixed Threshold.4A hybrid multiobjective RBFPSO system for mitigating DoS attacks in named data networking.A. Karami and M. Guerrero-Zapata, A hybrid multiobjective RBFPSO method for mitigating DoS attacks in named data networking,Neurocomputing.Introduced an intelligent combination algorithm for the solution.1.Investigating inter-domain DoS attacks and applying Hybrid approach.5Threat of DoS by interest flooding attack in content-centric networkingS. Choi, K. Kim, S. Kim, and B.-H. Roh,Threat of DoS by interest flooding attack in content-centric networking, in International Conference on Information Networking.Explain the difficulty for acquiring a solution flooding attacks in the PIT.1.Analyzing DDoS attacks and their countermeasures.6Mitigate ddos attacks in ndn by interest tracebackH. Dai, Y. Wang, J. Fan, and B. Liu. Mitigate ddos attacks in ndn by interest traceback. In NOMEN.Introduced a traceback solution where a node sends a spoof data packet to trace the host.1. Only the request which is long is considered as malicious request.6 determinationThis report starts with a brief introduction of the CCN, NDN architecture and which is further followed by common and most critical attacks in todays internet. NDN mainly focuses on the data security, data priva cy for the users. This report clearly represents only the starting step for mitigating DDOS attacks on the Pending Interest Table in the context of NDN. In this paper, we have explained DDOS attack and its various types namely, interest flooding attack. We have discussed current research regarding the attack, their existing solution, and try to analyze the given solution for detection and mitigation. The adversary tries to exploit interest forwarding rule to make certain interest for the packet with the never existing content name. We analyzed that the victim of the attack is host and PIT of the router. so a huge amount of Interest packet will reside on the PIT of the router which use and exhaust the memory of the router and computing resources of the router which will definitely degrade the performance of the router. The NDN is the latest ongoing research topic and a new propose Internet architecture where limited research have been through for the mitigation and detection of the interest flooding attack thus there is a very much need for details analysis on the security before the architecture actually deployed.ReferencesV. Jacobson, M. Mosko, D. Smetters, and J. Garcia-Luna-Aceves. Content- centric networking, Whitepaper, Palo low-pitched Research Center, pp. 2-4 (2007)V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass, N. H. Briggs, and R. L. Braynard,.Networking named content,in Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, ACM(2009)L. Zhang, D. Estrin, J. Burke, V. Jacobson, J. D. Thornton, D. K. Smetters, B. Zhang, G. Tsudik, D. Massey, C. Papadopoulos et al. Named data networking (NDN) project, Relatorio Tecnico NDN-0001, Xerox Palo Alto Research Center-PARC( 2010)J. Pan, S. Paul, and R. Jain. A survey of the research on future internet architectures, communications Magazine, IEEE (2011)A. Hoque, S. O. Amin, A. Alyyan, B. Zhang, L. Zhang, and L. Wang. NLSR Named-data link state routing prot ocol,in Proceedings of the 3rd ACM SIGCOMM Workshop7Information-Centric Networking, ACM, pp. 15-20(2013)V. Jacobson, J. Burke, L. Zhang, B. Zhang, K. Claffy, D. Krioukov, C. Papadopoulos, L. Wang, E. Yeh, and P. Crowley.Named data networking (NDN) project 2013- 2014 report,http//named-data.net, annual Progress Report( 2014)C. Ghali, G. Tsudik, and E. Uzun. Elements of trust in named-data networking, ACM SIGCOMM Computer Communication Review, ACM, vol. 44, no. 5, pp. 1-9 (2014)M. Aamir and S. M. A. Zaidi,.Denial-of-service in content centric (named data) networking A tutorial and state-of-the-art survey, Security and Communication Networks, vol. 8, no. 11, pp. 2037-2059 (2015)M. Wahlisch, T. C. Schmidt, and M. Vahlenkamp. Backscatter from the data plane threats to stability and security in information-centric networking. CoRR, abs/1205.4778 (2012)Content centric networking (CCNx) project. http//www.ccnx.org.A. Afanasyev, I. Moiseenko, and L. Zhang. ndnSIM NDN simulator for NS-3. Tec hnical Report NDN-0005, 2012, University of California, Los Angeles(2012)Wang R, Jia Z, Ju L. An Entropy-Based Distributed DDoS Detection Mechanism in Software-Defined Networking. InTrustcom/BigDataSE/ISPA, Vol. 1, pp. 310-317(2013)Kumar, K., Joshi, R.C. and Singh, K.. A distributed approach using entropy to detect DDoS attacks in ISP domain. In Signal Processing, Communications and Networking, ICSCN07. International Conference on pp. 331-337(2007)Feinstein L, Schnackenberg D, Balupari R, Kindred D. Statistical approaches to DDoS attack detection and response. InDARPA Information Survivability Conference and Exposition, 2003. Proceedings Vol. 1, pp. 303-314(2003)Krishnan, R., Krishnaswamy, D. and Mcdysan, D. Behavioral security threat detection strategies for data center switches and routers. In Distributed Computing Systems Workshops (ICDCSW), 2014 IEEE 34th International Conference on pp. 82-87(2014)Zhang Y.An adaptive flow counting method for anomaly detection in SDN. InProceedin gs of the ninth ACM conference on Emerging networking experiments and technologies pp. 25-30(2013)P. Gasti, G. Tsudik, E. Uzun, and L. Zhang, DoS and DDoS in named data networking, in 22nd International Conference on Computer Communications and Networks (ICCCN), pp. 1-7(2013)A. Afanasyev, P. Mahadevan, I. Moiseenko, E. Uzun, and L. Zhang.Interest flooding attack and countermeasures in named data networking, in IFIP Networking Conference, pp. 1-9(2013)A. Compagno, M. Conti, P. Gasti, and G. Tsudik,Poseidon Mitigating interest flooding DDoS attacks in named data networking,in 38th Conference on Local Computer Networks (LCN), IEEE, pp. 630- 638(2013)H. Dai, Y. Wang, J. Fan, and B. Liu, Mitigate DDoS attacks in NDN by interest traceback, in Conference on Computer Communications Workshops.(INFOCOM WKSHPS), IEEE,pp. 381- 386(2013)S. Choi, K. Kim, S. Kim, and B.-H. Roh, Threat of DoS by interest flooding attack in content-centric networking, in International Conference on Information Netwo rking (ICOIN), pp. 315-319(2013)A. Karami and M. Guerrero-Zapata. A hybrid multiobjective RBFPSO method for mitigating DoS attacks in named data networking, Neurocomputing, vol. 151, pp. 1262-1282(2015)

No comments:

Post a Comment