Skip to Content (press Enter/Return)
preview

research

explanatory Essay
2022 words
Open Document
2022 words
  • Small
  • Normal
  • Large
  • Huge
bookmark

Introduction Most modern attacks/intrusions are very intelligent leaving no trace of the appearance in the network making detection very difficult. DDoS attack is classified as resource depletion attacks and bandwidth depletion attacks [1]. Protocol exploit attacks and malformed packet attack tie up the critical resources of the victim system. Many of these attacks also use spoofed source IP addresses, thereby eluding source identification. The two most basic types of DDoS attacks are 1) Bandwidth attacks and 2) Application attacks. Bandwidth attacks consume resources such as network bandwidth or equipment by overwhelming with a high volume of packets [2]. Due to overload of packets targeted routers, servers, and firewalls can be rendered unavailable to process valid transactions. Packet-flooding is a form of bandwidth attack in which a large number of seemingly legitimate TCP, User Datagram Protocol (UDP), or Internet Control Message Protocol (ICMP) packets are directed to a specific destination [2]. To make detection difficult these kinds of attacks spoof their source address to prevent identification. Application attacks use the expected behavior of protocols such as TCP and HTTP to the attacker’s advantage by tying up computational resources and preventing them from processing transactions or requests. Any computer in the network can be easily compromised by DDoS attacks without the knowledge of being attacked. Sophisticated and automated DDoS attack tools like Trinoo, TFN, TFN2K, mstream, Stacheldraht, Shaft, Trinity, Knight etc., available in the Internet do not require technical knowledge to launch a high rate flooding attack. The victims are surprisingly government agencies, financial corporations, defense agencies and m... ... middle of paper ... ...al animals,” International Society for Behavioral Ecology, vol. 14, pp. 719-723, 2003. [31] Zhongwen Li and Yang Xiang, “Mathematical Analysis of Active DDoS Defense Systems,” International Conference on Computational Intelligence and Security, Guangzhou, pp. 1563-1566, 2006. [32] G. Preetha, B.S. Kiruthika Devi, S. Mercy Shalinie, “Combat Model based DDoS Detection and Defense using Experimental Testbed: A Quanitative Approach,” International Journal of Intelligent Engineering and Informatics (IJIEI), vol. 1, no. ¾, pp. 261-279, 2011. [33] The Swiss Education and Research Network - Default TTL values in TCP/IP (2002) [Online]. Available: http://secfr.nerim.net/docs/fingerprint/en/ttl default.html. [34] Jaehak Yu, Hansung Lee, Myung-Sup Kim, Daihee Park, “Traffic flooding attack detection with SNMP MIB using SVM,” Comput. Com, vol. 31, no. 17, pp. 4212-4219, 2008.

