Сообщение

Dhruba Kumar Bhattacharyya, Jugal Kumar Kalita - DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance [2016, PDF, ENG]

Сообщение Солнышко » 28 янв 2018, 17:15

DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance
Год издания: 2016
Автор: Dhruba Kumar Bhattacharyya, Jugal Kumar Kalita
Жанр или тематика: Хакинг и безопасность
Издательство: CRC Press
ISBN: ISBN-10: 1498729649, ISBN-13: 978-1498729642
Язык: Английский
Формат: PDF
Качество: Издательский макет или текст (eBook)
Интерактивное оглавление: Нет
Количество страниц: 312
Описание: DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance discusses the evolution of distributed denial-of-service (DDoS) attacks, how to detect a DDoS attack when one is mounted, how to prevent such attacks from taking place, and how to react when a DDoS attack is in progress, with the goal of tolerating the attack. It introduces types and characteristics of DDoS attacks, reasons why such attacks are often successful, what aspects of the network infrastructure are usual targets, and methods used to launch attacks.
The book elaborates upon the emerging botnet technology, current trends in the evolution and use of botnet technology, its role in facilitating the launching of DDoS attacks, and challenges in countering the role of botnets in the proliferation of DDoS attacks. It introduces statistical and machine learning methods applied in the detection and prevention of DDoS attacks in order to provide a clear understanding of the state of the art. It presents DDoS reaction and tolerance mechanisms with a view to studying their effectiveness in protecting network resources without compromising the quality of services.
To practically understand how attackers plan and mount DDoS attacks, the authors discuss the development of a testbed that can be used to perform experiments such as attack launching, monitoring of network traffic, and detection of attacks, as well as for testing strategies for prevention, reaction, and mitigation. Finally, the authors address current issues and challenges that need to be overcome to provide even better defense against DDoS attacks.
List of Figures xiii
List of Tables xvii
Preface xix
Acknowledgments xxi
Authors xxiii
1 Introduction 1
1.1 Anomalies in Networks . . . . . . . . . . . . . . . . . . 2
1.2 Distributed Denial-of-Service (DDoS) Attacks . . . . . . 3
1.3 Causes of DDoS Attacks . . . . . . . . . . . . . . . . . . 4
1.4 Targets of DDoS Attacks . . . . . . . . . . . . . . . . . 5
1.5 Launching of DDoS Attacks . . . . . . . . . . . . . . . . 5
1.6 Current Trends in Botnet Technology . . . . . . . . . . 6
1.7 Machine Learning in DDoS Attack Handling . . . . . . . 6
1.7.1 Traffic Attributes and User-Parameter Selection 7
1.7.2 Selection of Metrics or Measures . . . . . . . . . 7
1.7.3 Analysis of Data . . . . . . . . . . . . . . . . . . 8
1.7.4 Mode of Detection . . . . . . . . . . . . . . . . . 8
1.7.5 Generation of Alarm Information and Reaction . 9
1.8 DDoS Defense . . . . . . . . . . . . . . . . . . . . . . . . 9
1.9 Modules of a DDoS Defense System . . . . . . . . . . . 10
1.10 Types of DDoS Defense Systems . . . . . . . . . . . . . 11
1.10.1 Based on Approach . . . . . . . . . . . . . . . . . 11
1.10.1.1 DDoS Detection . . . . . . . . . . . . . 11
