Abstract
Network attacks are defined as a set of malicious activities to disrupt, deny, degrade or destroy information and service resident in computer networks. A network attack is executed through the data stream on networks and aims to compromise the Integrity , Confidentiality or Availability of computer network systems. Network attacks can vary from annoying email directed at an individual to intrusion attacks on sensitive data, computer information systems and critical network infrastruca system to collect information, Internet worms , unauthorized usage of a system, denial-of-service by abusing a feature of a system, or exploiting a bug in software to modify system data. Some general approaches that attackers can use to gain access to a system or limit the availability of that system include Social Engineering, Masthe social engineering is an attack method for misleading a victim by aggressive persuasion or using other interpersonal skills to obtain authentication information or access to a system, e.g. email Phishing and email Trojan horses; a masquerading is a type of attack where the attacker pretends to be an authorized user of a system e.g. bypassing the authentication mechanism through the use of stolen logon IDs and passwords; the implementation vulnerability is a software bug in trusted programs flows, race conditions, and mishandled of temporary files; the abuse of functionality stands for a malicious activity that an attacker perform to push a system to failure opening hundreds of telnet connections to other computers. We discussed in this chapter all these network attacks in detail.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Common Vulnerabilities and Exposures (CVE). Available on: http://www.cve.mitre.org/, February 2009.
SANS Institute, Egress filtering v 0.2. Available on: http://www.sans.org/y2k/egress.htm, February 2009.
Phatbot. Available on: http://www.lurhq.com/phatbot.html, February 2009.
TFN2K. Available on: http://packetstormsecurity.org/distributed/TFN2k-Analysis-1.3.txt, February 2009.
Stacheldraht. Available on: http://packetstormsecurity.org/distributed/stacheldraht.analysis, February 2009.
Trinity. Available on: http://packetstormsecurity.org/advisories/iss/iss.09-05-00.trinity, February 2009.
TFN. Available on: http://www.cert.org/incident-notes/IN-99-07.html-tfn, February 2009.
Shaft. Available on: http://packetstormsecurity.org/distributed/shaft-analysis.txt, February 2009.
Mstream. Available on: http://packetstormsecurity.org/distributed/Mstream-Analysis.txt, February 2009.
Sdbot. Available on: http://www.sophos.de/virusinfo/analyses/w32sdbotblw.html, February 2009.
Trinoo. Available on: http://packetstormsecurity.org/distributed/.analysis.txt, February 2009.
Cert advisory ca-2001-26 nimda worm. Available on: http://www.cert.org/advisories/CA-2001-26.html, May 2009.
Dynamic graphs of the nimda worm. Available on: http://www.caida.org/dynamic/analysis/security/nimda/, March 2009.
The spread of code red worm (crv2). Available on: http://www.caida.org/research/security/code-red/coderedv2_analysis.xml, June 2009.
A. Akella, A. Bharambe, M. Reiter, and S. Seshan, Detecting DDoS attacks on ISP networks, Proceedings of the Workshop on Management and Processing of Data Streams, 2003.
R. Albert, H. Jeong, and A. Barabasi, Error and attack tolerance in complex networks, Nature 406 (2000), 387–482.
H. Aljifri, M. Smets, and A. Pons, IP traceback using header compression, Computers & Security 22 (2003), no. 2, 136–151.
S.M. Bellovin, M. Leech, and T. Taylor, ICMP traceback messages, (2000).
V. Berk, G. Bakos, and R. Morris, Designing a framework for active worm detection on global networks, Proceedings of the IEEE International Workshop on Information Assurance (Darmstadt, Germany), 2003.
N. Brent, G. Lee, and H. Weatherspoon, Netbait: a distributed worm detection service, Tech. Report IRB-TR-03-033, Intel Research Berkeley, September 2003.