In this essay, the author

  • Explains that most modern attacks/intrusions are very intelligent leaving no trace of the appearance in the network making detection difficult.
  • Explains that agents play a vital role in artificial intelligence and computer science research now-a-days.
  • Explains the need for an efficient algorithm in complex networks to reduce packet loss. the fuzzy logic controller is a remarkable solution for congestion control in networks.
  • Explains that ddos attacks are distributed in nature where a master owns millions of insecure machines called zombies to overwhelm the victim with huge volume of packets.
  • Explains that a fuzzy estimator is constructed for ddos detection and proposes qualitative description instead of statistical descriptors. the detection is based on single metric which is not sufficient to differentiate attack from normal traffic.
  • Proposes an adaptive and cooperative defense mechanism against internet attacks with multi-agent framework with discrete event and packet level simulation of network protocols.
  • Explains that attackers use ip spoofing as a weapon to disguise their identity and the spoofed traffic follows the same principle as normal traffic.
  • Explains how traffic traces are monitored in an experimental testbed through an online network monitoring system (oms).
  • Explains mirkovic and reiher's taxonomy of ddos attacks and defense mechanisms in acm sigcomm computer communications review.
  • Explains that ketki arora, krishnan kumar, and monika sachdeva, “impact analysis of recent ddos attacks,” international journal of computer science and engineering, vol.3, pp.
  • Explains shoham's "an overview of agent-oriented programming," in j. m. bradshaw, menlo park.
  • Presents m.h. yaghmaee and halleh amintoosi's fuzzy based active queue management algorithm in proc. of international symposium on performance evaluation of computer and telecommunication systems (spects2003).
  • Presents behrouz safaiezadeh, amir masoud rahmani, and ebrahim mahdipour's paper, "a new fuzzy congestion control algorithm in computer networks," ieee international conference on future computer and communication, april 03-05, kuala lumpur, malaysia.
  • Describes the features of fuzzy adaptive tuning of router buffers for congestion control.
  • Presents a novel fuzzy congestion control algorithm for router buffers at the ieee-international conference on recent trends in information technology (icrtit), mit, chennai.
  • Explains mirkovic and reiher's "a taxonomy of ddos attacks and defense mechanisms," acm sigcomm computer communications review, vol.
  • Explains j. mirkovic, a. hussain, s. fahmy, p. reiher, and r. thomas, towards user-centric metrics for denial-of-service measurement.
  • Explains j. mirkovic, a. hussain, s. fahmy, p. reiher, and r. thomas, "accurately measuring denial of service in simulation and testbed experiments."
  • Explains sachdeva, kumar, singh and singh, “performance analysis of web service under ddos attacks,” ieee international advance computing conference (iacc 2009), patiala.
  • Analyzes the impact of ddos attacks on web services in the journal of information assurance and security.
  • Explains c. siaterlis and b. maglaris, towards multisensor data fusion for dos detection.
  • Describes monika sachdeva, gurvinder singh, krishan kumar, and kuldip singh's "measuring impact of ddos attacks on web services."
  • Describes monika sachdeva, krishan kumar, gurvinder singh, and kuldip singh's performance analysis of web service under ddos attacks.
  • Presents b.s. kiruthika devi, g. preetha, s. dina nidhya and mercy shalinie's paper, "ddos detection using host-network based metrics and mitigation in experimental testbed".
  • Describes stavros n. shiaeles, vasilios kato, alexandras s. karakos, and basil k. papadopoulos, "real time ddos detection using fuzzy estimators."
  • Cites xia z, lu s, li j. enhancing ddos flood attack detection via intelligent fuzzy logic, informatica, vol. 34, pp.497-507.
  • Explains the multi-agent framework for simulation of adaptive cooperative defense against internet attacks, in international workshop on autonomous intelligent systems: agents and data mining.
  • Cites kotenko, konovalov, and shorov, agent-based modeling and simulation of botnets and botnet defence, in czosseck, podins, ccd coe publications, tallinn, estonia.
  • Opines that hybrid multi agent-neural network intrusion detection with mobile visualization is an innovation in hybrid intelligent systems.
  • Explains sanguk noh, cheolho lee, kyunghee choi, and gihyun jung, "detecting distributed denial of service (ddos) attacks through inductive learning."
  • Explains igor kotenko, mihail stepashkin, and alexander ulanov, agent-based modeling and simulation of malefactors' attacks against computer networks, security and embedded systems.
  • Cites igor kotenko and alexander ulanov's article, "agent-based simulation of ddos attacks and defense mechanisms".
  • Describes g. preetha, b.s. kiruthika devi and s. mercy shalinie's "combat model based ddos detection and defence using experimental testbed: a quantitative approach".
  • Explains b.s. kiruthika devi, g. preetha, and s. mercy shalinie, "ddos detection using host-network based metrics and mitigation in experimental testbed."
  • Explains that fw. lanchester, mathematics in warfare, simon & schuster, 1956.
  • Explains yang xiang and wanlei zhou, "safeguard information infrastructure against ddos attacks: experiments and modeling".
  • Explains that lancaster's attrition models and fights among social animals, international society for behavioral ecology, vol. 14, 2003.
  • Cites zhongwen li and yang xiang, “mathematical analysis of active ddos defense systems,” international conference on computational intelligence and security, guangzhou, 2006.
  • Describes g. preetha, b.s. kiruthika devi, and s. mercy shalinie's "combat model based ddos detection and defense using experimental testbed: a quanitative approach."
  • Explains the swiss education and research network's default ttl values in tcp/ip.
  • Describes jaehak yu, hansung lee, myung-sup kim, daihee park, “traffic flooding attack detection with snmp mib using svm,” comput.
  • Explains the development of the testbed infrastructure to carry out realistic ddos experimentation with different traffic generators and populated the dataset to evaluate its impact on the victim network.
  • Describes how an experimental testbed enables one to select the number of attacking nodes, what kind of flooding style of attack, when the attack should be scheduled and what is the desired victim.
Get Access
Check Writing Quality
Related
  • explanatory
  • analytical
  • opinion
  • UK Government Communications Headquarters' Distributed Denial of Service Attacks on Anonymous
    explanatory essay
    The Joint Threat Research Intelligence Group Unit operates to disturb and deny services, a technique commonly known DDoS, to cyber hackers. The technique also installs malware to the hackers systems and help in the tracking of their real identities, this later helps the GCHQ to intercept and analyze their communications.

