Development of an Internet Protocol Traceback Scheme for Denial of Service Attack Source Detection
Development of an Internet Protocol Traceback Scheme for Denial of Service Attack Source Detection.
ABSTRACT
This dissertation presents the development of an Internet Protocol (IP) traceback scheme for the detection of a denial of service (DoS) attack source base on a shark smell optimization algorithm (SSOA).
Detection of the source of the DoS attack is very important due to the serious damages the attack does cause and the need to bring the perpetrators to justice to stop the menace.
DoS attack is a major threat to the security of network systems and consists of attacks that exploit the vulnerability in a network to overload it with tasks and prevent it from attending to other legitimate users. Flash event (FE) can cause a traffic surge in a part of the network crossed by the attack path that is being traced.
Flash event traffic surge can be very similar to a DoS attack and may mislead the present IP tracebacks schemes that are based on swarm optimization algorithms when tracing the source of an attack using a flow-based search method.
The challenge is more pronounced with the flow-based search for detecting attack sources because the flash event flow surge share very similar characteristics with the DoS flooding attack.
In order to mitigate the challenge of flash event traffic surge causing error in IP traceback schemes, the DoS attack source traceback scheme based on a shark smell optimization algorithm called the SSOA-DoSTBK was developed.
It is incorporated with a discernment policy for implementing hop-by-hop search to avoid flash event traffic surge and ascertain the nodes that are actually involved in routing the attack packets. This scheme was simulated in Network Simulator version 2 (NS2).
The performance of SSOA-DoSTBK was evaluated using False Error Rate (FER), convergence time, and ability to detect spoofed IP attack sources based on the correctness of the returned path as performance metrics.
It was compared with results obtained from a scheme reported in literature called the modified ant colony system algorithm for IP traceback (ACS-IPTBK). The SSOA-DoSTBK performed better in FER and spoofed IP attack tests by as much as 32.06%. However, ACS-IPTBK converged faster than the SSOA-DoSTBK in the tests by as much as 1.2%.
TABLE OF CONTENT
DECLARATION …………………………………….. II
CERTIFICATION ……………………………… III
DEDICATION ……………………………………. IV
ACKNOWLEDGEMENT …………………… V
ABSTRACT ……………………………….. VII
List of Figures ………………………….. XI
List of Tables ……………………………. XII
List of Appendices ………………… XIII
ABBREVIATIONS ………………………… XIV
CHAPTER ONE
INTRODUCTION
1.1 Background on Network Attacks ……………………. 1
1.1.1 Background on Internet Protocol Packets Source Detection ……….. 3
1.2 Significance of Research ……………….. 4
1.3 Statement of Problem ………………… 4
1.4 Aim and Objectives ………………. 5
CHAPTER TWO
LITERATURE REVIEW
2.1 Introduction ………………………………… 7
2.2 Review of Fundamental Concepts on DoS attack IP traceback … 7
2.2.1 The DoS Attack and its Variants ………………. 7
2.2.2 Flash Event ………………….. 11
2.2.3 DoS Attack IP Traceback Methodologies ………….. 14
2.2.4 DoS Attack Source Detection Process …………….. 17
2.3 Shark Smell Optimization Algorithm ………… 18
2.3.1 Initialization …………… 20
2.3.2 Scouring……….. 20
2.3.3 Advancing …………… 21
2.3.4 SSOA Exploitation ……………. 22
2.3.5 SSOA Exploration …………………. 23
2.3.6 Flowchart of SSOA Algorithm Search Process …….. 23
2.4 Reconstructing the Network Topology ….. 25
2.4.1 Implementation of Waxman Topology ……… 27
2.4.2 Determining edges on attack path …………….. 28
2.5 Network Simulator Version 2 (NS2) …………… 32
2.6 Review of Similar Works ………………….. 33
CHAPTER THREE
MATERIALS AND METHODS
3.1 Introduction …………… 38
3.2 Materials ………………. 38
3.3 Methodology …………………. 38
3.3.1 Development of the SSOA-DoSTBK …………. 38
3.3.2 Discrimination Policy ……………………… 39
3.3.3 Solving DoS IP Traceback Problem Using SSOA-DoSTBK ……. 44
3.3.4 Comparison of SSOA-DoSTBK with ACS-IPTBK …………. 47
3.3.5 Performance Evaluation …………….. 48
CHAPTER FOUR
RESULTS AND DISCUSSIONS
4.1 Introduction ………………. 49
4.2 Simulation Results ………………… 49
4.2.1 Evaluation of False Error Rate ………………. 49
4.2.1.1 FER of the Schemes under DoS attack ……………… 49
4.2.1.2 FER of the Schemes under Combined FE and DoS attack ……… 50
4.2.1.3 FER of the Schemes under Combined FE and Spoofed DoS attack …. 51
4.2.2 Performance Evaluation ………….. 52
4.2.2.1 Performance under DoS attack …………….. 53
4.2.2.2 Performance under concurrent FE traffic and DoS attack ……… 53
4.2.2.3 Performance under concurrent FE traffic and Spoofed DoS attack … 54
4.2.3 Evaluation of Convergence time ….. 56
4.2.3.1 Convergence under DoS attack ………………. 56
4.2.3.2 Convergence under Concurrent FE and DoS attack …………. 57
4.2.3.3 Convergence under Concurrent FE and spoofed DoS attack ….. 57
4.3 Attack path detection results ….. 59
4.3.1 FER Tests Results …………….. 59
4.3.2 Returned Attack Path Correctness Tests Results ……… 60
4.3.3 Convergence Time Tests Results ……………. 61
4.4 Quantified Comparison of Results ……… 62 X
4.5 Discussions …………………………….. 62
4.6 Packets Required for Attack Path Reconstruction ………….. 63
CHAPTER FIVE
CONCLUSION AND RECOMMENDATIONS
5.1 Summary ………… 64
5.2 Conclusion ……………………….. 64
5.3 Significant Contributions ……………………. 65
5.4 Recommendations for Further Work ………….. 66
References ………………. 68
INTRODUCTION
1.1 Background on Network Attacks
Network attacks are cybercrimes. It includes unauthorized practices such as the use of restricted online assets without permission, stealing or gaining unauthorized access into a system, exposing private resources, or malicious disabling or altering, or destroying services of a system on the network (ISO/IEC, 2009).
A computer network is now involved in most of the human day-to-day activities because it makes the way things are done easier. The need for adequate security in computer networks is a rapidly growing area of interest because of the increasing reliance on the networks and the new networks attacks that are springing up at an alarming rate.
Attacks on computer networks have serious effects on business and the economy because the networks carry large volumes of data that is the main focus of business executives for making business decisions.
Also, government and security establishments, including the military, rely on the data on the networks for making vital decisions and strategical planning.
Because of the relative importance of computer networks in vital areas of human endeavors attack on them have direct or indirect impacts on many people.
A denial of Service (DoS) attack is a prominent network attack. DoS is not used to steal, eavesdrop, bridge privacy, or compromise data integrity on a system rather it is used to deny victims access to their own network and clients lose transactions.
REFERENCES
Abedinia, O., & Amjady, N. (2015). Short-term wind power prediction based on Hybrid Neural Network and chaotic shark smell optimization. International Journal of Precision Engineering and Manufacturing-Green Technology, 2(3), 245-254. DOI: 10.1007/s40684-015-0029-4
Abedinia, O., & Amjady, N. (2016). Net demand prediction for power systems by a new neural network-based forecasting engine, Complexity, DOI: 1099-0526 10.1002/cplx.21807 Retrieved from http://dx.doi.org/10.1002/cplx.21807
Abedinia, O., Amjady, N., & Ghasemi, A. (2014). A new metaheuristic algorithm based on shark smell optimization. Complexity, 00(00), 1-20. DOI: 10.1002/cplx.21634, Retrieved from http://dx.doi.org/10.1002/cplx.21634
Abedinia, O., Amjady, N., Yousefi, N., & Aramli, M. S. (2016). A Descriptive Study on Mathematical Model of Shark’s Capabilities as a Successful Hunter. Recent Advances in Biology and Medicine, 2(-), 48-56. DOI:10.18639/RABM.2016.02.292390, Retrieved from http://dx.doi.org/10.18639/RABM.2016.02.292390
Ahmadigorji, M., & Amjady, N. (2016). A multiyear DG-incorporated framework for expansion planning of distribution networks using binary chaotic shark smell optimization algorithm. Energy, 102, 199-215.
Ahmed, I. K., & Fapojuwo, A. O. (2016). Security threat assessment of simultaneous multiple Denial-of-Service attacks in IEEE 802.22 Cognitive Radio networks. Paper presented at the IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks
