Skip to main content
SpringerLink
Log in

Network Attacks

  • Chapter
  • First Online:
Network Intrusion Detection and Prevention

Part of the book series: Advances in Information Security ((ADIS,volume 47))

Abstract

Network attacks are defined as a set of malicious activities to disrupt, deny, degrade or destroy information and service resident in computer networks. A network attack is executed through the data stream on networks and aims to compromise the Integrity , Confidentiality or Availability of computer network systems. Network attacks can vary from annoying email directed at an individual to intrusion attacks on sensitive data, computer information systems and critical network infrastruca system to collect information, Internet worms , unauthorized usage of a system, denial-of-service by abusing a feature of a system, or exploiting a bug in software to modify system data. Some general approaches that attackers can use to gain access to a system or limit the availability of that system include Social Engineering, Masthe social engineering is an attack method for misleading a victim by aggressive persuasion or using other interpersonal skills to obtain authentication information or access to a system, e.g. email Phishing and email Trojan horses; a masquerading is a type of attack where the attacker pretends to be an authorized user of a system e.g. bypassing the authentication mechanism through the use of stolen logon IDs and passwords; the implementation vulnerability is a software bug in trusted programs flows, race conditions, and mishandled of temporary files; the abuse of functionality stands for a malicious activity that an attacker perform to push a system to failure opening hundreds of telnet connections to other computers. We discussed in this chapter all these network attacks in detail.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Common Vulnerabilities and Exposures (CVE). Available on: http://www.cve.mitre.org/, February 2009.

  2. SANS Institute, Egress filtering v 0.2. Available on: http://www.sans.org/y2k/egress.htm, February 2009.

  3. Phatbot. Available on: http://www.lurhq.com/phatbot.html, February 2009.

  4. TFN2K. Available on: http://packetstormsecurity.org/distributed/TFN2k-Analysis-1.3.txt, February 2009.

  5. Stacheldraht. Available on: http://packetstormsecurity.org/distributed/stacheldraht.analysis, February 2009.

  6. Trinity. Available on: http://packetstormsecurity.org/advisories/iss/iss.09-05-00.trinity, February 2009.

  7. TFN. Available on: http://www.cert.org/incident-notes/IN-99-07.html-tfn, February 2009.

  8. Shaft. Available on: http://packetstormsecurity.org/distributed/shaft-analysis.txt, February 2009.

  9. Mstream. Available on: http://packetstormsecurity.org/distributed/Mstream-Analysis.txt, February 2009.

  10. Sdbot. Available on: http://www.sophos.de/virusinfo/analyses/w32sdbotblw.html, February 2009.

  11. Trinoo. Available on: http://packetstormsecurity.org/distributed/.analysis.txt, February 2009.

  12. Cert advisory ca-2001-26 nimda worm. Available on: http://www.cert.org/advisories/CA-2001-26.html, May 2009.

  13. Dynamic graphs of the nimda worm. Available on: http://www.caida.org/dynamic/analysis/security/nimda/, March 2009.

  14. The spread of code red worm (crv2). Available on: http://www.caida.org/research/security/code-red/coderedv2_analysis.xml, June 2009.

  15. A. Akella, A. Bharambe, M. Reiter, and S. Seshan, Detecting DDoS attacks on ISP networks, Proceedings of the Workshop on Management and Processing of Data Streams, 2003.

    Google Scholar 

  16. R. Albert, H. Jeong, and A. Barabasi, Error and attack tolerance in complex networks, Nature 406 (2000), 387–482.

    Article  Google Scholar 

  17. H. Aljifri, M. Smets, and A. Pons, IP traceback using header compression, Computers & Security 22 (2003), no. 2, 136–151.

    Article  Google Scholar 

  18. S.M. Bellovin, M. Leech, and T. Taylor, ICMP traceback messages, (2000).

    Google Scholar 

  19. V. Berk, G. Bakos, and R. Morris, Designing a framework for active worm detection on global networks, Proceedings of the IEEE International Workshop on Information Assurance (Darmstadt, Germany), 2003.

    Google Scholar 

  20. N. Brent, G. Lee, and H. Weatherspoon, Netbait: a distributed worm detection service, Tech. Report IRB-TR-03-033, Intel Research Berkeley, September 2003.

    Google Scholar 

  21. L. Briesemeister, P. Lincoln, and P. Porras, Epidemic profiles and defense of scale-free networks, Proceedings of the 2003 ACM workshop on Rapid malcode, ACM New York, NY, USA, 2003, pp. 67–75.