    In this essay, the author

    • Explains that the united kingdom intelligence has a branch of specialized hackers that is suspected to be using other questionable ways to track down its enemies and other enemies of british.
    • Explains that the u.k secret agency (gchq) is came up with a special team called jtrig (the joint threat research intelligence group).
    • Explains that the joint threat research intelligence group unit disturbs and denies services to cyber hackers, and installs malware to the hackers' systems and helps the gchq intercept and analyze their communications.
    • Explains that this unit is very secret and has never been whispered or mentioned except after this revelation. this shows the seriousness of the unit and that it must be very important.
    • Explains that the us nsa held a conference named sigved in 2012 in retaliation to the leaking of documents in possession of edward snowden. the documents contained information on rolling thunder, an operation targeting anonymous hacktivists.
    • Explains that both governments were aware of the operations of jtrig and that the nsa was involved in these undertakings.
    • Explains that the use of ddos is unlawful in many regimes and for some countries the act is a criminal offence like in the us and the uk.
    • Explains that analysts discouraged the use of ddos attack since it takes down the entire server, including websites and other servers closely linked with the same isp.
    • Argues that the intelligence agency should make all the necessary efforts in pursuing people who break the law, propagate hate and steal property online.
    • Explains that gabriella coleman, a professor of anthropology at mcgills university, reiterated that targeting anonymous and hacktivists is the same as going after citizens for the expression of their political beliefs.
    • Explains that nbc possessed information that the activities of the special unit are not in any way limited to computer and network operations. the document reveals that jtrig is also involved in strategizing and attacking.
    • Describes how anonymous launched a payback operation against chelsea manning, the person who handed some classified information to the wikileaks.
    627 words
    Read More
  • DDoS Attacks Goes high to 400 Gbit/s
    explanatory essay
    There has been a record breaking in the DDoS (distributed denial-of-service) attacks on the internet which happened on Monday. The DDoS attacking went as further as 400 Gbits per second. This is a large number compared to the previously witnessed attack which was measured to be approximately 300 Gbits per second.

