Internet grows rapidly since it was created. Via the Internet infrastructure, hosts can not only share their information, but also complete tasks cooperatively by contributing their computing resources. Moreover, an end host can easily join the network and communicate with any other host by exchanging packets. These are encouraging features of the Internet, openness and scalability. However, attackers can also take these advantages to prevent legitimate users of a service from using that service by flooding messages to the corresponding server, which forms a Denial of Service (DoS) attack.
There are several types of such attacks. An attacker can possibly launch aDoSattack by studying the flaws of network protocols or applications and then sending malformed packets which might cause the corresponding protocols or applications getting into a faulty state. An example of such attacks is Teardrop attack, which is sending incorrect IP fragments to the target. The target machine may crash if it does not implement TCP/IP fragmentation reassembly code properly. This kind of attacks can be prevented by fixing the corresponding bugs in the protocols or applications.
However, the attacker does not always have to do its best to study the service if it wants to make it unavailable. It can just flood packets to keep the server busy with processing packets or cause congestion in the victim’s network, so that the server might not have the ability to handle the packets from legitimate hosts or even cannot receive packets from them. In order to deplete the victim’s key resources (such as bandwidth and CPU time), the attacker has to aggregate a big volume of malicious traffic. Most of the time, the attacker collects many (could be millions) of zombie machines or bots to flood packets simultaneously, which forms a Distributed Denial of Service(DDoS) attack.
Most of the methods that protect systems from DoS and DDoS attacks focus on mitigating malicious bandwidth consumption caused by packets flooding, as that is the most simple and common method adopted by attackers. Those methods may mitigate DDoS attacks reactively by identifying the malicious traffic and informing the upstream routers to filter or rate-limit the corresponding traffic.
When considering network-based applications, a particularly weak point in this context is that they commonly provide some open port(s) for communication, making themselves targets for DoS attacks. Adversaries that have the ability of eavesdropping messages exchanged by the application can identify open ports and launch directed attacks to those ports-as opposed to blind attacks that can be launched to arbitrary ports, even by noneavesdropping adversaries. This problem was also posed earlier in the literature and a simple and useful approach was proposed, namely, port-hopping.
with the synchronization issue in mind, our goals in this work are to support port-hopping 1) in the presence of timing uncertainty, i.e., clock-rate drifts, implying that clock values can vary arbitrarily much with time; and 2) in multiparty communication. in order to deal with hopping in the presence of clock-rate drifts, we propose the hopping-period-alignand- adjust algorithm, or hoperaa for brevity, which is an adaptive algorithm, executed by each client to adjust its hopping period length and align its hopping time with the server. to enable multiparty communication with porthopping, we propose the bigwheel algorithm for a server to support hopping with many clients, without the server needing to keep state for each client individually.
The aim of project is to mitigating distributed denial of service attacks using BigWheel and HOPERAA algorithm.
A Denial of Service(DoS) attack is an attempt by the attacker to prevent the legitimate users of a service from using that service.
One of the main methods that the attacker will use is depleting the computational resources, such as bandwidth, disk space, or CPU time. The situation is even worse with distributed denial of service(DDoS)attacks, where multiple compromised machines or zombie agents flood messages or requests of a specific service to the corresponding server in order to make the service unavailable.
DOS ATTACKS MODEL