Detection and Mitigation of DDOS Attack Essay Example
Detection and Mitigation of DDOS Attack Essay Example

Detection and Mitigation of DDOS Attack Essay Example

Available Only on StudyHippo
  • Pages: 7 (1845 words)
  • Published: August 11, 2018
  • Type: Essay
View Entire Sample
Text preview

Introduction

Clearly internet has become a part of the day todays life of the people. Millions of people around the world use it to do various type of day todays task. It connect millions of people around the world via wired ,wireless, mobile or fixed computing devices and host huge amount of information(which is in the digital form) to be used by people. Internet provides information to be exchanged and has exponentially grown over time. The main ideas of the Todays internet architecture were developed in 70’s.The telephone where conversation was point to point. The utilization of the Internet has dramatically changed since 70’s and current internet has to adapt well with new usage model, new application and new services. To cope up with these changes, a variety number of research is taking place to design a new Internet architecture.

Named Data

...

Networking (NDN) [1] is one of the ongoing research .Its main objective is to developed a next best Internet architecture for upcoming generation. It’s an instantiation of the of the Information Centric approach (ICN) or Content Centric approach (CCN) [1][2][3]. The main objective of the CCN is to provide more flexibility, security and scalability.A CCN provide more security by securing the individual pieces of content rather than securing the connection.

It provides more flexibility by using content name instead of using IP addresses.A NDN is one of the instances of Information Centric Networking (ICN).NDN is based on the working principle of Content-Centric Networking (CCN), where content instead of hosts are the main focus in the communications architecture. NDN is one of the research projects funded by the United State of National Science Foundation (NSF) which i

View entire sample
Join StudyHippo to see entire essay

under Future Internet Architecture (FIA) Program.NDN focus on the name rather than the location of the host. In NDN every pieces of the data is digitally signed by its source producer. The signing in data allows the producer to be trusted and authenticated. Caching of the data is one of the core features of the NDN which helps to optimum use of network bandwidth use in the network . NDN provide an attractive architecture for the data distribution, anonymous communication.

Distributed Denial of service attack:

As the years goes by, Distributed denial of service (DDOS) attack have become common and dangerous and it remains among the most critical threats on the current Internet. They are very difficult to detect and mitigate. Any new architecture should detect and mitigate DoS attack or at least minimum their effeteness. NDN appear to be efficient for the distribution of the content for the legitimate parties but unknown to malicious parties. Instead of using single host computer and single connection for the internet, the DDOS attack utilizes various number of host computers and various number of internet connections. The host computers for an attack are distributed across the whole wide world.

The difference between a DOS attack VS a DDOS attack is that the victim host will be overloaded by thousands number of resources requests. In the attacks process, the adversary host node in the network sends request a huge number of zombie for the attack to take place. A malicious user attacks the network host by requesting resources in a huge number in the form of Interest packets with spoofed names or without spoofed name. These huge numbers of Interest consumes the

bandwidth of the network and exhaust a router’s memory. This type of attack is known as Interest Flooding Attack (IFA) and this paper exclusively focus on this problem and their proposed countermeasures.

Overview of NDN Architecture

Named data networking is an new and ongoing research architecture whose motivation is the architectural mixed of current internet architecture and its various usage. However the architecture design and principles are motivational derivation from the successes of today’s Internet architecture [4]. The thin waist as can be seen in Figure 1 of hour glass architecture was the key service of the enormous growth of the internet by allowing both upside layer and bottom layer technologies to innovate independently. The NDN architecture contains the same hourglass shape as shown in Figure 1.2.1, but changes the thin waist by using data directly rather than its location.

For communication, NDN provide two different packets i.e. Interest and Data packets. A user asks for resources by issuing Interest packet to the router in the network, which contains a name for those particular resources that identifies and verifies the desired data for the host. Different fields of a data packet: Any node having data that satisfies it, a Data packet is issued by the satisfied router [7], each router of NDN contains following different three data structures for Interest packet and Data packet forwarding.

  • Content Store (CS): Recently used data are store.
  • Forward Information Base (FIB): Routing table of name of the data and it guides Interests toward data producers.
  • Pending Interest Table (PIT): Store unsatisfied data request. It record the requested data name.

Interest Flooding attacks

By using the information and state of the Pending Interest Table (PIT),

a routing of content by router is performed. In the PIT the name of requesting content is looked up for identifying its entry. The malicious node uses the state of the PIT to perform DDOS attacks. Basically there are three types of Interest Flooding attack:

Static: This type of attack attacks the infrastructure of the network and is limited and caching provides a build in solution. The interest is satisfied by the content of the cache .