    In this essay, the author

    • Explains that there has been a record breaking in the ddos (distributed denial-of-service) attacks on the internet which happened on monday.
    • Explains that cloudflare, which deals with defense, disclosed to one of its customers on monday that it was experiencing a massive attack which according to the intensity, was much bigger than #spamhaus attacks.
    • Explains that the attacks resulted in network slowdowns in europe and may have affected other service providers.
    • Explains that the british authority is trying to track the attackers. the attack on cloudflare's was confirmed by oles van herman, the head of ovh.com.
    • Explains that attackers can use this method to send commands to another server from a victim server.
    • Explains that the monday revelations are not the first ddos attack since there are other attacks that have been witnessed worldwide.
    • Explains that the attackers can tap the dns flooder v1.1 toolkit, which was first encountered in hacking forums approximately 6 months ago.
    • Explains that using the toolkit the attacker can program dns servers by using arbitrary naming system and use the servers as a reflector. basin on the prolexic's report makes it possible for them to buy, create and make use of the dns server.
    • Explains that black lotus's blending attacks are effective in a way that the attackers locate weak spots and confuse the same system is catastrophic.
    • Explains that there has been a massive increase in the number of ddos attacks since the 2nd of january. according to the vulnerability advisory cve-2013-5211, there is an ntpd network time protocol bug which can be messed to initiate reflection attacks.
    • Suggests that businesses upgrade their ntpd versions to prevent attackers using ddos attacks.
    • Explains that a business may ensure that the security system is up-to-date to reduce the chances of attacks.
    650 words
    Read More
  • Nt1330 Unit 7 Lab
    explanatory essay
    This kind of denial of service attack was mainly used in legacy systems because they wouldn’t know what to do with a packet that’s larger than the standard IPv4 packet size of 65,537 when they received it.

    In this essay, the author

    • Explains how the pod is done by setting up a virtual environment running win95 as the victim and four others as an attackers.
    • Describes how they started their windows 95 machines, then went to the victim (pod server) and clicked run from the start menu and entered winipcfg to show the ip address.
    • Explains that they repeated the ping ten times and left all command prompts running. they then went to the pod server and opened system monitor tool to show the performance of the system.
    • Explains how they started to ping the pod server from all the machines, each having 10 instances of the command prompt running. the processor usage on the server was increasing and increasing until it reached 100%.
    • Describes how the pod server was overwhelmed and the system froze. after a few minutes, some pings started timing out on the attacking machines.
    • Explains the ping of death, a type of denial of service attack in which the attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets.
    • Explains that dos attacks are common among legacy systems, such as ping flood, which sends icmp (internet control message protocol) without waiting for a reply.
    545 words
    Read More
  • Aim Higher College: A Case Study
    analytical essay
    The Aim Higher College’s system administrators and network engineers have described seeing some strange behaviors such as high levels of traffic from many hosts that are causing system outages. The web servers of the college have been shutting down frequently by this traffic, it must be from a hacker group trying to attack the school with malicious software. I will review the network traffic from the college’s intrusion detection system and use an intrusion prevention system to block off these threats from the hackers.

    In this essay, the author

    • Explains that the aim higher college's system administrators and network engineers have described seeing strange behaviors such as high levels of traffic from many hosts that are causing system outages.
    • Analyzes the network behavior that was reported by network engineers and system administrators. one host is opening hundreds of ssh sessions to every other host on the aim higher college’s network every minute.
    • Explains that the intrusion detection system detected spam e-mails from the campus helpdesk, and a dns changer malware package.
    • Recommends that it staff use a signature-based intrusion prevention system, such as watch guard fireware, to block off hackers that want to harm students, faculty, and staff.
    741 words
    Read More
  • Bank Solutions Inc. Security Plan
    explanatory essay
    SANS Institute, (2001). Understanding intrusion detection systems. SANS Institute InfoSec Reading Room. Retrieved from: https://www.sans.org/reading-room/whitepapers/detection/understanding-intrusion-detection-systems-337

