An Efficient Flash Crowd Attack Detection to Internet Threat Monitors (ITM) Using Honeypots

  • K. Munivara Prasad
  • M. Ganesh Karthik
  • E. S. Phalguna Krishna
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 177)

Abstract

Now a days there is a rapid increase of traffic to a given web server within a short time as the number of Internet users increases, and such a phenomenon is called a flash crowd. Once flash crowds occurs a response rate decreases or the web server may crash as the load increases. In this paper we implement the Internet Threat Monitoring (ITM), is a globally scoped Internet monitoring system whose goal is to measure, detect characterize, and track threats such as distribute denial of service (DDoS) attacks and worms. To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address flash crowd attack against ITM system in which the attacker attempt to exhaust the network and ITM’s resources, such as network bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flash crowd attacks using Botnet on ITM. Based on this model we generalize the flash crowd attacks and propose an effective attack detection using Honeypots.

Keywords

Internet Threat Monitors (ITM) DDoS flash crowd attack Botnet and Honeypot 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Yu, W., Zhang, N., Fu, X., Bettati, R., Zhao, W.: Localization attacks to internet threat monitors: Modeling and counter measures. IEEE Transactions on Computers 59(12) (December 2010)Google Scholar
  2. 2.
    Mirkovic, J., Reiher, P.: A Taxonomy of DDOS Attack and DDOS Defense Mechanisms. ACM SIGCOMM Computer Comm. Rev. 34(2), 39–53 (2004)CrossRefGoogle Scholar
  3. 3.
    SANS, Internet Storm Center (2010), http://isc.sans.org/
  4. 4.
    Moore, D., Voelker, G.M., Savage, S.: Inferring Internet Deny-of-Service Activity. In: Proc. 10th USNIX Security Symp., SEC (August 2001)Google Scholar
  5. 5.
    Yegneswaran, V., Barford, P., Jha, S.: Global Intrusion Detection in the Domino Overlay System. In: Proc. 11th IEEE Network and Distributed System Security Symp., NDSS (February 2004)Google Scholar
  6. 6.
    Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D.: The Internet Motion Sensor: A Distributed Blackhole Monitoring System. In: Proc. 12th Ann. Network and Distributed System Security Symp., NDSS (February 2005)Google Scholar
  7. 7.
    Bethencourt, J., Frankin, J., Vernon, M.: Mapping Internet Sensors with Probe Response Attacks. In: Proc. 14th USNIX Security Symp., SEC (July/August 2005)Google Scholar
  8. 8.
    Shinoda, Y., Ikai, K., Itoh, M.: Vulnerabilities of Passive Internet Threat Monitors. In: Proc. 14th USNIX Security Symp., SEC (July/August 2005)Google Scholar
  9. 9.
    Wang, X., Yu, W., Fu, X., Xuan, D., Zhao, W.: Iloc: An Invisible Localization Attack to Internet Threat Monitoring Systems. In: Proc. IEEE INFOCOM, Mini-Conf. (April 2008)Google Scholar
  10. 10.
    Cabuk, S., Brodley, C., Shields, C.: Ip Covert Timing Channels:Design and Detection. In: Proc.2004 ACM Conf. Computer and Comm. Security, CCS (October 2004)Google Scholar
  11. 11.
    Cooke, E., Jahanian, F., McPherson, D.: The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. In: Proc. Steps to Reducing Unwanted Traffic on the Internet Workshop, SRUTI (July 2005)Google Scholar
  12. 12.
    Freiling, F.C., Holz, T., Wicherski, G.: Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of- Service Attacks. In: Proc. 10th European Symp. Research in Computer Security, ESORICS (September 2005)Google Scholar
  13. 13.
    The mstream distributed denial of service attack tool, http://staff.washington.edu/dittrich/misc/mstream.analysis.txt
  14. 14.
    Oikarinen, J., Reed, D.: RFC 1459: Internet Relay Chat Protocol (1993)Google Scholar
  15. 15.
    Racine, S.: Analysis of Internet Relay Chat Usage by DDoS Zombies. Master’s thesis, Swiss Federal Institute of Technology Zurich (April 2004)Google Scholar
  16. 16.
    The Honeynet Project. Know your enemy: Tracking botnets (March 2005), http://www.honeynet.org/papers/bots/
  17. 17.
    CAIDA, Telescope Analysis (2010), http://www.caida.org/analysis/security/telescope
  18. 18.
    Provos, N.: A Virtual Honeypot Framework. In: Proc. 12th USENIX Security Symp., SEC (August 2004)Google Scholar
  19. 19.
    Sachdeva, M., Kumar, K., Singh, G., Singh, K.: Performance Analysis of Web Service under DDoS Attacks. In: Proc. IACC 2009, pp. 1002–1007 (March 2009)Google Scholar
  20. 20.
    Yokota, K., Takahashi, T., Asaka, T.: A Load Reduction System to Mitigate Flash Crowds on Web Server, pp. 503-508 (2011)Google Scholar
  21. 21.
    Sachdeva, M., Kumar, K., Singh, G., Singh, K.: Performance Analysis of Web Service under DDoS Attacks. In: Proc. IACC 2009, pp. 1002–1007 (March 2009)Google Scholar
  22. 22.
    Wang, J., Phan, R.C.W., Whitley, J.N., Parish, D.J.: Augmented Attack Tree Modeling of Distributed Denial of Services and Tree Based Attack Detection Method. In: Proc. CIT 2010, pp. 1009–1014 (June 2010)Google Scholar
  23. 23.
    Ari, I., Ethan, B.H., Scott, L.M., Darrell, A.B., Long, D.E.: Managing Flash Crowds on the Internet. In: Proceedings of the 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, MASCOTS 2003. IEEE (2003) 1526-7539/03 $ 17.00 © 2003 IEEEGoogle Scholar
  24. 24.
    Chi, C.-H., Xu, S., Li, F., Lam, K.Y.: Selection Policy of Rescue Servers Based on Workload Characterization of Flash Crowd. In: 2010 Sixth International Conference on Semantics, Knowledge and Grids (2010)Google Scholar
  25. 25.
    Yokota, K., Takahashi, T., Asaka, T.: A Load Reduction System to Mitigate Flash Crowds on Web Server. In: 2011 Tenth International Symposium on Autonomous Decentralized System (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • K. Munivara Prasad
    • 1
  • M. Ganesh Karthik
    • 1
  • E. S. Phalguna Krishna
    • 1
  1. 1.Department of Computer Science and EngineeringSree Vidyanikethan Engg. CollegeTirupatiIndia

Personalised recommendations