PREDICTIVE ANALYSIS OF DISTRIBUTED DENIAL OF SERVICE ATTACKS   Term Paper ID:31487 Click to get this paper

Essay Subject: Examines the issue of distributed denial of service attacks and how to use predictive ...... More...

6 Pages / 1350 Words 6 sources, 11 Citations, MLA Format $24.00 Return to List of Papers

Paper Abstract: Examines the issue of distributed denial of service attacks and how to use predictive analysis to detect such attacks on computer networks. Paper Introduction: Predictive Analysis of Distributed Denial of service attacks Introduction Denial of service attacks receive considerable media attention becausethey have the ability to shut down the Net or at least portions of it Businesses and individuals alike have come to depend on the World Wide Webfor commerce entertainment and information and the realization that theWeb is vulnerable to attack causes concern Defending against denial ofservice attacks is an important part of an organization\'s security plan but can be difficult to accomplish because of Text of the Paper: The entire text of the paper is shown below. However, the text is somewhat scrambled. We want to give you as much information as we possibly can about our papers and essays, but we cannot give them away for free. In the text below you will find that while disordered, many of the phrases are essentially intact. From this text you will be able to get a solid sense of the writing style, the concepts addressed, and the sources used in the research paper. In addition, the individuals who create DDOS attackstend to be creative and eager to take advantage of any breaches in securitythat they can locate. Conclusion Distributed denial of service attacks are best detected at the endemiclevel using ISPs and associated parties to develop detection algorithmsthat can predict when an actual attack is underway. "Distributed Denial of Service." AT&T Labs, 2 2. Another defense against DDOS is to distribute Web serversgeographically. Predictive Analysis of Distributed Denial of service attacks Introduction Denial of service attacks receive considerable media attention becausethey have the ability to "shut down the Net," or at least portions of it.Businesses and individuals alike have come to depend on the World Wide Webfor commerce, entertainment and information, and the realization that theWeb is vulnerable to attack causes concern. However, this can bean expensive option and organizations may well be tempted to use the "idle"capacity for routine tasks. Dunlevy and Linda Pesante. Routers, for example, guide data packets from theirsource to their destination using the most efficient route. However, the negotiations involved inthis level of protection can be significant, and there is also thepossibility that because many different types of analysis are used,contradictory response measures might be recommended by different entities(Shimeall, Dunlevy, and Pesante 2). In the event thatan organization becomes the victim of a DDOS attack, the secondary domaincan be pressed into service while the DDOS continues on the primary domainname. "Router of Least Resistance." Security Management 46(Feb 2 2): 32.Shimeall, Timothy J., Casey J. Thus there can be a time lag between detecting an attack anddetermining which organization is being targeted. The fundamental problem with defendingagainst DDOS is determining when a site is under attack, and when there isjust a large volume of traffic directed at the site. Notsurprisingly, router attacks became common in 2 1 and 2 2 as DDOSoriginators discovered that there are several key vulnerabilities in routertechnology and implementation. Predictive analysis at this levelmust be able to sort through significant amounts of data effectively andefficiently in order to be successful (Shimeall, Dunlevy, and Pesante 1). The proximate perspective focuses on the wide area network point ofcontact with the organization. On the other hand,defense strategies can be implemented that thwart the attack withoutspecific knowledge about the actual target. Such negotiations are likely to cover whattypes of activity will be monitored, who is responsible for suchmonitoring, and how data will be transmitted. However, if an attack is detected at the local level, it maybe too late to take any action other than to respond to the attack; thatis, attacks cannot be predicted at this level (Shimeall, Dunlevy, andPesante 1). However, if an attack is detected, this point ofaccess does not provide much more reaction time than the local perspective. This isnot so much a defense mechanism as a strategic reaction. In this way,they handle nearly all of the traffic on the Internet. With regard to implementation, many routersship with a default password that users neglect to change when they installthe router. Traditional DDOS Defense Strategies Analysts recommend that companies set aside extra network bandwidthand server processing capacity. In this way, the system is capable ofhandling sudden increases in Internet traffic and may provide sufficienttime for a DDOS attack to be detected and thwarted. By taking this perspective, it is possible to use the expertise andexperience of multiple organizations in order to detect attacks, althoughnarrowing the attack to a specific target remains difficult. This will providesufficient time for the attack to be isolated or thwarted, and may assistin determining the origination points of the attack so that additionalaction can be taken. News organizationshad extremely large traffic volumes following the attacks of November 11,2 1, for example, and it is possible for an overly aggressive DDOS defensestrategy results in legitimate users being unable to access the site(Householder et al 3). The remote perspective focuses on activity that takes place on thewide area network as a whole, not just the point of contact between thewide area network and the specific organization. Denial of Service ATtacks Denial of service attacks are designed to flood a target's Web siteand make it impossible for legitimate users to access the site. Retrieved 16 Nov 2 4 from: http://www.cert.org/archive/pdf/predictive-analysis- challenges.pdf. It is also important to have a backup domain name in place. "D-WARD: Source-End Defense Against Distributed Denial- of-Service Attacks." LA: UCLA, 2 3. The ISP is able to view traffic across manydifferent networks, and detection of a DDOS at this level provides moretime for those "downstream" to take appropriate steps regardless of whetherthey are the actual target. This can be important since detection at theendemic level can be effective, but determining the specific target can beproblematic (Mirkovic 1 6). This research considers distributed denial of service attacksand ways in which predictive analysis might be used to counter suchattacks. Distributed denial of service attacks (DDOS) use multiple points tooriginate the attack so that the Web site is inundated with thousands orhundreds of thousands of messages. Retrieved 16 Nov 2 4 from: http://www.lasr.cs.ucla.edu/ddos/dward-thesis.pdf.Piazza, Peter. In this way, traffic can be redirected to other serverseven when one network segment has been disabled by an attack. Inaddition, the proximate perspective introduces the need for negotiationswith additional concerned parties outside the organization; this co-operation is a hallmark of effective strategies against denial of servicepreventive analysis approaches. Difficulties of Defending Against DDOS Distributed denial of service attacks are difficult to defend againstbecause they are largely unpredictable; hence the interest in predictiveanalysis techniques. There can be significantnegotiations involved when this level is the focus of a defense systemsince there are multiple organizations associated with this perspective.However, the benefit of detecting attacks "upstream" in terms of mountingeffective defenses can be significant. Unlike the local andproximate perspectives, this perspective detects activities that target anyone-or groups-of organizations that have traffic passing through the widearea network. Defending against denial ofservice attacks is an important part of an organization's security plan,but can be difficult to accomplish because of the unpredictable nature ofthe attacks. Predictive analysis and DDOS Shimeall, Dunlevy and Pesante identify four perspectives that need tobe taken into account when designing a detection and defense strategyagainst denial of service attacks: local, proximate, remote and endemic.The local perspective involves observing network operations between thelocal network and the Internet connection, or some other wide area networkconnection. "Managing the Threat of Denial-of-Service Attacks." CERT White Paper, 2 1. This involvesdetection at the endemic level (see discussion of various DDOSperspectives, below). Organizations should also negotiate with their Internet ServiceProvider (ISP) to offer a guarantee against DDOS attacks. Visitors to the primary site can be redirected-via a link, not anautomatic redirect-to the secondary site. This results in an easy access point for many DDOS attacks.In addition, most routers use an operating system from Cisco that hasseveral vulnerabilities that can be exploited for hacker use (Piazza 32). This is an effective place to monitoractivity since attacks detected at this point are still targeting thespecific organization. The need for suchnegotiations, however, introduce another level of complications into theprocess (Shimeall, Dunlevy, and Pesante 1). Retrieved 16 Nov 2 4 from: http://www.tla.org/talks/ddos-ntua.pdf.Mirkovic, Jelena. Because thisapproaches uses many different analysis groups, there is a stronglikelihood that attacks will be detected within a timeframe that will allowfor defensive measures to be taken. In this way, the attack can be isolated, which also increasesthe likelihood that the perpetrators can be apprehended ("Doing Your Best"n.p.). "Challenges of Predictive Analysis for Networks." CERT White Paper, 2 1. Retrieved 16 Nov 2 4 from: http://www.cert.org/archive/pdf/Managing_DoS.pdf.Ioannidis, John. Unlikeother types of attacks, control of the targeted resource may or may notpass to the attacker; often, the only result is the denial of service tovalid users, hence the name. The endemic perspective spans networks. The local perspective is the easiest to implementbecause the organization has control over all of the variables, and becauseany attack detected at this point is obviously targeting this specificorganization. Works Cited"Doing Your Best to Dodge a DDoS." Info-Tech Advisor Newsletter (Mar 2, 2 4): n.p.Householder, Allen, Art Manion, Linda Pesante and George Weaver. Thisapproach also allows for the redirection of network traffic when predictiveanalysis is used and when an attack is suspected, but has not beenconfirmed. Thus it is difficult for predictive analysis to be done at this level. For companies that rely on the Internet forrevenue or to disseminate information, this can be a devastatingoccurrence, and recovery can be costly as well as time-consuming (Ioannidis4). This is the most complex ofthe four perspectives and offers the greatest opportunity to detect anddisable an attack based on predictive analysis, particularly in the case ofdistributed denial of service attacks that originate from multiple sources. In some cases, this may be the connection between the networkand the firewall. However, some DDOS attacks willlearn the secondary name quickly and may retaliate against that domainname, as well. In the event that the organization is the victim of a DDOS,a new backup domain name should be implemented once the attack has passedto prevent future attacks from using that name, as well ("Doing Your Best"n.p.). As a result,routers are an attractive entry point for denial of service attacks. If this paper is not what you are looking for, you can search again: Search for: or Click here to request an essay written just for you.

