Please use this identifier to cite or link to this item:
Title: Defending Against Network and Application Level Denial of Service Attacks
Authors: Roy, S.
Keywords: Computer Science & Engineering
Issue Date: 2016
Publisher: IIT Patna
Series/Report no.: TH-52;
Abstract: Network-based attacks such as denial-of-service (DoS) attacks are usually per-formed by spooffing the source IP address. Packet marking techniques is used to trace such attackers as close as possible to their source. A packet mark consists of some traceback information pertaining to a router being embedded in the IPpacket header. The problem of packet marking is generally reduced to encoding the IP address of the edge router by overloading the 16-bit ID field of the IP packet header. Currently known packet marking techniques either introduces false posi-tives (that is incorrectly identifying a legitimate user as attacker) or have a high computational overhead. In this work, the concept of star coloring technique is used to assign reusable colors (marks) to routers, but at the same time limits false positives. A network is considered as a graph and routers as nodes. The star coloring technique is used to assign color (mark) to the nodes. A new star coloring technique, color balanced star coloring is proposed where the count of each color used is balanced. Further, it is shown that the probability of coloring a graph with its star chromatic number is increased if color balanced star coloring is balanced. The proposed scheme thus reduces the bit space required for marking in the IP header. Next, the work has been extended to handle the Internet graph where the graph structure is unknown. A distributed approach is proposed of assigning colors to routers such that the star color template is followed. Novel techniques and data structures are introduced which allow nodes to exchange and keep track of the color assigned by their two-hop neighbors. It is shown that this distributed approach of selecting color converges provided that the available color is equal to or greater than the star chromatic number of the graph. Although star coloring reduces the number of colors used, it results in color collision and false positive during traceback. Color collision is the phenomena where a color appears more than once, but at the same distance from the victim, thereby creating confusion in attributing a packet to a specific path. Further a new concept of path identifier is introduced to uniquely identify an attack path. The path identifiers are used to provide an elegant solution to collect attack packets in the midst of a distributed DoS attack and then traceback. Although identifying the attacker is crucial to institute protection measures against future attacks, it cannot mitigate the effects of an ongoing attack. The use of path identifiers has been established to filter packets during an ongoing attack. The last contribution focuses on DDoS attack mitigation on the application layer. A framework is presented to exploit the synchronized behavior of bots used to exhaust web server resources. Clustering technique is used to form a separate group of attackers and legitimate users. The clusters of attackers are identified by the high workload they generate on the server. They are challenged with CAPTCHAs to mitigate the attack, while, the legitimate users browse the website without any restriction.
Appears in Collections:01. CSE

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.