    Google Scholar 

  22. H. Burch and B. Cheswick, Tracing anonymous packets to their approximate source, Proceedings of the USENIX Large Installation Systems Administration Conference (New Orleans, USA), 2000, p. 319327.

    Google Scholar 

  23. J. Cabrera, L. Lewis, X. Qin, W. Lee, R. Prasanth, B. Ravichandran, and R. Mehra, Proactive detection of distributed denial of service attacks using mib traffic variables - a feasibility study, Proceedings of the 7th IFIP/IEEE International Symposium on Integrated Network Management (Seattle, WA), 2001, pp. 609–622.

    Google Scholar 

  24. Ho-Yen Chang, S. Felix Wu, and Y. Frank Jou, Real-time protocol analysis for detecting link-state routing protocol attacks, ACM Transactions on Information and System Security (TIS-SEC) 4 (2001), no. 1, 1–36.

    Article  Google Scholar 

  25. CISCO, Understanding unicast reverse path forwarding, Available on: http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html, June 2009.

  26. D. Dean, M. Franklin, and A. Stubblefield, An algebraic approach to IP traceback, ACM Transactions on Information and System Security (TISSEC) 5 (2002), no. 2, 119–137.

    Article  Google Scholar 

  27. P. Ferguson and D. Senie, RFC2267: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC Editor United States (1998).

    Google Scholar 

  28. S. Fischer-Hbner and K. Brunnstein, Combining verified and adaptive system components towards more secure computer architectures, Proceedings of the International Workshop on Computer Architectures to Support Security and Persistence of Information (Bremen, Germany), May 1990, pp. 1–7.

    Google Scholar 

  29. Simson Garfinkel and Gene Spafford, Practical unix and internet security, OReilly and Associates, Sebastopol, CA, USA, 1996.

    Google Scholar 

  30. T. Gil and M. Poletto, Multops: A data-structure for bandwidth attack detection, Proceedings of the USENIX Security Symposium (Washington, DC), 2001, p. 2338.

    Google Scholar 

  31. Ajay Gupta and R. Sekar, An approach for detecting self-propagating email using anomaly detection, Proceedings of Recent Advances in Intrusion Detection (RAID) (Pittsburgh, PA, USA), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, September 2003, pp. 55–72.

    Google Scholar 

  32. S. Hansman and R. Hunt, A taxonomy of network and computer attacks, Computers & Security 24 (2005), no. 1, 31–43.

    Article  Google Scholar 

  33. X. He, C. Papadopoulos, J. Heidemann, and A. Hussain, Spectral characteristics of saturated links, Tech. report, University of Southern California, 2000.

    Google Scholar 

  34. A. Hussain, J. Heidemann, and C. Papadopoulos, A framework for classifying denial of service attacks, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, ACM New York, NY, USA, 2003, pp. 99–110.

    Google Scholar 

  35. J. Ioannidis and S. Bellovin, Implementing pushback: Router-based defense against ddos attacks, Proceedings of the Network and Distributed Systems Security Symposium (San Diego, California), 2002, pp. 79–86.

    Google Scholar 

  36. S. Ioannidis, A.D. Keromytis, S.M. Bellovin, and J.M. Smith, Implementing a distributed firewall, Proceedings of the 7th ACM conference on Computer and communications security, ACM New York, NY, USA, 2000, pp. 190–199.

    Google Scholar 

  37. Cheng Jin, Haining Wang, and Kang G. Shin, Hop-count filtering: an effective defense against spoofed ddos traffic, Proceedings of the 10th ACM conference on Computer and communication security (CCS) (Washington D.C., USA), 2003, pp. 30–41.

    Google Scholar 

  38. N. Joukov and T. Chiueh, Internet worms as internet-wide threats, Tech. Report RPE report, TR-143, Department of Computer Science, Stony Brook University, September 2003, http://www.ecsl.cs.sunysb.edu/tr/TR143-nikolaiRPE.pdf.

  39. Charlie Kaufman, Radia Perlman, and Bill Sommerfeld, Dos protection for udp-based protocols, Proceedings of the 10th ACM conference on Computer and communication security (CCS) (Washington D.C., USA), 2003, pp. 2–7.

    Google Scholar 

  40. A.D. Keromytis, V. Misra, and D. Rubenstein, SOS: An architecture for mitigating DDoS attacks, IEEE Journal on Selected Areas in Communications 22 (2004), no. 1, 17–188.

    Article  Google Scholar 

  41. S.S.O. Kim, A.L.N. Reddy, and M. Vannucci, Detecting Traffic Anomalies at the Source through aggregate analysis of packet header data, Proceedings of the IEEE Computer Networking Symposium, 2004.

