You are on page 1of 12

CERTIFICATE

This is to certify that this dissertation entitled Performance Evaluation of DDoS Attacks and Traceback Techniques in Flooding Based Distributed Denial Of Service Attacks embodies the work carried out by Satwinder Singh himself under my supervision and that it is worthy of consideration for the award of M-Tech degree.

Er. Abhinav Bhandari Assistant Professor, Department of Computer Engineering, University College of Engineering, Punjabi University, Patiala

DECLARATION
I hereby affirm that the work presented in this dissertation entitled Performance Evaluation of DDoS Attacks and Traceback Techniques in Flooding Based Distributed Denial Of Service Attacks in partial fulfilment of the requirements of the award of degree of M.Tech. (Computer Engineering), submitted at the Department of University College of Engineering, Punjabi University, Patiala is an authentic record of my own work under the guidance of Er. Abhinav Bhandari Assistant Professor, department UCOE, Computer Engineering. The matter presented in this dissertation has not been submitted in any other university/ institute for the award of M-Tech degree or any degree / diploma.

Satwinder Singh Roll No. - 11191035

------------------------------(Signature of Supervisor)

ii

ACKNOWLEDGEMENT
First and foremost, I would like to thank God Almighty for life itself. All that I have is due to His grace and I give all glory to him. Even though I have let him down many times in my life, He has always carried me through. The real spirit of achieving a goal is through the way of excellence and austere discipline. I would have never succeeded in completing my task without the cooperation, encouragement and help provided to me by various personalities. With deep sense of gratitude I express my sincere thanks to my esteemed and worthy supervisor Abhinav Bhandari, Assistant Professor, Department of Computer Engineering, University College of Engineering, Punjabi University, Patiala for his valuable guidance in carrying out this work under his effective supervision, encouragement, enlightenment and cooperation. Most of the novel ideas and solutions found in this thesis are the result of our numerous stimulating discussions. His feedback and editorial comments were also invaluable for writing of this thesis. I shall be failing in my duties, if I do not express my deep sense of gratitude towards Dr. JAIMAL SINGH KHAMBA, Professor and Head of Department of University College of Engineering and Dr. AMARDEEP SINGH, Section Incharge Computer Engineering, Punjabi University, Patiala for providing necessary facilities in the department to carry out this thesis work. This acknowledgement would be incomplete if I do not mention the emotional support and blessings provided by my friends. I had a pleasant enjoyable and fruitful company with them. My greatest debt is owed to my father S. Kulwant Singh, my mother Smt. Gurjeet Kaur, and my whole family whose support and care makes me stay on earth. This work is dedicated to them.

Place: Punjabi University, Patiala Date:........................

Satwinder Singh (11191035)

iii

TABLE OF CONTENTS
Page No.
CERTIFICATE DECLARATION ACKNOWLEDGEMENT TABLE OF CONTENTS ABBREVATIONS LIST OF FIGURES LIST OF TABLES ABSTRACT CHAPTER 1: INTRODUCTION 1.1 Overview 1.1.1 DoS and DDoS Incidents 1.2 General Security Terminology 1.2.1 A Definition of Computer Security 1.3 Network Security 1.4 The Need for Security 1.5 Security Approaches 1.5.1 Trusted System 1.5.2 Security Models 1.6 Threats to Network Security 1.7 Denial of Service Attacks i ii iii iv-vii viii ix x xi 1 1 1 3 3 4 6 6 6 6 7 7

iv

1.8 Common Types Denial of Service Attacks 1.8.1 SYN Flood Attack 1.8.2 smurf Attack 1.8.3 UDP Flood Attack 1.8.4 Ping Flood Attack 1.8.5 ICMP Flood Attack 1.9 Distributed Denial of Service Attacks 1.9.1 DDoS Characteristics 1.9.2 DDoS Architecture 1.9.3 Attack Network Topologies 1.10 Known Distributed Denial of Service Attacks 1.10.1 Trinoo 1.10.2 Tribe Flood Network 1.10.3 TFN2K 1.10.4 Stacheldrath 1.10.5 mstream 1.10.6 Shaft 1.10.7 Code Red 1.11 DDoS Defense Systems 1.11.1 DDoS Attack Prevention 1.11.2 Attack Detection and Recovery 1.11.3 Attack Source Identification 1.12 IP Traceback
v

8 8 8 9 10 10 10 11 11 13 14 14 14 15 15 15 15 16 16 16 17 17 18 1

1.12.1 Classification of Traceback Schemes CHAPTER 2: LITERATUTE REVIEW CHAPTER 3: RESEARCH METHODOLOGY 3.1 Research Methodology 3.1.1 Quantitative approach 3.1.2 Qualitative approach 3.1.3 Mixed approach 3.2 Sources of Data 3.3 Research Design 3.3.1 Problem Identification and Selection 3.3.2 Literature Study 3.3.3 Building Simulation 3.4 Problem of definition

18 21-29 30 30 30 30 30 31 31 31 32 32 33 34

3.5 Objectives of the study

3.6 Methodology CHAPTER 4: RESULTS AND DISCUSSIONS 4.1 Implementation Details 4.2 Simplified Structure of Implementation 4.3 Parameters used in the Simulation 4.4 Vulnerability analysis of Traceback Techniques