L. Briesemeister, P. Lincoln, and P. Porras, Epidemic profiles and defense of scale-free networks, Proceedings of the 2003 ACM workshop on Rapid malcode, ACM New York, NY, USA, 2003, pp. 67–75.
H. Burch and B. Cheswick, Tracing anonymous packets to their approximate source, Proceedings of the USENIX Large Installation Systems Administration Conference (New Orleans, USA), 2000, p. 319327.
J. Cabrera, L. Lewis, X. Qin, W. Lee, R. Prasanth, B. Ravichandran, and R. Mehra, Proactive detection of distributed denial of service attacks using mib traffic variables - a feasibility study, Proceedings of the 7th IFIP/IEEE International Symposium on Integrated Network Management (Seattle, WA), 2001, pp. 609–622.
Ho-Yen Chang, S. Felix Wu, and Y. Frank Jou, Real-time protocol analysis for detecting link-state routing protocol attacks, ACM Transactions on Information and System Security (TIS-SEC) 4 (2001), no. 1, 1–36.
CISCO, Understanding unicast reverse path forwarding, Available on: http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html, June 2009.
D. Dean, M. Franklin, and A. Stubblefield, An algebraic approach to IP traceback, ACM Transactions on Information and System Security (TISSEC) 5 (2002), no. 2, 119–137.
P. Ferguson and D. Senie, RFC2267: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC Editor United States (1998).
S. Fischer-Hbner and K. Brunnstein, Combining verified and adaptive system components towards more secure computer architectures, Proceedings of the International Workshop on Computer Architectures to Support Security and Persistence of Information (Bremen, Germany), May 1990, pp. 1–7.
Simson Garfinkel and Gene Spafford, Practical unix and internet security, OReilly and Associates, Sebastopol, CA, USA, 1996.
T. Gil and M. Poletto, Multops: A data-structure for bandwidth attack detection, Proceedings of the USENIX Security Symposium (Washington, DC), 2001, p. 2338.
Ajay Gupta and R. Sekar, An approach for detecting self-propagating email using anomaly detection, Proceedings of Recent Advances in Intrusion Detection (RAID) (Pittsburgh, PA, USA), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, September 2003, pp. 55–72.
S. Hansman and R. Hunt, A taxonomy of network and computer attacks, Computers & Security 24 (2005), no. 1, 31–43.
X. He, C. Papadopoulos, J. Heidemann, and A. Hussain, Spectral characteristics of saturated links, Tech. report, University of Southern California, 2000.
A. Hussain, J. Heidemann, and C. Papadopoulos, A framework for classifying denial of service attacks, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, ACM New York, NY, USA, 2003, pp. 99–110.
J. Ioannidis and S. Bellovin, Implementing pushback: Router-based defense against ddos attacks, Proceedings of the Network and Distributed Systems Security Symposium (San Diego, California), 2002, pp. 79–86.
S. Ioannidis, A.D. Keromytis, S.M. Bellovin, and J.M. Smith, Implementing a distributed firewall, Proceedings of the 7th ACM conference on Computer and communications security, ACM New York, NY, USA, 2000, pp. 190–199.
Cheng Jin, Haining Wang, and Kang G. Shin, Hop-count filtering: an effective defense against spoofed ddos traffic, Proceedings of the 10th ACM conference on Computer and communication security (CCS) (Washington D.C., USA), 2003, pp. 30–41.
N. Joukov and T. Chiueh, Internet worms as internet-wide threats, Tech. Report RPE report, TR-143, Department of Computer Science, Stony Brook University, September 2003, http://www.ecsl.cs.sunysb.edu/tr/TR143-nikolaiRPE.pdf.
Charlie Kaufman, Radia Perlman, and Bill Sommerfeld, Dos protection for udp-based protocols, Proceedings of the 10th ACM conference on Computer and communication security (CCS) (Washington D.C., USA), 2003, pp. 2–7.
A.D. Keromytis, V. Misra, and D. Rubenstein, SOS: An architecture for mitigating DDoS attacks, IEEE Journal on Selected Areas in Communications 22 (2004), no. 1, 17–188.