Dynamically generated: Here the requested resources is dynamic and all the requested interest reaches to the content producer depleting the network bandwidth and state of the Pending Interest Table (PIT).Since the requested content is dynamic, in build cache does not serve as countermeasure for the attacks.

Non- existing: This report focus on this attack type where attacker involves non-satisfiable interest for a non-existing content in the network. These kinds of interest are not taken care by the router and are routed to the content producer depleting network bandwidth and router PIT states .

In all three types of attacks the malicious host uses a very large number of fake request, which are distributed in nature, An adversary host can useA two features unique to NDN, namely CS and PIT, to perform DDoS attacks  in the router. We focus on attacks that overwhelm the PIT, which keeps record which are not fulfill by a router. The adversary host issues a large set of fake request, which are possibly distributed in nature, to generate a large number of Interest packets with spoofed name as shown in Figure 1.3.1 aiming to (1) overwhelm PIT table in routers, and (2) swamp the target content producers.

Once the

PIT is exceed its threshold, all incoming interests are dropped as there will no memory space available to create entries for new resourced interests. Since the names are spoofed, no Interest packets will be satisfied by the content. These packets request will remain in the PIT for as much as possible, which will definitely exhaust the router memory and router resources on routers. This is the goal of Interest flooding attack.

Related Works

Gasti et al.  analyzed the resilience of Named Data networking to the DDOS attacks. The paper discussed two different types of attacks with their effect and proposed two countermeasure mechanisms: a) Router Statistics and b) Push-back approaches.

Afanasyev et al.  addressed the flooding attack. Their works explain the feasibility of the interest flooding attacks and the requirement of the effective solution. In terms of evaluation of the attack the proposed mitigation plan is complementary to Poseidon mitigation .Afanasyev et al. proposed three different mitigation algorithms:

  1.  token bucket with per interface fairness
  2. satisfaction-based pushback
  3.  satisfaction-based interest acceptance.

All the three algorithms exploit their own state information to stop Interest flooding attacks. Satisfaction based pushback mechanism among three algorithms effectively detect and mitigate the attack and ensure all the interest form a legitimate user.

Campagno et at. Addressed the flooding attacks and proposed a mitigation algorithm called Poseidon. This algorithm is strictly used for non-existing type of interest flooding attacks. This mitigation algorithm is used for local and distributed interest flooding attacks.

Dai et al. addressed the flooding attacks and proposed a mitigation algorithm. The solution is based on the collaboration of the router and the content producer. Dai et al. proposed Interest traceback algorithm. The algorithm generates a spoof

data packet to satisfy the interest in the PIT to trace the originators. According to the, the algorithm is not proactive, that overhead the network by sending out spoof data packet for the interest depleting the bandwidth of the network and creating traffic. The main shortcoming of this approach is that its take the long unsatisfied interest in the PIT as adversary interest and others as legit interest. So the router drops any long incoming interest packet which may be a legitimate interest.

Choi et al. addressed the overview of the Interest Flooding attacks for strictly non-existing content only on NDN. The paper tries to explain the effectiveness of the attack in the network and in quality of services.

Karami et al. addressed and provide a hybrid algorithm for the solution. The algorithm is proactive. There are two phase 1) detection 2) reaction. In detection phase the attack is detect using combination of multi objective evolutionary optimization and Radial basis function (Neural Network).In the reaction phases an adaptive mechanism for reaction is used to mitigate the attacks.

Analysis of survey

The following table show the analysis of the all the paper and comparison related only on the project. The table is a comparison of different paper which is written by well-known publishers. The Analysis try to provide a possible research gap that is present on the paper.

Conclusion

This report starts with a brief introduction of the CCN, NDN architecture and which is further followed by common and most critical attacks in today’s internet. NDN mainly focuses on the data security, data privacy for the users. This report clearly represents only the starting step for mitigating DDOS attacks on the Pending

Interest Table in the context of NDN. In this paper, we have explained DDOS attack and its various types namely, interest flooding attack. We have discussed current research regarding the attack, their existing solution, and try to analyze the given solution for detection and mitigation.

The adversary tries to exploit interest forwarding rule to make certain interest for the packet with the never existing content name. We analyzed that the victim of the attack is host and PIT of the router. Thus a huge amount of Interest packet will reside on the PIT of the router which use and exhaust the memory of the router and computing resources of the router which will definitely degrade the performance of the router. The NDN is the latest ongoing research topic and a new propose Internet architecture where limited research have been done for the mitigationA and detection of theA interest flooding attack thus there is a very much need for details analysis on the security before the architecture actually deployed.

Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New