1.10.1.2 DDoS Prevention . . . . . . . . . . . . 11
1.10.1.3 DDoS Response . . . . . . . . . . . . . 11
1.10.1.4 DDoS Tolerance . . . . . . . . . . . . . 12
1.10.2 Based on Nature of Control . . . . . . . . . . . . 12
1.10.2.1 Centralized DDoS Defense . . . . . . . 12
1.10.2.2 Hierarchical DDoS Defense . . . . . . . 12
1.10.2.3 Distributed DDoS Defense . . . . . . . 13
1.10.3 Based on Defense Infrastructure . . . . . . . . . 13
1.10.3.1 Host-Based DDoS Defense . . . . . . . 13
1.10.3.2 Network-Based DDoS Defense . . . . . 14
1.10.4 Based on Defense Location . . . . . . . . . . . . 14
1.10.4.1 Victim-End DDoS Defense . . . . . . . 14
1.10.4.2 Source-End DDoS Defense . . . . . . . 15
1.10.4.3 Intermediate Network DDoS Defense . 15
1.10.5 Based on Technique Used . . . . . . . . . . . . . 15
1.10.5.1 Misuse Detection . . . . . . . . . . . . . 15
1.10.5.2 Anomaly Detection . . . . . . . . . . . 16
1.11 DDoS Tools and Systems . . . . . . . . . . . . . . . . . 16
1.12 DDoS Defense Evaluation . . . . . . . . . . . . . . . . . 17
1.13 Prior Work . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.14 Contribution of This Book . . . . . . . . . . . . . . . . . 20
1.15 Organization of This Book . . . . . . . . . . . . . . . . . 20
2 DDoS, Machine Learning, Measures 23
2.1 Issues in Internet Design . . . . . . . . . . . . . . . . . . 25
2.1.1 Complex Edge but Simple Core . . . . . . . . . . 25
2.1.2 Link Bandwidth Mismatch between Core and Edge 25
2.1.3 Routing Principles . . . . . . . . . . . . . . . . . 26
2.1.4 Lack of Centralized Network Management . . . . 26
2.1.5 Sharing of Reserved Resources across Data Centers 26
2.2 DDoS Attacks and Their Types . . . . . . . . . . . . . . 27
2.2.1 Agent-Handler and IRC-Based DDoS Attack Gen-
eration . . . . . . . . . . . . . . . . . . . . . . . . 28
2.2.2 Types of DDoS Attacks . . . . . . . . . . . . . . 28
2.2.2.1 Layer-Speciffc DDoS Attacks . . . . . . 28
2.2.2.2 Direct and Re
ector-Based DDoS Attacks 30
2.2.2.3 Direct and Indirect DDoS Attacks . . . 31
2.2.2.4 High-Rate and Low-Rate DDoS Attacks 31
2.2.2.5 Attack Types Based on Rate Dynamics 32
2.3 DDoS Attack Targets . . . . . . . . . . . . . . . . . . . 33
2.3.1 On Infrastructure . . . . . . . . . . . . . . . . . . 33
2.3.2 On Link . . . . . . . . . . . . . . . . . . . . . . . 33
2.3.3 On Router . . . . . . . . . . . . . . . . . . . . . 34
2.3.4 On OS . . . . . . . . . . . . . . . . . . . . . . . . 34
2.3.5 On Defense Mechanism . . . . . . . . . . . . . . 34
2.4 Current Trends in DDoS Attacks . . . . . . . . . . . . . 34
2.5 Strength of DDoS Attackers . . . . . . . . . . . . . . . . 36
2.6 Desired Characteristics of DDoS Defense System . . . . 37
2.7 Recent DDoS Attacks . . . . . . . . . . . . . . . . . . . 38
2.8 Machine Learning Background . . . . . . . . . . . . . . 39
2.8.1 Supervised and Unsupervised Machine Learning 40
2.8.2 Measures: Similarity and Dissimilarity . . . . . . 41
2.8.2.1 Dissimilarity Measures . . . . . . . . . 42
2.8.2.2 Correlation Measures . . . . . . . . . . 43
2.8.2.3 f-Divergence Measures . . . . . . . . . 46
2.8.2.4 Information Metrics . . . . . . . . . . . 48
2.8.3 Discussion . . . . . . . . . . . . . . . . . . . . . . 49
2.9 Some Empirical Studies . . . . . . . . . . . . . . . . . . 50