35

36 37 45 45

vi

CHAPTER 5: CONCLUSIONS AND FUTURE SCOPE 5.1 Conclusions 5.2 Future Scope REFERENCES

vii

ABBREVIATIONS
DoS DDoS FBI CPU Bps TCP ACK SYN UDP ICMP IP TFN IDS PPM DPM SPIE AAM FDPM SNITCH IPSec IDIP SWT ISP FIFO QoS HTTP HsMM IACC NPSR ESVM PaC Denial of service Distributed Denial of service Federal Bureau Investigation Central Processing Unit Bits Per Second Transmission Control Protocol Acknowledgement Synchronization User Datagram Protocol Internet Control Message Protocol Internet Protocol Tribe Flood Network Intrusion Detection System Probabilistic Packet Marking Deterministic Packet Marking Source Path Isolation Engine Advanced and Authenticated Packet Marking Flexible Deterministic Packet Marking Simple, Novel IP Traceback using Compressed Header Internet Protocol Security Intrusion Detection and Identification Protocol Sleepy Watermark Tracing Internet Service Provider First In First Out Quality of Service Hyper Text Transfer Protocol Hidden semi-Markov Model Improved Aggregate-based Congestion Control Normal Packet Survival Ratio Enhanced Support Vector Machine Pushback and Communicate
viii

LIST OF FIGURES
Figure No. Title Page No. Figure 1.1 Figure 1.2 largest bandwidth attacks reported from 114 service providers Average number of DDoS attacks per month during October 2010 to September 2011 Figure 1.3 Figure 1.4 Figure 1.5 Figure 1.6 Figure 1.7 Figure 1.8 Figure 1.9 Figure 1.10 Figure 4.1 Figure 4.2 Figure 4.2.1 Figure 4.2.2 Figure 4.2.3 Figure 4.2.4 Figure 4.2.5 Figure 4.2.6 Figure 4.2.7 Figure 4.2.8 The Security Requirements Triad Denial-of-service attack scenario An example of a Smurf attack Distributed denial-of-service attack scenario Architecture of a DDoS Attack Reflection DDoS Attack Reactive Schemes Classification Pro-Active Schemes Classification Attacking Network Structure for simulation Simple Attacking Network Structure for simulation Attack free traffic for TCP user and UDP user TCP and UDP user traffic under 26% of UDP-type attacking TCP and UDP user traffic under 36% of UDP-type attacking TCP and UDP user traffic under 46% of UDP-type attacking TCP and UDP user traffic under 26% of TCP-type attacking TCP and UDP user traffic under 36% of TCP-type attacking TCP and UDP user traffic under 46% of TCP-type attacking TCP and UDP user traffic under 26% of TCP-type attacking using DropTrail and RED Algo. TCP and UDP user traffic under 36% of TCP-type attacking using DropTrail and RED Algo. Figure 4.2.10 TCP and UDP user traffic under 26% of UDP-type attacking using DropTrail and RED Algo. TCP and UDP user traffic under 36% of UDP-type attacking using DropTrail and RED Algo. 44 4 7 9 11 12 13 19 20 36 37 38 39 39 40 41 41 42 43 3 3

Figure 4.2.9

43

Figure 4.2.11

44

ix

LIST OF TABLES
Table No. Title Page No. Table 4.3 Table 4.4 Parameters of Simulation Vulnerability analysis of Traceback Techniques 45 48

ABSTRACT
Network technology has experienced explosive growth in the past decades. The vast connectivity of networks all over the world poses huge risks. The generally accepted viewpoint in the security world is that no system or network is totally protected which makes network security an important concern. The work done in this thesis focuses on Distributed Denial of Service Attacks (DDoS) where legitimate users are prevented from accessing network services. Distributed Denial of Service (DDoS) Attacks has been increasingly found to be disturbing the normal working of organizations causing billions of rupees of losses. Organizations are trying their best to reduce their losses from these systems. On the other hand, most of the organizations widely use the Security Management tools to observe and manage their networks. Even though a lot of research has been done in this field, these attacks remain one of the most common threats affecting network performance.

One defense against DDoS attacks is to make attacks infeasible for an attacker, by increasing either the amount of attack traffic needed to halt a link or the number of attackers needed to disable the network.

This thesis is a part of work on the DDoS benchmarks project, which develops such an evaluation platform. The benchmarks contain three components: a) the set of typical attack scenarios that consist of attack, legitimate traffic and target network resource dimensions, b) the performance metrics that detain the impact of the attack and the defense effectiveness, and c) the testing methodology specification. The focus of this thesis is to providing our results of experiments in this regard for flooding based DDoS attacking in the simulation environment with NS2.35. The results in this thesis indicate that the bandwidth may be more easily flooded by UDP-type attacking than by TCP-type one at different attack strength. In this thesis we done the validation of DropTrail and RED queue under the flooding based DDoS attack which is better for the legitimate user under the flooding attack.

Thesis work is divided into five chapters. First chapter describes the introduction of the topic, Second chapter layout the literature survey, Third chapter gives the problem of statement, objectives and methodology to solve the problem, Fourth chapter explains the
xi

results and discussion of the proposed work and last chapter layout the future work and conclusion of the thesis.

xii