S.S.O. Kim, A.L.N. Reddy, and M. Vannucci, Detecting Traffic Anomalies at the Source through aggregate analysis of packet header data, Proceedings of the IEEE Computer Networking Symposium, 2004.
William L. Konigsford, A taxonomy of operating-system security flaws, Tech. Report UCID-17422, Lawrence Livermore Laboratory, 1976.
G. Koutepas, F. Stamatelopoulos, and B. Maglaris, Distributed management architecture for cooperative detection and reaction to ddos attacks, Journal of Network and Systems Management 12 (2004), no. 1, 73–94.
Ivan Victor Krsul, Software vulnerability analysis, Ph.D. thesis, Purdue University, West Lafayette, IN, USA, 1998.
A. Lakhina, M. Crovella, and C. Diot, Diagnosing Network-Wide Traffic Anomalies, ACM SIGCOMM, 2004, pp. 219–230.
T. Liston, Welcome to my tarpit: The tactical and strategic use of LaBrea, Dshield. org White paper (2001).
D.L. Lough, A taxonomy of computer attacks with applications to wireless networks, Ph.D. thesis, Virginia Polytechnic Institute and State University, Blacksburg, VA, USA, 2001.
W. Lu and I. Traore, An unsupervised approach for detecting ddos attacks based on traffic based metrics, Proceedings of IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (Victoria, BC), 2005, pp. 462–465.
R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, Controlling high bandwidth aggregates in the network, ACM Computer Communication Review 32 (2002), no. 3, 62–73.
Christey S.M. Mann, D.E., Common vulnerabilities and exposures, Tech. report, The MITRE Corporation, 1999.
J. Mirkovic, G. Prier, and P. Reiher, Attacking ddos at the source, Proceedings of the 10th IEEE International Conference on Network Protocols (Paris, France), 2002, pp. 312–321.
D. Moore, C. Shannon, G. Voelker, and S. Savage, Internet quarantine: Requirements for containing self-propagating code, Proceedings of The 22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2003), April 2003.
J.T. Moore, J.K. Moore, and S. Nettles, Predictable, Lightweight Management Agents, Lecture notes in computer science (2002), 111–119.
William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein, Using graphic turing tests to counter automated ddos attacks against web servers, Proceedings of the 10th ACM conference on Computer and communication security (CCS) (Washington D.C., USA), 2003, pp. 8–19.
P. Mutaf, Defending against a denial-of-service attack on tcp, Proceedings of Recent Advances in Intrusion Detection (RAID) (Purdue, IN, USA), 1999.
O. Nordstrom and C. Dovrolis, Beware of BGP Attacks, Communication Review 34 (2004), no. 2, 1–8.
Vern Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks 31 (1999), no. 23–24, 2435–2463.
T. Peng, C. Leckie, and R. Kotagiri, Defending against distributed denial of service attacks using selective pushback, Proceedings of the 9th IEEE International Conference on Telecommunications (Beijing, China), 2002.
——, Detecting distributed denial of service attacks by sharing distributed beliefs, Proceedings of the 8th Australasian Conference on Information Security and Privacy (Wollongong, Australia), 2003.
——, Detecting reflector attacks by sharing beliefs, Proceedings of the IEEE 2003 Global Communications Conference (Globecom 2003), Communications Security Symposium (San Francisco, California, USA), 2003.
——, Protection from distributed denial of service attack using history-based ip filtering, Proceedings of the IEEE International Conference on Communications (ICC) (Anchorage, Alaska, USA), 2003, pp. 482–486.
——, Proactively detecting ddos attack using source ip address monitoring, Proceedings of the Networking 2004 (Athens,Greece), 2004.
Martin Roesch, Snort-lightweight intrusion detection for networks, Proceedings of LISA'99: 13th USENIX Systems Administration Conference (Seattle, Washington), 1999, pp. 229–238.