2.9.1 Using Information Metrics . . . . . . . . . . . . . 50
2.9.1.1 Testbed Used . . . . . . . . . . . . . . . 52
2.9.1.2 Datasets Used . . . . . . . . . . . . . . 53
2.9.1.3 Results of Empirical Study . . . . . . . 53
2.9.1.4 Discussion . . . . . . . . . . . . . . . . 59
2.9.2 Using Correlation Measures . . . . . . . . . . . . 59
2.9.2.1 An Example . . . . . . . . . . . . . . . 60
2.9.3 Using f-Divergence Measures . . . . . . . . . . . 62
2.9.3.1 Results . . . . . . . . . . . . . . . . . . 65
2.9.4 Discussion . . . . . . . . . . . . . . . . . . . . . . 69
2.10 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 70
3 Botnets: Trends and Challenges 73
3.1 DDoS Attacks Using Stationary Botnets . . . . . . . . . 74
3.1.1 Botnet Characteristics . . . . . . . . . . . . . . . 74
3.1.2 Botnet Models . . . . . . . . . . . . . . . . . . . 75
3.1.2.1 Agent Handler Model . . . . . . . . . . 76
3.1.2.2 IRC-Based Model . . . . . . . . . . . . 76
3.1.2.3 Web-Based Model . . . . . . . . . . . . 77
3.1.3 Botnet Formation Life Cycle . . . . . . . . . . . 78
3.1.4 Stationary Botnet Architecture . . . . . . . . . . 78
3.1.4.1 Botnet Topology . . . . . . . . . . . . . 78
3.1.4.2 Protocols Used . . . . . . . . . . . . . . 79
3.1.4.3 Botnet C&C Systems . . . . . . . . . . 80
3.1.5 Some Stationary Botnets . . . . . . . . . . . . . 83
3.1.6 DDoS Attacks Using Mobile Botnets . . . . . . 89
3.1.6.1 Mobile Botnet Characteristics . . . . . 89
3.1.6.2 C&C Mechanisms in Mobile Botnet . . 90
3.1.7 Some Mobile Botnets . . . . . . . . . . . . . . . 93
3.2 Chapter Summary and Recommendations . . . . . . . . 94
4 DDoS Detection 97
4.1 Modules of a DDoS Defense Solution . . . . . . . . . . . 98
4.1.1 Monitoring . . . . . . . . . . . . . . . . . . . . . 98
4.1.2 Detection . . . . . . . . . . . . . . . . . . . . . . 98
4.1.3 Reaction . . . . . . . . . . . . . . . . . . . . . . . 99
4.2 Types of DDoS Defense Solutions . . . . . . . . . . . . . 99
4.2.1 Based on Approach Used . . . . . . . . . . . . . 99
4.2.2 Based on Nature of Control . . . . . . . . . . . . 100
4.2.2.1 Centralized DDoS Defense . . . . . . . 100
4.2.2.2 Hierarchical DDoS Defense . . . . . . . 102
4.2.2.3 Distributed DDoS Defense . . . . . . . 102
4.2.3 Based on Defense Infrastructure . . . . . . . . . 103
4.2.3.1 Host-Based DDoS Defense . . . . . . . 103
4.2.3.2 Network-Based DDoS Defense . . . . . 104
4.2.4 Based on Defense Location . . . . . . . . . . . . 104
4.2.4.1 Victim-End DDoS Defense . . . . . . . 105
4.2.4.2 Source-End DDoS Defense . . . . . . . 105
4.2.4.3 Intermediate Network DDoS Defense . 106
4.2.5 Based on Techniques Used . . . . . . . . . . . . . 107
4.3 DDoS Detection Techniques . . . . . . . . . . . . . . . . 108
4.3.1 Misuse Detection . . . . . . . . . . . . . . . . . . 109
4.3.1.1 Signature-Based DDoS Detection . . . . 110
4.3.1.2 Rule-Based Detection . . . . . . . . . . 110
4.3.1.3 State-Transition Techniques . . . . . . 110
4.3.2 Anomaly-Based DDoS Detection . . . . . . . . . 111
4.3.2.1 Statistical Techniques . . . . . . . . . . 111
4.3.2.2 Machine Learning and Data Mining Tech-
niques . . . . . . . . . . . . . . . . . . . 120
4.3.2.3 Soft Computing Techniques . . . . . . . 131
4.3.2.4 Knowledge-Based Techniques . . . . . . 137
4.4 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 141
