Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack

Izaddoost, Alireza (2008) Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack. Masters thesis, Universiti Putra Malaysia.

[img] PDF
540Kb

Abstract

In past two decades, Internet has developed rapidly and has integrated in many aspects of human life. Any disruption of connectivity and the overuse of services cause for service unavailability to its intended users. The Denial of Service (DoS) attacks are becoming more serious in security of Internet. DoS is a harmful attempt in targeting to limit or deny availability of service to legitimate users. This kind of attack can be done by consuming important resources. The best action is to block the attack traffic at its source. There is no easy way to this approach because attacker can spoof the source IP address easily. Traceback models try to locate source of attack regardless of whether the source address field in each packet contains false information or not. Intention-driven model, a sampling traceback technique, provides information about the attack flow and able to reconstruct the attack path to the source of attack by the aid of Intrusion Detection system (IDS). This technique does not have any flow differentiate mechanism. In other words, it is unable to differentiate legitimate user and attacker, when both of them sending packet via same route to the victim. As a result, providing incorrect information and locate false point about the source of attack. To overcome this weakness, this research aims to increase the generation of more useful ICMP traceback packets, which includes attack path information. More useful information about the attack flow provided by the routers along the attack path to the IDS, can provide higher accuracy to locate the attacker. To achieve such a goal, this research improves the Intention-driven ICMP traceback model by filtering normal flow in the specific short time and two new algorithms in UDP-based and TCP-based attack are applied. As a consequence of filtering of normal flow, the percentage of packets belonging to the attack flow will be expanded and the chance of generating ICMP traceback messages which contain attack flow information will be increased. The results show the proposed model used in this research increases the percentage of useful ICMP traceback messages in UDP-based attack about 10% and 14% in the TCP-based attack when compared to the previous work. The proposed model also decreases percentage of ineffective generated iTrace packets in both UDP-based and TCP-based attack about 10%.

Item Type:Thesis (Masters)
Subject:DOS ES (Electronic computer system) - Programming
Chairman Supervisor:Associate Professor Mohamed Othman, PhD
Call Number:FSKTM 2008 14
Faculty or Institute:Faculty of Computer Science and Information Technology
ID Code:5246
Deposited By: Rosmieza Mat Jusoh
Deposited On:07 Apr 2010 10:11
Last Modified:27 May 2013 07:21

Repository Staff Only: Edit item detail

Document Download Statistics

This item has been downloaded for since 07 Apr 2010 10:11.

View statistics for "Precise ICMP Traceback Based On Normal Flow Filtration in Denial of Services Attack "


Universiti Putra Malaysia Institutional Repository

Universiti Putra Malaysia Institutional Repository is an on-line digital archive that serves as a central collection and storage of scientific information and research at the Universiti Putra Malaysia.

Currently, the collections deposited in the IR consists of Master and PhD theses, Master and PhD Project Report, Journal Articles, Journal Bulletins, Conference Papers, UPM News, Newspaper Cuttings, Patents and Inaugural Lectures.

As the policy of the university does not permit users to view thesis in full text, access is only given to the first 24 pages only.