    In this essay, the author

    • Explains that bank solutions inc. needs a tailored it security plan for strategic advantage, regulatory compliance, and risk mitigation.
    • Explains that the main objectives of the security plan are to describe a security strategy and identify recommended technologies to ensure bank solutions has the ability to achieve their objective.
    • Recommends the following technologies that bank solutions should incorporate into its security plan.
    • Explains that vulnerability scanning is the art of using one computer to look for weaknesses in the security of another computer.
    • Explains that vulnerability scanning is applied by two types of vulnerability scanners that scan an organization’s network.
    • Explains that vulnerability scanning is a requirement for bank solutions to conduct these scans to meet compliance with federal regulations.
    • Explains that the cost of vulnerability scanners ranges from free to tens of thousands of dollars. an organization can expect to spend around $1200 a year for the vulnerability scan itself.
    • Explains that bank solutions must understand the cost associated with a breach to the network.
    • Explains that vulnerability scanning has limitations, which can be mitigated by developing and implementing a dynamic vulnerability management program. incorporating additional security technologies into the overall infrastructure will provide multiple layers of defense.
    • Explains that an intrusion detection system is used to scan incoming and outgoing traffic for malicious code or anomalies.
    • Explains the costs associated with implementing ids into a network infrastructure can run an organization thousands of dollars.
    • Recommends using the figures in vulnerability scanning roi to complete a thorough "risk and return analysis".
    • Opines that it staff must develop and administer a strong ids plan that is part of an overall multi-layered network defense strategy.
    • Describes intrusion prevention system (ips) as a network security appliance designed to monitor and actively protect network and information system activities.
    • Explains why many organizations choose not to implement ips, citing network availability and costs. an organization's it security team may be able to articulate the benefits, but it is not a direct revenue producer.
    • Explains that ips's can indirectly generate revenue by saving organizations' costs on dealing with network downtime caused by network intrusions.
    • Opines that an ips must be implemented on bank solutions network systems to improve network security deficiencies, but also serve as a security foundation for the system to operate as intended.
    • Explains that many organizations choose not to implement ips due to network availability and costs. any disruption to the network could potentially result in the loss of large amounts of revenue.
    • Explains that the security plan identified the necessary security strategy for bank solutions inc. this ensures a competitive advantage and regulatory compliance while remaining an attractive asset for acquisition.
    • Summarizes chabrow's 2013 cost of data breach study from ponemon and symantec.
    • Cites kinn, d., and timm, k. (2002, july 18). justifying the expense of ids, part one: an overview of rois.
    • Explains our security strategy, which includes a proactive and reactive strategy to protect confidentiality, integrity, and availability of our organizations information and data.
    • Cites mortazavi, s.h., and avadhani, p.s. rsa cryptography algorithm: an impressive tool in decreasing intrusion detection system vulnerabilities in network security
    1676 words
    Read More
  • Epidemiology Essay
    explanatory essay
    ...at proposed a new Worm Interaction Model which is based upon and extending beyond the epidemic model focusing on random-scan worm interactions. It proposes a new set of metrics to quantify effectiveness of one worm terminating other worm and validate worm interaction model using simulations. This paper also provides the first work to characterize and investigate worm interactions of random-scan worms in multi-hop networks (Tanachaiwiwa and Helmy, 2007). For the best possible solution against cyber attack, researchers use Mathematical modeling as a tool to understand and identify the problems of cyber war (Chilachava and Kereselidze, 2009). Such kind of modeling is supposed to help in better understanding of the problem, but to allow such models to be practically workable, it is extremely important to provide a quantitative interface to the problem through the model.

    In this essay, the author

    • Explains that mathematical models and computer simulations are important tools to investigate spread and control of infectious diseases.
    • Explains that the spread of viruses and worms in computer networks is similar to the virus spread in biological systems. the basic models describe the number of individuals that are susceptible, infected and recovered from a particular disease.
    • Explains that epidemic models include more heterogeneities by further subdividing the s, i and r classification to reflect more complexity. dynamical models for the behaviour of transmission of virus on internet were developed depending on network parameters.
    • Explains that hethcote and liu studied more complicated forms of the incidence function, where the transmission rate is independent of time and incidence rates are proportional to a power of i and s.
    • Explains that hyman and li formulated differential sir model with global stability and reproduction number, while mishra et. al. presented differential epidemic model by dividing infectious class.
    • Explains how the concept of vertical transmission is implemented in epidemic modelling.
    • Describes yi et al.'s detailed analysis of the seir dynamic system by considering variable parameters with seasonal forcing in the transmission rate.
    • Explains how yuan and chen developed a mathematical model for network virus point-to-group information propagation and investigated effective strategies for eradication of malware.
    • Explains that a dynamical model characterizing the spread of computer viruses over the internet is established by xing et.al.
    • Explains that quarantine and vaccination are important to reduce the spread of disease or attack in computer network. wang and hang presented stability analysis of a seiqv epidemic model for rapid spreading worms.
    • Explains that infectious diseases have strong non-linearities, and that susceptibility and infectiousness are intrinsically fuzzy concepts. mishra and pandey developed mathematical models on the transmission of worms in computer network.
    • Explains that computer viruses/worms have become a major hazard due to the rapid development of technology, the development and popularization of the internet and the great variety of equipment using software and networks.
    • Explains that researchers are working in this field using various tools of mathematics and statistics. billings et.al. used markov chains to represent the local behavior of infection action in a single node.
    • Explains that cyber warfare is a big issue in the era of internet and computer networks. research in mathematical modeling and simulation is the major area to implement various real-world problems.
    1946 words
    Read More
  • Research
    opinion essay
    Article Review/Questions #2 Everyday scale errors 1. What were the theoretical background and findings from previous research for this article? This research came about from previous researchers observing scale error behaviors within their homes, labs and anecdotal accounts from parents and other researchers. The results from previous research showed that children do try to fit their bodies into miniature size toys.

