detecting malicious packet losses
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
mahadev
Active In SP
**

Posts: 1
Joined: Feb 2010
#1
28-02-2010, 11:57 PM


Abstract”In this paper, we consider the problem of detecting whether a compromised router is maliciously manipulating its stream of
packets. In particular, we are concerned with a simple yet effective attack in which a router selectively drops packets destined for some
victim. Unfortunately, it is quite challenging to attribute a missing packet to a malicious action because normal network congestion can
produce the same effect. Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities.
Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply
malicious intent. However, this heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create
unnecessary false positives or mask highly focused attacks. We have designed, developed, and implemented a compromised router
detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses
that will occur. Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We
have tested our protocol in Emulab and have studied its effectiveness in differentiating attacks from legitimate network behavior.
mahadev
Reply
project report tiger
Active In SP
**

Posts: 1,062
Joined: Feb 2010
#2
01-03-2010, 12:09 AM

Detecting Malicious Packet Losses


Abstract:

We consider the problem of detecting whether a compromised router is maliciously manipulating its stream of packets. In particular, we are concerned with a simple yet effective attack in which a router selectively drops packets destined for some Victim. Unfortunately, it is quite challenging to attribute a missing packet to a malicious action because normal network congestion can produce the same effect. Modern networks routinely drop packets when the load emporarily exceeds their buffering capacities. Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply malicious intent. However, this heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create unnecessary false positives or mask highly focused attacks.



Algorithm / Technique used:

RED Algorithm.







Algorithm Description:

RED monitors the average queue size, based on an exponential weighted moving average: where the actual queue size and weight for a low-pass filter. RED uses three more parameters in minimum threshold,
Maximum, Maximum threshold. Using, RED dynamically computes a dropping probability in two steps for each packet it receives. First, it computes an interim probability, Further; the RED algorithm tracks the number of packets, since the last dropped packet. The final dropping probability, p, is specified to increase slowly as increases.


Existing System:

Network routers occupy a unique role in modern distributed systems. They are responsible for cooperatively shuttling packets amongst themselves in order to provide the illusion of a network with universal point-to-point connectivity. However, this illusion is shattered - as are implicit assumptions of availability, confidentiality, or integrity - when network routers are subverted to act in a malicious fashion. By manipulating, diverting, or dropping packets arriving at a compromised router, an attacker can trivially mount denial-of-service, surveillance, or man-in-the-middle attacks on end host systems. Consequently, Internet routers have become a choice target for would-be attackers and thousands have been subverted to these ends. In this paper, we specify this problem of detecting routers with incorrect packet forwarding behavior and we explore the design space of protocols that implement such a detector. We further present a concrete protocol that is likely inexpensive enough for practical implementation at scale. Finally, we present a prototype system, called Fatih, that implements this approach on a PC router and describe our experiences with it. We show that Fatih is able to detect and isolate a range of malicious router actions with acceptable overhead and complexity. We believe our work is an important step in being able to tolerate attacks on key network infrastructure components

Proposed System:


We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur.

Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We have tested our protocol in Emulab and have studied its effectiveness in differentiating attacks from legitimate network behavior.

Modules:
1. Network Module
2. Threat Model
3. Traffic Validation
4. Random Early Detection(RED)
5. Distributed Detection

Module Description:
1. Network Module
Client-server computing or networking is a distributed application architecture that partitions tasks or workloads between service providers (servers) and service requesters, called clients. Often clients and servers operate over a computer network on separate hardware. A server machine is a high-performance host that is running one or more server programs which share its resources with clients. A client also shares any of its resources; Clients therefore initiate communication sessions with servers which await (listen to) incoming requests.

2. Threat Model
This focuses solely on data plane attacks (control plane attacks can be addressed by other protocols with appropriate threat models, and moreover, for simplicity, we examine only attacks that involve packet dropping.
However, our approach is easily extended to address other attacks such as packet modification or reordering similar to our previous work. Finally, as in, the protocol we develop validates traffic whose source and sink routers are uncompromised. A router can be traffic faulty by maliciously dropping packets and protocol faulty by not following the rules of the detection protocol. We say that a compromised router r is traffic faulty with respect to a path segment during if contains r and, during the period of time, r maliciously drops or misroutes packets that flow through. A router can drop packets without being faulty, as long as the packets are dropped because the corresponding output interface is congested. A compromised router r can also behave in an arbitrarily malicious way in terms of executing the protocol we present, in which case we indicate r as protocol faulty. A protocol faulty router can send control messages with arbitrarily faulty information, or it can simply not send some or all of them. A faulty router is one that is traffic faulty, protocol faulty, or both.


3. Traffic Validation
The first problem we address is traffic validation what information is collected about traffic and how Consider the queue Q in a router r associated with the output interface of link. The neighbor routers feed data into Q.
The traffic information collected by router r that traversed path segment over time interval, meaning traffic into Q, or Q out, meaning traffic out of Q. At an abstract level, we represent traffic, a validation mechanism associated with Q, as a predicate it is used to determine that a router has been compromised.


4. Random Early Detection(RED)
RED monitors the average queue size, based on an exponential weighted moving average: where is the actual queue size and w is the weight for a
Low- pass filter. RED uses three more parameters: min, minimum threshold;
Max, maximum threshold; and maximum probability.