Many of our Papers can be Downloaded From This Site!

PLEASE READ THIS, IT IS IMPORTANT!

Office hours are Monday through Friday, from 9 am to 5 pm (PST). You may place orders for custom research over the phone during office hours. E-mail requests can be made to our graduate and undergraduate department any time, and will be reviewed during office hours. You may also contact customer service any time through e-mail, and we will review your message during business hours. A great many papers can be downloaded right from this site, but not all of them. If you would like to know if a particular paper is downloadable, just look in the description for: "Available for Internet Download: Y" or "Available for Internet Download: N" If you wish to purchase a paper which is NOT available for immediate download, you will need to make other shipping arrangements. Also, please be aware that these orders are processed Monday through Friday from 9 am to 5 pm (PST). If you place your order after 4:45pm on Friday, it will not be processed until the following Monday morning. We charge $8 per page for all of our pre-written reports, plus shipping (and tax for California residents). However, the highest cost of any ONE report is $136, or 17 pages. Please, take a moment. Make sure you have chosen the report you want or need BEFORE you complete your order. If you are not sure, allow us to help you. We do not offer refunds or exchanges, so it is important for you to let us answer your questions during office hours. Reports which are e-mailed or downloaded are in Microsoft Word format. We are making more reports available for e-mail delivery faster than we can update our listings. Please call to check on the status of particular reports. There are many other shipping options which are listed on the Checkout page.