    In this essay, the author

    • Explains that the research came about from previous researchers observing scale error behaviors within their homes, labs, and anecdotal accounts from parents and other researchers.
    • Explains the goal of the present study was to show that children make scale errors in everyday environments and not just in a lab setting.
    • Explains that two studies were conducted with internet surveys. study 1 was to document everyday occurrence of scale errors and a follow-up phone interview was conducted.
    • Explains that in the first study, there were 221 participants and 40 reported one event that was counted as a scale error.
    • Opines that internet surveys aren't reliable, and that teachers should be able to give observable accounts of children making scale errors.
    • Explains that piaget saw cognitive development as being a constructive process. parents guide their children's development through non-conscious behaviors. hearing mothers with deaf infants showed more stress and not as flexible.
    • Explains that the present research goal was to examine the way that deaf mothers modify their signed communication when they direct it to their infants.
    • Explains that the present study was conducted by examining previous archival data from the gallaudet infancy study. participants were white, middle class families.
    • Explains that there were differences in infant-directed signing with deaf/hearing mothers — mothers signed more at younger infants and decreased at 9 months, which is the time of first words.
    • Explains the importance of knowing what parents do early on with their infants helps support them in sensitivity and responsiveness. hearing parents of deaf children can learn to be more flexible and learn communicative strategies.
    • Opines that research shows that it's important for hearing parents of deaf infants to start early intervention to learn better ways of eliciting and maintaining their attention.
    • Explains how the concepts in the article relate to what we have discussed in class. children solve problems by trial and error; their intelligence according to piaget is limited to physical actions on objects.
    • Explains how the concepts in the article relate to what we have discussed in class.
    • Analyzes how the concept language fits the description of a biologically primary ability that develops in all people without instruction or motivation. the article talked about motherese speech, all parents’ use it no matter the infant/mother is hearing or deaf
    • Compares and contrasts the theories of vygotsky and piaget.
    1495 words
    Read More
  • Internet Topoloty Robustness is Related to the Scale-free Internet
    explanatory essay
    Scale free networks are resistant to random node failures but extremely vulnerable to coordinated attack against their hubs [55], [56]. Consequently Internet, a scale-free network, is robust against random node failures but highly vulnerable to coordinated attacks against its popular nodes. The ability of a small group of well-informed attackers to crash the entire Internet via a coordinated attack should be concerned [20].