Using, RED dynamically computes a dropping probability in two steps for each packet it receives. First, it computes an interim probability further; the RED algorithm tracks the number of packets, since the last dropped packet. The final dropping probability, p, is specified to increase slowly as increases

5.Distributed Detection

Since the behavior of the queue is deterministic, the traffic validation mechanisms detect traffic faulty routers whenever the actual behavior of the queue deviates from the predicted behavior. However, a faulty router can also be protocol faulty. It can behave arbitrarily with respect to the protocol,
by dropping or altering the control messages .We mask the effect of protocol faulty routers using distributed detection.
Given TV, we need to distribute the necessary traffic information among the routers and implement a distributed detection protocol. Every outbound interface queue Q in the network is monitored by the neighboring routers and validated by a router rd such that Q is associated with the link.
Hardware Requirements:

¢ System : Pentium IV 2.4 GHz.
¢ Hard Disk : 40 GB.
¢ Floppy Drive : 1.44 Mb.
¢ Monitor : 15 VGA Colour.
¢ Mouse : Logitech.
¢ Ram : 256 Mb.


Software Requirements:

¢ Operating system : - Windows XP Professional.
¢ Coding Language : - Java.
¢ Tool Used : - Eclipse.
Reply
a.pratheesh
Active In SP
**

Posts: 1
Joined: Mar 2010
#3
08-03-2010, 03:01 PM

i need the source code of this project and implimentation...can you give it to me?
Reply
unleashedarun
Active In SP
**

Posts: 1
Joined: Mar 2010
#4
24-03-2010, 02:32 PM

Please post the source codes for Detecting Malicious Packet Losses...............
plz plz plzzzzzzzzzzzzz
Reply
uzair_786
Active In SP
**

Posts: 1
Joined: Dec 2010
#5
10-01-2011, 12:47 PM

plz send me the source code for this project and implimentation i.e detecting malicious packet losses
Reply
seminar surveyer
Active In SP
**

Posts: 3,541
Joined: Sep 2010
#6
11-01-2011, 11:04 AM

please go through the following threads for more details on 'detecting malicious packet losses'.

topicideashow-to-detecting-malicious-packet-loss
topicideashow-to-detecting-malicious-packet-losses--8266
topicideashow-to-detecting-malicious-packet-losses--11712
Reply
shabeelatheef
Active In SP
**

Posts: 1
Joined: Feb 2011
#7
04-02-2011, 08:31 AM

i want to report & Source code of the detecting malicious pakect losses
Reply
yogi85
Active In SP
**

Posts: 1
Joined: Apr 2011
#8
28-04-2011, 09:57 AM

hi sagar thanq for upload the data regarding the detecting malicious packet loses .
Reply
Arutla rajitha
Active In SP
**

Posts: 3
Joined: May 2011
#9
24-06-2011, 08:02 PM

Please post the source codes for Detecting Malicious Packet Losses...............
plz plz plzzzzzzzzzzzzz



plz plz plz send me the ppt & source code for this project and implimentation i.e detecting malicious packet losses
my email id is : thakini.a@gmail.com


Reply
Arutla rajitha
Active In SP
**

Posts: 3
Joined: May 2011
#10
15-09-2011, 10:59 PM

Iam studied in M.tech (Computer Science & Engineering)- 2nd year
My project and implimentation Name is: detecting malicious packet losses

HELLO
PLEASE SOME BODY HELP ME I NEED abstract ,existing system,proposed system,module details,literature survey and uml diagrams for detecting malicious packet losses.
PLEASE MAIL ME thakini.a[at]gmail.com
Reply
seminar addict
Super Moderator
******

Posts: 6,592
Joined: Jul 2011
#11
16-09-2011, 09:31 AM




please go through the following threads for more details on 'detecting malicious packet losses'.

topicideashow-to-detecting-malicious-packet-loss
topicideashow-to-detecting-malicious-packet-losses--8266
topicideashow-to-detecting-malicious-packet-losses--11712
Reply
sam_12
Active In SP
**

Posts: 1
Joined: Jan 2012
#12
31-01-2012, 03:36 PM

Hi any one can help me to get this
Hi any one can help me to get this id is wantu_2k3(at)yahoo.com


Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

Quick Reply
Message
Type your reply to this message here.


Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  STREET LIGHT THAT GLOWS ON DETECTING VEHICLE MOVEMENT Guest 23 8,179 27-02-2016, 11:32 AM
Last Post: mkaasees
  solar power remote control bomb detecting robot manjubannikoppakoppal 1 1,548 17-01-2014, 07:58 PM
Last Post: Guest
  RE: detecting software theft in embedded systems for block diagram paramkalees 0 541 12-10-2013, 08:59 AM
Last Post: paramkalees
  packet hiding methods for prevention of selective jamming Reference: http://seminar or presentationp Guest 0 398 06-10-2013, 01:44 PM
Last Post: Guest
  automatic on and off street lights by detecting vehicles Guest 1 431 27-07-2013, 09:48 AM
Last Post: study tips
  detecting anomalous insiders in collaborative information systems Guest 1 370 26-06-2013, 09:31 AM
Last Post: study tips
  live human detecting robot for earth quake rescue operation fazile1094052 2 961 10-05-2013, 12:36 PM
Last Post: study tips
  Detecting spam zombies by monitoring outgoing messages Guest 1 388 26-04-2013, 09:26 AM
Last Post: study tips
Smile stateless FSA based packet filters Guest 1 457 22-04-2013, 09:22 AM
Last Post: study tips
  matlab code for 'detecting tampering in digital forgery' Guest 0 462 20-04-2013, 03:50 PM
Last Post: Guest