    Google Scholar 

  42. William L. Konigsford, A taxonomy of operating-system security flaws, Tech. Report UCID-17422, Lawrence Livermore Laboratory, 1976.

    Google Scholar 

  43. G. Koutepas, F. Stamatelopoulos, and B. Maglaris, Distributed management architecture for cooperative detection and reaction to ddos attacks, Journal of Network and Systems Management 12 (2004), no. 1, 73–94.

    Article  Google Scholar 

  44. Ivan Victor Krsul, Software vulnerability analysis, Ph.D. thesis, Purdue University, West Lafayette, IN, USA, 1998.

    Google Scholar 

  45. A. Lakhina, M. Crovella, and C. Diot, Diagnosing Network-Wide Traffic Anomalies, ACM SIGCOMM, 2004, pp. 219–230.

    Google Scholar 

  46. T. Liston, Welcome to my tarpit: The tactical and strategic use of LaBrea, Dshield. org White paper (2001).

    Google Scholar 

  47. D.L. Lough, A taxonomy of computer attacks with applications to wireless networks, Ph.D. thesis, Virginia Polytechnic Institute and State University, Blacksburg, VA, USA, 2001.

    Google Scholar 

  48. W. Lu and I. Traore, An unsupervised approach for detecting ddos attacks based on traffic based metrics, Proceedings of IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (Victoria, BC), 2005, pp. 462–465.

    Google Scholar 

  49. R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, Controlling high bandwidth aggregates in the network, ACM Computer Communication Review 32 (2002), no. 3, 62–73.

    Article  Google Scholar 

  50. Christey S.M. Mann, D.E., Common vulnerabilities and exposures, Tech. report, The MITRE Corporation, 1999.

    Google Scholar 

  51. J. Mirkovic, G. Prier, and P. Reiher, Attacking ddos at the source, Proceedings of the 10th IEEE International Conference on Network Protocols (Paris, France), 2002, pp. 312–321.

    Google Scholar 

  52. D. Moore, C. Shannon, G. Voelker, and S. Savage, Internet quarantine: Requirements for containing self-propagating code, Proceedings of The 22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2003), April 2003.

    Google Scholar 

  53. J.T. Moore, J.K. Moore, and S. Nettles, Predictable, Lightweight Management Agents, Lecture notes in computer science (2002), 111–119.

    Google Scholar 

  54. William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein, Using graphic turing tests to counter automated ddos attacks against web servers, Proceedings of the 10th ACM conference on Computer and communication security (CCS) (Washington D.C., USA), 2003, pp. 8–19.

    Google Scholar 

  55. P. Mutaf, Defending against a denial-of-service attack on tcp, Proceedings of Recent Advances in Intrusion Detection (RAID) (Purdue, IN, USA), 1999.

    Google Scholar 

  56. O. Nordstrom and C. Dovrolis, Beware of BGP Attacks, Communication Review 34 (2004), no. 2, 1–8.

    Article  Google Scholar 

  57. Vern Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks 31 (1999), no. 23–24, 2435–2463.

    Article  Google Scholar 

  58. T. Peng, C. Leckie, and R. Kotagiri, Defending against distributed denial of service attacks using selective pushback, Proceedings of the 9th IEEE International Conference on Telecommunications (Beijing, China), 2002.

    Google Scholar 

  59. ——, Detecting distributed denial of service attacks by sharing distributed beliefs, Proceedings of the 8th Australasian Conference on Information Security and Privacy (Wollongong, Australia), 2003.

    Google Scholar 

  60. ——, Detecting reflector attacks by sharing beliefs, Proceedings of the IEEE 2003 Global Communications Conference (Globecom 2003), Communications Security Symposium (San Francisco, California, USA), 2003.

    Google Scholar 

  61. ——, Protection from distributed denial of service attack using history-based ip filtering, Proceedings of the IEEE International Conference on Communications (ICC) (Anchorage, Alaska, USA), 2003, pp. 482–486.

    Google Scholar 

  62. ——, Proactively detecting ddos attack using source ip address monitoring, Proceedings of the Networking 2004 (Athens,Greece), 2004.

    Google Scholar 

  63. Martin Roesch, Snort-lightweight intrusion detection for networks, Proceedings of LISA'99: 13th USENIX Systems Administration Conference (Seattle, Washington), 1999, pp. 229–238.