    In this essay, the author

    • Explains that faloutsos brothers analyzed the physical structure of internet and found that the internet topology is too scale-free network.
    • Explains that scale-free networks are resistant to random node failures but extremely vulnerable to coordinated attacks against their hubs.
    • Explains that internet topology is represented by an internet map, which is a scheme displaying internet entities’ relative position, but unlike real maps, the entities are not aligned. magoni worked at router level of the internet, instead of
    • Explains magoni's 5 types of attacks on three internet maps; for simplicity, they will discuss only static attack technique. the network can be torn down by removing 5% of its nodes.
    • Concludes that undertaking a massive attack on the internet connectivity may not be feasible.
    • Explains that common dos attacks are done by high rate transmission of packets towards the victim. kuzmanovic and knightly studied the low rate dos attack against tcp flows.
    • Explains that the timeout mechanism is developed for congestion control, but its deterministic rto values can be exploited by sending high-rate but short duration bursts with round trip time (rtt) to ensure packet loss.
    • Explains that an attacker creates periodic outages at the minrto to synchronize the service denials to the tcp flows.
    • Explains that a shrew attack is designed as shown in figure 4. the rate r is large enough to induce loss, duration l of scale rtt, and period t.
    714 words
    Read More
  • Denial of Service Attacks
    explanatory essay
    Definition: Denial of Service. A cracker attack that overloads a server to the point that it no longer responds or shuts down completely. To flood a network or individual server with huge amounts of data packets.

    In this essay, the author

    • Defines denial of service as a cracker attack that overloads servers to the point that they no longer respond or shut down completely.
    • Explains that in a typical connection, the user sends authentication requests to the server, filling them up. the server waits, sometimes longer, before closing the connection.
    • Explains that attacks exploit bugs in a specific operating system, which is the basic software that your computer runs, such as windows 98 or macos.
    • Explains that attacks exploit inherent limitations of networking to disconnect you from the irc server or your isp, but don't usually cause your computer to crash.
    • Explains that when a session is initiated between the tcp client and server, the buffer space exists to handle the rapid "hand-shaking" exchange of messages. an attacker can send connection requests rapidly and then fail to respond to the reply.
    • Explains that the teardrop attack exploits the way the ip requires a packet that is too large for the next router to handle be divided into fragments.
    • Explains how a "sniffer" can block attacks by noticing patterns or identifiers in the information. most firewalls contain measures to prevent dos attacks.
    877 words
    Read More
  • Botnets: The Real Threat
    explanatory essay
    Abstract─Distantly controlled and managed (by botmaster or botherder) malicious software (called botnets or ‘bot armies’) hidden in large number of computers may cause extraordinary likely damage to the Internet. Botnets can initiate massive coordinated attacks upon Internet resources and its infrastructure devices. The most likely potential uses of botnets are distributed denial of service (DDoS) attacks, spamming, sniffing traffic, keylogging, installing advertisement addons and google adsense abuse, attacking internet relay chat (IRC) networks, attacking peer-to-peer (P2P) networks, hypertext transport protocol (HTTP) networks, and mass identity theft etc. This research is intended to review and analyze all aspects of well known botnets applications like IRC, P2P, HTTP and miscellaneous category. The study will focus on botnets measuring techniques, botnet behaviour, DDoS technology, botnet modeling, complexity of botnet software, setting up an IRC honeypot on network, and different botnets mitigation techniques and defense approaches against botnets etc. Mainly bots go unnoticed unless the botmaster makes a mistake. Presently, wide-ranging efficient defensive technologies are lacking. As botmasters carry on to improve their capabilities, awareness will be essential in enhancing bot defenses.

