NETWORK BEHAVIOR MONITORING AND ANALYSIS FOR DETECTION AND RESISTANCE OF DENIAL OF SERVICE ATTACKS

Authors

  • Omran Ali Bentaher Faculty of Information Technology, Alasmarya University, Zliten, Libya
  • Atia M. Albahbah Faculty of Information Technology, Alasmarya University, Zliten, Libya

Keywords:

Denial-of-Service attacks, Ingress filtering, Egress filtering , Intrusion detection system

Abstract

Denial of Service (DoS) attacks is one category of internet threats
that can cause significant loss of time and revenue[1]. With many ready to
use tools available for creating Trojans, Viruses and Worms, it even
doesn’t require any programming expertise to launch a DoS kind of
attack. Accounting on certain vulnerabilities that exist in TCP/IP protocol,
a DoS attack can be launched in a variety of ways. This includes largely
flooding and Logical attacks. While flooding is about sending large
quantities of legitimate commands to overwhelm the receiver, Logic
attacks take advantage of and manipulate particular values of Header
fields. This paper studies DoS attacks, by launching them first in a
networked scenario and then demonstrating their effect. Then it develops a
Host Based Intrusion Detection System (HIDS) to handle this kind of
attacks on a single host. The HIDS works by taking following steps. It
first tries to prevent the attack by Ingress filtering that is done on the basis
of rules already defined. If in some cases some false positives let the
illegitimate traffic pass through the filter, a detection scheme is there in
place. Once an attack is detected, measures are taken to mitigate the effect
of the current attack, and necessary updating is done to prevent such kind
of attack in future. The results obtained clearly demonstrate the effects of
attack and also demonstrate the way it is mitigated.

References

- AhsanHabib, Mohamed M. Hefeeda, and Bharat K.

Bhargava“DetectingService Violations and DoS Attacks” NDSS 2003,

San Diego, California

- ISS X-Force, “Internet Risk Impact Summary” Sep27,2002.URL:

https://gtoc.iss.net/documents/summaryrep.

- “RFC 791 – Internet Protocol: Protocol Specification”, Defense

Advanced Research Projects Agency, September 1981.

- “RFC 793 – Transmission Control Protocol: Protocol Specification”,

Defense Advanced Research Projects Agency, September 1981.

- “RFC 768 – User Datagram Protocol”, J. Postel, ISI, August 1980.

- “RFC 792 – Internet Control Message Protocol”, J. Postel, ISI,

September 1981.

http:/www.iss.net/security_center/advice/Underground/Hacking/Metho

ds/Technical/Spoofing/default.htm.

- Wei Chen , Dit-Yan Yeung , “Defending Against TCP SYN Flooding

Attacks”, International Conference on Systems and on Mobile

Communications , Osaka, Japan, Nov. 2006.

- P. Ferguson and D. Senie. Network ingress filtering : Defeating denial

of service attacks which employ IP source address spoofing. International

Journal of Network Management Volume 15 , Issue 1 (January 2005.

-S. Axelsson, "Intrusion detection systems: A survey and taxonomy,"

Technical Report 99-15, Department .

- Cheng Jin, Haining Wang Kang G. Shin, “Hop-Count Filtering:

An Effective

Defense Against Spoofed Traffic” Conference on

Computer and Communications Security, 2008

Downloads

Published

2016-06-30

How to Cite

Bentaher , O. A., & Albahbah, A. M. (2016). NETWORK BEHAVIOR MONITORING AND ANALYSIS FOR DETECTION AND RESISTANCE OF DENIAL OF SERVICE ATTACKS. Journal of Academic Research, 6, 588–600. Retrieved from https://lam-journal.ly/index.php/jar/article/view/1203

Issue

Vol. 6 (2016)

Section

Article

License

Copyright (c) 2016 Omran Ali Bentaher ، Atia M. Albahbah

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.