    Google Scholar 

  64. D. Schnackengerg, H. Holliday, R. Smith, K. Djahandari, and D. Sterne, Cooperative intrusion traceback and response architecture (citra), Proceedings of The DARPA Information Survivability Conference and Exposition II, DISCEX'01 (Anaheim, CA, USA), vol. 1, 2001, pp. 56–68.

    Google Scholar 

  65. Clay Shields, What do we mean by network denial of service, Proceedings of the 2002 IEEE Workshop on Information Assurance and Security (West Point, N.Y.), 2002.

    Google Scholar 

  66. C. Siaterlis, B. Maglaris, and P. Roris, A novel approach for a distributed denial of service detection engine, Proceedings of HP Open View University Association Workshop (HPOVUA) (Purdue, IN, USA), 2003.

    Google Scholar 

  67. Christos Siaterlis and Basil Maglaris, Towards multisensor data fusion for dos detection, Proceedings of the 2004 ACM symposium on Applied computing (Nicosia, Cyprus), 2004, pp. 439–446.

    Google Scholar 

  68. A.C. Snoeren, Hash-based IP traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, ACM New York, NY, USA, 2001, pp. 3–14.

    Google Scholar 

  69. D. Song and A. Perrig, Advanced and authenticated marking schemes for ip traceback, Proceedings IEEE Infocomm (Anchorage, Alaska), 2001.

    Google Scholar 

  70. E. Spafford, The internet worm: crisis and aftermath, Communications of the ACM 32 (1989), no. 6, 678–687.

    Article  Google Scholar 

  71. S. Staniford, Containment of scanning worms in enterprise networks, Journal of Computer Security 85 (2004), 99.

    Google Scholar 

  72. S. Staniford, V. Paxson, and N. Weaver, How to Own the internet in your spare time, Proceedings of the 11th USENIX Security Symposium (Washington, DC), 2002.

    Google Scholar 

  73. A. Stavrou, D.L. Cook, W.G. Morein, A.D. Keromytis, V. Misra, and D. Rubenstein, WebSOS: an overlay-based system for protecting web servers from denial of service attacks, Computer Networks 48 (2005), no. 5, 781–807.

    Article  Google Scholar 

  74. Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley Holliday, and Travis Reid, Autonomic response to distributed denial of service attacks, Proceedings of Recent Advances in Intrusion Detection (RAID), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, 2001, pp. 134–149.

    Google Scholar 

  75. T. Toth and C. Kruegel, Connection-history based anomaly detection, Proceedings of IEEE Workshop on Information Assurance and Security (West Point, NY), 2002.

    Google Scholar 

  76. U.K. Tupakula and V. Varadharajan, A controller agent model to counteract dos attacks in multiple domains, Proceedings of the IFIP/IEEE Eighth International Symposium on Integrated Network Management, 2003, pp. 113–116.

    Google Scholar 

  77. Marcus Tylutki and Karl Levitt, Mitigating distributed denial of service attacks using a proportional-integral-derivative controller, Proceedings of Recent Advances in Intrusion Detection (RAID) (Pittsburgh, PA, USA), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, 2003, pp. 1–16.

    Google Scholar 

  78. H. Wang, D. Zhang, and K.G. Shin, Detecting SYN flooding attacks, Proceedings of the Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), vol. 3, 2002.

    Google Scholar 

  79. X. Wang and D.S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays, Proceedings of the 10th ACM conference on Computer and communications security, ACM New York, NY, USA, 2003, pp. 20–29.

    Google Scholar 

  80. M. M. Williamson, Resilient infrastructure for network security, Proceedings of the ACSAC workshop on Application of Engineering Principles to System Security Design (Bostom, MA, USA), 2002.

    Google Scholar 

  81. Cliff Changchun Zou, Lixin Gao, Weibo Gong, and Don Towsley, Monitoring and early warning for internet worms, Proceedings of the 10th ACM conference on Computer and communication security (Washington D.C., USA), ACM Press, October 2003, pp. 190–199.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of New Brunswick, Fredericton, NB, E3B 5A3, Canada

    Ali A. Ghorbani (Faculty in Computer Science), Wei Lu (Faculty in Computer Science) & Mahbod Tavallaee (Faculty in Computer Science)

Authors
  1. Ali A. Ghorbani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mahbod Tavallaee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali A. Ghorbani .

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag US

About this chapter

Cite this chapter

Ghorbani, A.A., Lu, W., Tavallaee, M. (2010). Network Attacks. In: Network Intrusion Detection and Prevention. Advances in Information Security, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88771-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-88771-5_1

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-88770-8

  • Online ISBN: 978-0-387-88771-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation