Network Intrusion Detection and Prevention Systems on Flooding and Worm Attacks

Network Intrusion Detection and Prevention Systems on Flooding and Worm Attacks

P. Vetrivelan (VIT University, India), M. Jagannath (VIT University, India) and T. S. Pradeep Kumar (VIT University, India)
DOI: 10.4018/978-1-5225-0193-0.ch012
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The Internet has transformed greatly the improved way of business, this vast network and its associated technologies have opened the doors to an increasing number of security threats which are dangerous to networks. The first part of this chapter presents a new dimension of denial of service attacks called TCP SYN Flood attack has been witnessed for severity of damage and second part on worms which is the major threat to the internet. The TCP SYN Flood attack by means of anomaly detection and traces back the real source of the attack using Modified Efficient Packet Marking algorithm (EPM). The mechanism for detecting the smart natured camouflaging worms which is sensed by means of a technique called Modified Controlled Packet Transmission (MCPT) technique. Finally the network which is affected by these types of worms are detected and recovered by means of Modified Centralized Worm Detector (MCWD) mechanism. The Network Intrusion Detection and Prevention Systems (NIDPS) on Flooding and Worm Attacks were analyzed and presented.
Chapter Preview
Top

Classification Of Attacks

To put it simply, there are two main types of attacks, passive attacks and active attacks. Passive attacks are the ones where the data transaction on the computer is monitored and later utilized for malicious interests, while active attacks are ones where either change is made to the data or the data is deleted or the network is destroyed completely. Figure 1 shows the common types of active as well as passive attacks that can affect the computers today.

Figure 1.

Classification of attacks

Denial of Service (DoS) attacks is basically of two types namely flooding attacks and vulnerability attacks. A flooding attack sends a vast amount of seemingly legitimate packets whose processing consumes some key resource at the target. A vulnerability attack constructs a sequence of packets with certain characteristics that cause a vulnerable system to crash, hang, or behave in unpredictable ways. TCP SYN Flood, UDP flooding, ICMP flooding are examples of the DoS flooding attacks. A new dimension of denial of service attacks called TCP SYN Flood attack has been witnessed which has amplified the severity of damage. Instead of aiming at a single organization, these attacks are now targeted towards the Internet backbone. As a result, millions of Internet users are denied access and all transactions come to a halt. Such shifting scenario necessitates a robust and resilient security approach, which effectively and efficiently identifies these attacks and reacts aptly.

The problem of detecting Denial of Service (DoS) attacks, and particularly TCP SYN Flood attacks, has received much attention in current literature. Any computer connected to the Internet has the possibility to be a victim at any time. Therefore, it is important for network administrators to develop means to comprehend the latest trend of DoS attacks. The work reported in this chapter has been motivated by these facts to develop efficient mechanisms to detect the source of TCP SYN Flood attacks. The malware includes computer viruses, computer worms, Trojan horses, most root kits, spyware, dishonest adware and other malicious or unwanted software, including true viruses. In the past, hackers were highly skilled programmers who understood the details of computer communications and how to exploit vulnerabilities. Today almost anyone can become a hacker by downloading tools from the Internet. These complicated attack tools and generally open networks have generated an increased need for network security and dynamic security policies.

Complete Chapter List

Search this Book:
Reset