5 DDoS Prevention 145
5.1 DDoS Prevention Techniques . . . . . . . . . . . . . . . 145
5.1.1 IP Traceback . . . . . . . . . . . . . . . . . . . . 146
5.1.1.1 Link Testing . . . . . . . . . . . . . . . 150
5.1.1.2 Packet Marking . . . . . . . . . . . . . 151
5.1.1.3 Packet Logging . . . . . . . . . . . . . . 153
5.1.1.4 ICMP Traceback Messages . . . . . . . 154
5.1.1.5 Discussion . . . . . . . . . . . . . . . . 154
5.1.2 Filtering Techniques . . . . . . . . . . . . . . . . 155
5.1.2.1 Ingress and Egress Filtering . . . . . . . 155
5.1.2.2 Router-Based Packet Filtering (RPF) . 157
5.1.2.3 Source Address Validity Enforcement
(SAVE) Protocol . . . . . . . . . . . . . 158
5.1.3 Rate Control . . . . . . . . . . . . . . . . . . . . 159
5.2 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 159
6 DDoS Reaction and Tolerance 161
6.1 Intrusion Response System (IRS) . . . . . . . . . . . . . 161
6.1.1 Intrusion Response (IR) and Its Types . . . . . . 162
6.1.1.1 A Model to Demonstrate Relationships
among Responses . . . . . . . . . . . . 163
6.1.2 Development of IRSs: Approaches, Methods, and
Techniques . . . . . . . . . . . . . . . . . . . . . 165
6.1.2.1 Based on the Degree of Automation . . 165
6.1.2.2 Based on the Approach Used for Trig-
gering Responses . . . . . . . . . . . . . 167
6.1.2.3 Based on Adaptability . . . . . . . . . . 168
6.1.2.4 Based on Promptness in Response Gen-
eration . . . . . . . . . . . . . . . . . . 169
6.1.2.5 Based on the Level of Cooperation . . . 169
6.1.2.6 Based on Versatility in Reacting to Un-
seen Situations . . . . . . . . . . . . . . 170
6.1.3 Some Example Intrusion Response Systems . . . 171
6.1.3.1 Cooperative Intrusion Traceback and Re-
sponse Architecture (CITRA) . . . . . 171
6.1.3.2 Distributed Management Architecture
for Cooperative Detection and Reaction 172
6.1.3.3 EMERALD . . . . . . . . . . . . . . . . 173
6.1.3.4 CSM . . . . . . . . . . . . . . . . . . . 174
6.1.3.5 Adaptive, Agent-Based IRS (AAIRS) . 175
6.1.3.6 ALPHATECH . . . . . . . . . . . . . . 175
6.1.3.7 SITAR . . . . . . . . . . . . . . . . . . 176
6.1.4 Discussion . . . . . . . . . . . . . . . . . . . . . . 177
6.2 DDoS Tolerance Approaches and Methods . . . . . . . . 177
6.2.1 Multi-Level IDS-Based Approaches . . . . . . . . 179
6.2.2 Middleware Algorithm-Based Approaches . . . . 182
6.2.3 Recovery-Based Approaches . . . . . . . . . . . . 185
6.2.4 Discussion . . . . . . . . . . . . . . . . . . . . . . 190
6.3 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 191
7 Tools and Systems 193
7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 193
7.2 Types of Network Security Tools . . . . . . . . . . . . . 195
7.2.1 Information Gathering Tools . . . . . . . . . . . 195
7.2.1.1 Sniffing Tools . . . . . . . . . . . . . . . 195
7.2.1.2 Network Mapping/Scanning Tools . . . 201
7.2.2 Attack Launching Tools . . . . . . . . . . . . . . 203
7.2.2.1 Trojans . . . . . . . . . . . . . . . . . . 204
7.2.2.2 Transport and Network Layer Denial-
of-Service Attacks . . . . . . . . . . . . 205
7.2.2.3 Application Layer Attack Tools . . . . 210
7.2.2.4 Additional Attack Tools . . . . . . . . . 212
7.2.3 Network Monitoring Tools . . . . . . . . . . . . . 214
7.2.3.1 Visualization and Analysis Tools . . . . 215
7.3 Observations . . . . . . . . . . . . . . . . . . . . . . . . 216
