explanatory Essay
2022 words
2022 words

Introduction Most modern attacks/intrusions are very intelligent leaving no trace of the appearance in the network making detection very difficult. DDoS attack is classified as resource depletion attacks and bandwidth depletion attacks [1]. Protocol exploit attacks and malformed packet attack tie up the critical resources of the victim system. Many of these attacks also use spoofed source IP addresses, thereby eluding source identification. The two most basic types of DDoS attacks are 1) Bandwidth attacks and 2) Application attacks. Bandwidth attacks consume resources such as network bandwidth or equipment by overwhelming with a high volume of packets [2]. Due to overload of packets targeted routers, servers, and firewalls can be rendered unavailable to process valid transactions. Packet-flooding is a form of bandwidth attack in which a large number of seemingly legitimate TCP, User Datagram Protocol (UDP), or Internet Control Message Protocol (ICMP) packets are directed to a specific destination [2]. To make detection difficult these kinds of attacks spoof their source address to prevent identification. Application attacks use the expected behavior of protocols such as TCP and HTTP to the attacker’s advantage by tying up computational resources and preventing them from processing transactions or requests. Any computer in the network can be easily compromised by DDoS attacks without the knowledge of being attacked. Sophisticated and automated DDoS attack tools like Trinoo, TFN, TFN2K, mstream, Stacheldraht, Shaft, Trinity, Knight etc., available in the Internet do not require technical knowledge to launch a high rate flooding attack. The victims are surprisingly government agencies, financial corporations, defense agencies and m... ... middle of paper ... animals,” International Society for Behavioral Ecology, vol. 14, pp. 719-723, 2003. [31] Zhongwen Li and Yang Xiang, “Mathematical Analysis of Active DDoS Defense Systems,” International Conference on Computational Intelligence and Security, Guangzhou, pp. 1563-1566, 2006. [32] G. Preetha, B.S. Kiruthika Devi, S. Mercy Shalinie, “Combat Model based DDoS Detection and Defense using Experimental Testbed: A Quanitative Approach,” International Journal of Intelligent Engineering and Informatics (IJIEI), vol. 1, no. ¾, pp. 261-279, 2011. [33] The Swiss Education and Research Network - Default TTL values in TCP/IP (2002) [Online]. Available: default.html. [34] Jaehak Yu, Hansung Lee, Myung-Sup Kim, Daihee Park, “Traffic flooding attack detection with SNMP MIB using SVM,” Comput. Com, vol. 31, no. 17, pp. 4212-4219, 2008.