    In this essay, the author

    • Explains that botnets pose one of the most severe threats to the internet. bot technology is rapidly developing, supported and backed, by the open-source movement.
    • Introduces sheila banks and martin stytz to the international society for optical engineering (spie).
    • Explains that botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks.
    • Presents a multifaceted approach to understanding the botnet phenomenon, in proceedings of the 6th acm sigcomm conference on internet measurement.
    • Explains hao tu, zhi-tang li, and bin liu, detecting botnets by analyzing dns traffic.
    • Explains that botnet traffic detection techniques by c&c session classification using svm, in iwsec 2007, lncs 4752, berlin heidelberg, 2007.
    • Cites paul barford and vinod yegneswaran's an inside look at botnets in: malware detection, springer us.
    • Presents vinoo thomas and nitin jyoti's article in computer virology, volume 3, number 2, pages 103-111, april 2007.
    • Describes jerome françois, radu state, and olivier festor's botnets for scalable management, in dsom 2007, lncs 4785.
    • Describes s' contributions to the book antisocial networks: turning a social network into a botnet.
    • Cites jun hu, zhitang li, dezhong yao, and junfeng yu. measuring botnet size by using url and collaborative mail servers.
    • Presents the proceedings of the international conference on security technology (sectech '08), hainan island, pages 83 – 86.
    • Introduces wang, p., sparks, s. and zou, c. on an advanced hybrid peer-to-peer botnet.
    • Explains van ruitenbeek, e., and sanders, w.h.: modeling peer-to-peer botnets. in proceedings of the fifth international conference on quantitative evaluation of systems.
    • Explains that p2p as botnet command and control: a deeper insight. in proceedings of the 3rd international conference on malicious and unwanted software (malware 2008), fairfax, vi, pages 41-48.
    • Explains hund, r. hamann, m., and holz, t. towards next-generation botnets, in proceedings of the european conference on computer network defense (ec2nd 2008), dublin.
    • Introduces chun wei, alan sprague, and gary warner. detection of networks blocks used by the storm worm botnet.
    • Describes duc t. ha, guanhua yan, eidenbenz, s., and ngo, h.q.
    • Presents su chang and thomas e. daniels' paper on p2p botnet detection using behavior clustering & statistical tests.
    • Describes the nodes in a peer-to-peer botnet in proceedings of the 4th international symposium on information, computer, and communications security, sydney, australia.
    • Introduces junfeng yu, zhitang li, jun hu, feng liu, and lingyun zhou in proceedings of the international conference on computer modeling and simulation (iccms '09).
    • Describes junfeng yu, zhitang li, jun hu, feng liu, and lingyun zhou's contributions to the international conference on networks security, wireless communications and trusted computing.
    • Presents jian kang, jun-yao zhang, qiang li, and zhuo li's work on detecting new p2p botnet with multi-chart.
    • Describes elizabeth stinson and john c. mitchell's book, detection of intrusions and malware, and vulnerability assessment.
    • Cites thing, sloman, and dulay, in ifip international federation for information processing volume 232, new approaches for security, privacy and trust in complex environments.
    • Describes yinglian xie, fang yu, kannan achan, rina panigrahy, geoff hulten, and ivan osipkov. spamming botnets: signatures and characteristics.
    • Explains nazario, j., and holz, t. as the net churns: fast-flux botnet observations in proceedings of the 3rd international conference on malicious and unwanted software, fairfax, vi.
    • Explains that botgad detects botnets by capturing group activities in network traffic, in proceedings of the fourth international icst conference on communication system software and middleware.
    • Presents wei lu, mahbod tavallaee, and ali a. ghorbani's paper, automatic discovery of botnet communities on large-scale communication networks.
    • Explains that the periodic repeatability feature of malicious http bots is a good reason to detect them.
    • Explains that malicious software (called bots or ‘bot armies’) hidden in large numbers of computers may cause extraordinary likely damage to the internet.
    • Explains how bots are installed through all types of attacking techniques like trojan horses, worms, and viruses. bots with a large number of computers have enormous cumulative bandwidth and computing capability.
    • Explains the purpose of this literature review is to study the structure of botnets such as irc, p2p, http and miscellaneous.
    • Explains that botnets are regularly used for launching ddos attacks since their combined bandwidth overwhelms the available bandwidth of most target systems. malicious users can take control of the visitors of social sites by remotely operating their browsers.
    • Explains how the proposed design of advanced p2p botnet is harder to be shut down or monitor — it uses strong cryptography to defend the communication channel and promises integrity of the botmaster's commands.
    • Explains that remote control behavior of bots could be detected by recognizing system call invocation which uses infected parameters. spammers frequently include random, valid urls to increase the apparent authenticity of emails.
    • Explains that botnets have become the necessary infrastructure used by cybercriminals and nation states for launching every type of cyber attack.
    • Explains binbin wang, zhitang li, hao tu, and jie ma. measuring peer-to-peer botnets using control flow stability.
    3435 words
    Read More
Get Access