D. Schnackengerg, H. Holliday, R. Smith, K. Djahandari, and D. Sterne, Cooperative intrusion traceback and response architecture (citra), Proceedings of The DARPA Information Survivability Conference and Exposition II, DISCEX'01 (Anaheim, CA, USA), vol. 1, 2001, pp. 56–68.
Clay Shields, What do we mean by network denial of service, Proceedings of the 2002 IEEE Workshop on Information Assurance and Security (West Point, N.Y.), 2002.
C. Siaterlis, B. Maglaris, and P. Roris, A novel approach for a distributed denial of service detection engine, Proceedings of HP Open View University Association Workshop (HPOVUA) (Purdue, IN, USA), 2003.
Christos Siaterlis and Basil Maglaris, Towards multisensor data fusion for dos detection, Proceedings of the 2004 ACM symposium on Applied computing (Nicosia, Cyprus), 2004, pp. 439–446.
A.C. Snoeren, Hash-based IP traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, ACM New York, NY, USA, 2001, pp. 3–14.
D. Song and A. Perrig, Advanced and authenticated marking schemes for ip traceback, Proceedings IEEE Infocomm (Anchorage, Alaska), 2001.
E. Spafford, The internet worm: crisis and aftermath, Communications of the ACM 32 (1989), no. 6, 678–687.
S. Staniford, Containment of scanning worms in enterprise networks, Journal of Computer Security 85 (2004), 99.
S. Staniford, V. Paxson, and N. Weaver, How to Own the internet in your spare time, Proceedings of the 11th USENIX Security Symposium (Washington, DC), 2002.
A. Stavrou, D.L. Cook, W.G. Morein, A.D. Keromytis, V. Misra, and D. Rubenstein, WebSOS: an overlay-based system for protecting web servers from denial of service attacks, Computer Networks 48 (2005), no. 5, 781–807.
Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley Holliday, and Travis Reid, Autonomic response to distributed denial of service attacks, Proceedings of Recent Advances in Intrusion Detection (RAID), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, 2001, pp. 134–149.
T. Toth and C. Kruegel, Connection-history based anomaly detection, Proceedings of IEEE Workshop on Information Assurance and Security (West Point, NY), 2002.
U.K. Tupakula and V. Varadharajan, A controller agent model to counteract dos attacks in multiple domains, Proceedings of the IFIP/IEEE Eighth International Symposium on Integrated Network Management, 2003, pp. 113–116.
Marcus Tylutki and Karl Levitt, Mitigating distributed denial of service attacks using a proportional-integral-derivative controller, Proceedings of Recent Advances in Intrusion Detection (RAID) (Pittsburgh, PA, USA), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, 2003, pp. 1–16.
H. Wang, D. Zhang, and K.G. Shin, Detecting SYN flooding attacks, Proceedings of the Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), vol. 3, 2002.
X. Wang and D.S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays, Proceedings of the 10th ACM conference on Computer and communications security, ACM New York, NY, USA, 2003, pp. 20–29.
M. M. Williamson, Resilient infrastructure for network security, Proceedings of the ACSAC workshop on Application of Engineering Principles to System Security Design (Bostom, MA, USA), 2002.
Cliff Changchun Zou, Lixin Gao, Weibo Gong, and Don Towsley, Monitoring and early warning for internet worms, Proceedings of the 10th ACM conference on Computer and communication security (Washington D.C., USA), ACM Press, October 2003, pp. 190–199.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2010 Springer-Verlag US
About this chapter
Cite this chapter
Ghorbani, A.A., Lu, W., Tavallaee, M. (2010). Network Attacks. In: Network Intrusion Detection and Prevention. Advances in Information Security, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88771-5_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-88771-5_1
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88770-8
Online ISBN: 978-0-387-88771-5
eBook Packages: Computer ScienceComputer Science (R0)