In this essay, the author

  • Explains that most modern attacks/intrusions are very intelligent leaving no trace of the appearance in the network making detection difficult.
  • Explains that agents play a vital role in artificial intelligence and computer science research now-a-days.
  • Explains the need for an efficient algorithm in complex networks to reduce packet loss. the fuzzy logic controller is a remarkable solution for congestion control in networks.
  • Explains that ddos attacks are distributed in nature where a master owns millions of insecure machines called zombies to overwhelm the victim with huge volume of packets.
  • Explains that a fuzzy estimator is constructed for ddos detection and proposes qualitative description instead of statistical descriptors. the detection is based on single metric which is not sufficient to differentiate attack from normal traffic.
  • Proposes an adaptive and cooperative defense mechanism against internet attacks with multi-agent framework with discrete event and packet level simulation of network protocols.
  • Explains that attackers use ip spoofing as a weapon to disguise their identity and the spoofed traffic follows the same principle as normal traffic.
  • Explains how traffic traces are monitored in an experimental testbed through an online network monitoring system (oms).
  • Explains mirkovic and reiher's taxonomy of ddos attacks and defense mechanisms in acm sigcomm computer communications review.
  • Explains that ketki arora, krishnan kumar, and monika sachdeva, “impact analysis of recent ddos attacks,” international journal of computer science and engineering, vol.3, pp.
  • Explains shoham's "an overview of agent-oriented programming," in j. m. bradshaw, menlo park.
  • Presents m.h. yaghmaee and halleh amintoosi's fuzzy based active queue management algorithm in proc. of international symposium on performance evaluation of computer and telecommunication systems (spects2003).
  • Presents behrouz safaiezadeh, amir masoud rahmani, and ebrahim mahdipour's paper, "a new fuzzy congestion control algorithm in computer networks," ieee international conference on future computer and communication, april 03-05, kuala lumpur, malaysia.
  • Describes the features of fuzzy adaptive tuning of router buffers for congestion control.
  • Presents a novel fuzzy congestion control algorithm for router buffers at the ieee-international conference on recent trends in information technology (icrtit), mit, chennai.
  • Explains mirkovic and reiher's "a taxonomy of ddos attacks and defense mechanisms," acm sigcomm computer communications review, vol.
  • Explains j. mirkovic, a. hussain, s. fahmy, p. reiher, and r. thomas, towards user-centric metrics for denial-of-service measurement.
  • Explains j. mirkovic, a. hussain, s. fahmy, p. reiher, and r. thomas, "accurately measuring denial of service in simulation and testbed experiments."
  • Explains sachdeva, kumar, singh and singh, “performance analysis of web service under ddos attacks,” ieee international advance computing conference (iacc 2009), patiala.
  • Analyzes the impact of ddos attacks on web services in the journal of information assurance and security.
  • Explains c. siaterlis and b. maglaris, towards multisensor data fusion for dos detection.
  • Describes monika sachdeva, gurvinder singh, krishan kumar, and kuldip singh's "measuring impact of ddos attacks on web services."
  • Describes monika sachdeva, krishan kumar, gurvinder singh, and kuldip singh's performance analysis of web service under ddos attacks.
  • Presents b.s. kiruthika devi, g. preetha, s. dina nidhya and mercy shalinie's paper, "ddos detection using host-network based metrics and mitigation in experimental testbed".
  • Describes stavros n. shiaeles, vasilios kato, alexandras s. karakos, and basil k. papadopoulos, "real time ddos detection using fuzzy estimators."
  • Cites xia z, lu s, li j. enhancing ddos flood attack detection via intelligent fuzzy logic, informatica, vol. 34, pp.497-507.
  • Explains the multi-agent framework for simulation of adaptive cooperative defense against internet attacks, in international workshop on autonomous intelligent systems: agents and data mining.
  • Cites kotenko, konovalov, and shorov, agent-based modeling and simulation of botnets and botnet defence, in czosseck, podins, ccd coe publications, tallinn, estonia.
  • Opines that hybrid multi agent-neural network intrusion detection with mobile visualization is an innovation in hybrid intelligent systems.
  • Explains sanguk noh, cheolho lee, kyunghee choi, and gihyun jung, "detecting distributed denial of service (ddos) attacks through inductive learning."
  • Explains igor kotenko, mihail stepashkin, and alexander ulanov, agent-based modeling and simulation of malefactors' attacks against computer networks, security and embedded systems.
  • Cites igor kotenko and alexander ulanov's article, "agent-based simulation of ddos attacks and defense mechanisms".
  • Describes g. preetha, b.s. kiruthika devi and s. mercy shalinie's "combat model based ddos detection and defence using experimental testbed: a quantitative approach".
  • Explains b.s. kiruthika devi, g. preetha, and s. mercy shalinie, "ddos detection using host-network based metrics and mitigation in experimental testbed."
  • Explains that fw. lanchester, mathematics in warfare, simon & schuster, 1956.
  • Explains yang xiang and wanlei zhou, "safeguard information infrastructure against ddos attacks: experiments and modeling".
  • Explains that lancaster's attrition models and fights among social animals, international society for behavioral ecology, vol. 14, 2003.
  • Cites zhongwen li and yang xiang, “mathematical analysis of active ddos defense systems,” international conference on computational intelligence and security, guangzhou, 2006.
  • Describes g. preetha, b.s. kiruthika devi, and s. mercy shalinie's "combat model based ddos detection and defense using experimental testbed: a quanitative approach."
  • Explains the swiss education and research network's default ttl values in tcp/ip.
  • Describes jaehak yu, hansung lee, myung-sup kim, daihee park, “traffic flooding attack detection with snmp mib using svm,” comput.
  • Explains the development of the testbed infrastructure to carry out realistic ddos experimentation with different traffic generators and populated the dataset to evaluate its impact on the victim network.
  • Describes how an experimental testbed enables one to select the number of attacking nodes, what kind of flooding style of attack, when the attack should be scheduled and what is the desired victim.
Get Access