7.4 TUCANNON+: DDoS Attack-Generation and Monitor-
ing Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
7.4.1 TUCannon: Attack-Generation Module . . . . . 220
7.4.2 Server Sub-module of TUCannon . . . . . . . . . 220
7.4.3 Client Sub-module . . . . . . . . . . . . . . . . . 222
7.4.4 Scalability of TUCannon . . . . . . . . . . . . . 223
7.4.5 Speed of TUCannon . . . . . . . . . . . . . . . . 223
7.4.6 Re
ector Attack . . . . . . . . . . . . . . . . . . 223
7.5 TUCannon Architecture . . . . . . . . . . . . . . . . . . 224
7.5.1 Server Architecture . . . . . . . . . . . . . . . . . 224
7.5.2 Client Architecture . . . . . . . . . . . . . . . . . 225
7.6 TUMonitor . . . . . . . . . . . . . . . . . . . . . . . . . 226
7.6.1 TUMonitor: An Overview . . . . . . . . . . . . . 226
7.6.2 TUMonitor Architecture . . . . . . . . . . . . . . 229
7.6.3 Visualization with TUMonitor . . . . . . . . . . 231
7.7 DDoS Defense Systems . . . . . . . . . . . . . . . . . . . 231
7.7.1 Systems that Respond to Intrusion . . . . . . . . 232
7.7.1.1 Architectures of Some Well-Known De-
fense Systems . . . . . . . . . . . . . . 233
7.7.2 Some Commercial and Academic Defense Systems 237
7.7.3 Discussion . . . . . . . . . . . . . . . . . . . . . . 247
7.8 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 247
8 Conclusion and Research Challenges 249
8.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 249
8.1.1 Source IP Spooffng . . . . . . . . . . . . . . . . . 250
8.1.2 Degree of Randomization . . . . . . . . . . . . . 250
8.1.3 Isolation vs. Combination . . . . . . . . . . . . . 250
8.1.4 Realistic TCP SYN Flooding . . . . . . . . . . . 251
8.1.5 Removal of Unique Characteristics . . . . . . . . 251
8.1.6 Low-Cost and Limited Bandwidth Attack . . . . 251
8.2 Research Challenges . . . . . . . . . . . . . . . . . . . . 252
8.2.1 Developing a Generic DDoS Defense Mechanism 252
8.2.2 Integration of Packet/Flow Monitoring and De-
tection . . . . . . . . . . . . . . . . . . . . . . . . 252
8.2.3 Developing DDoS-Tolerant Architecture . . . . . 253
8.2.4 Developing a Cost-Effective Source-End Defense 253
8.2.5 Developing an Effcient Dynamic Firewall . . . . 253
8.2.6 Hybridization Issues to Support Real-Time
Performance with QoS . . . . . . . . . . . . . . . 253
8.2.7 Heuristics for Accurate Estimation of Defense
Parameters . . . . . . . . . . . . . . . . . . . . . 254
8.2.8 Developing a Robust and Cost-Effective Proxim-
ity
Measure . . . . . . . . . . . . . . . . . . . . . . . 254
8.2.9 Standard for Unbiased Evaluation of Defense So-
lutions . . . . . . . . . . . . . . . . . . . . . . . . 254
8.2.10 Large-Scale Testbed for Defense Validation . . . 254

Постеры

Соцсети

 

Статистика

Автор: Солнышко
Добавлен: 28 янв 2018, 17:15
Размер: 10.01 МБ
Размер: 10 491 582 байт
Сидеров: 8
Личеров: 2
Скачали: 0
Здоровье: 100%
Раздающих: 100%
Скорость скачивания: 0 байт/сек
Скорость раздачи: 0 байт/сек
Последний сидер: 20 дней 15 часов 36 минут 46 секунд назад
Последний личер: 20 дней 15 часов 36 минут 46 секунд назад
Приватный: Нет (DHT включён)
Сеть и безопасность Скачать торрент
Скачать торрент
[ Размер 13 КБ / Просмотров 0 ]

Поделиться



  • Похожие торренты
    Ответы
    Просмотры
    Последнее сообщение

Вернуться в Сеть и безопасность