Академический Документы
Профессиональный Документы
Культура Документы
Abstract
Connection Management phase of TCP is susceptible to a classic attack that is called SYN-flooding. In this attack, source
sends many SYN packets to the victim computer, but does not complete three-way handshaking algorithms. This quickly
consumes the resources allocated for communication in the under attack system and hence prevents it from serving other
connection requests. This attack causes the victim host to populate its backlog queue with forged TCP connections. In other
words it increases the number of legal connections rejected due to limited buffer space. In this paper, the under attack
system are modeled by using queuing theory and then a game theoretic approach is employed to defend against SYNflooding attacks. The simulation results show that the proposed defense mechanism improves performance of the under
attack system in terms of the ration of blocked connections and the buffer space occupied by attack requests.
1.Introduction
Internet Security is of a great concern as most of our activities are connected to the internet technology. Accordingly,
there has been a spur in communication network
research1,2,19. One of the security breaches is Denial-ofService (DoS) attack. In this the attackers try to prevent
legal users from gaining a normal network service4,25,29. In
22
, an overview of Distributed Denial-of-Service (DDoS)
problem and Inherent vulnerabilities in the Internet
architecture are provided. Recent evaluations11,12 show
that DoS attacks ranks at the fourth place in the list of the
most important attack classes for information systems.
More than 90% of Distributed Denial-of-Service attacks
exploit a systems Transmission Control Protocol (TCP)28.
A well-known DoS attack is SYN-flooding attack. A TCP
connection is established in what is known as a 3-way
handshake. When a client attempts to establish a TCP
connection to a server, first, the client requests a connection by sending a SYN packet to the server. Then, the
server returns a SYN-ACK, to the client. Finally, the client
acknowledges the SYN-ACK with an ACK, at this point
the connection is established and data transfer starts23,31.
In a SYN-flooding attack, attackers use this protocol to
their benefit. The attacker sends many SYN packets to the
server. Each of these packets has to be handled like a connection request by the server, so the server must answer
with a SYN-ACK. The attacker does not answer to the
SYN-ACK, which will cause the server to be awaited for a
reply from a large quantity of connections. There are a few
connections that a server can handle. Once all of these
are in use, server cannot serve to any other connection
requests. In the following, we briefly review some proposed defenses for this kind of attack. Sallhammar in 24,
unlike our approach, have used a probability game to calculate the behavior of the attacker. Alpcan in 3, proposed a
two-person zero-sum Markov games for capturing interactions between attackers and an IDS. Khirwadkar in 14
has used a repetitive game to model interactions between
attackers. Chang6 mentioned a simple queuing model for
the SYN-flooding attack. Long15 proposed two queuing
models to get the probability of packet loss. Gligor in 9
and 32 observed that the time is serious in defining denial
of service. He suggested that the Maximum Waiting Time
(MWT) should be allocated to each service provided by
the computer system. Wang also in 29 to evaluate DoS
attacks on computer networks used a queuing model.
Crosby in 8 presents an example of a bandwidth attack,
but it does not present a general mechanism for detecting
attacks and to prevent DoS attacks, suggests an algorithm
with low vulnerability. Warrende and Forrest in 30 have
presented a model that can detect DoS attacks. In this
method, if a program may use more than one source,
other programs wait until that program leave the system
and free the allocated resources.
We believe that to face SYN-flooding, there is a need
for algorithm which is independent and is aware of the
dynamic traffic of the network and changes the defense
parameters of the system according to network traffic
conditions. The parameters noted in this paper are the
maximum number of half-open connections (m) and the
hold time (h) of these connections whereby the optimized
values of these parameters are determined based on the
network conditions by game theory strategies.
The rest of the paper organized as follow. We will present a brief overview of the various applications of game
theory in computer networks in section 2. Our proposed
strategies to defend against SYN-flooding attacks are discussed in section 3. The simulation experiments results
are demonstrated in section 4, and finally conclusion
remarks are available in section 5.
2. Game Theory
One of the applications of game theory in computer networks is used in wireless networks. Game theory in the
wireless network to develop a stable application perception point for the networks create of the selfish nodes,
nodes are introduced as players. Cooperative game theory,
have many applications in wireless networks. Coalitional
game theory deals with the cooperative behavior. In the
coalitional game, the important thing is the structure
of cooperative nodes. Coalitions between several players, their utilities function will lead to be improved.
1619
Strategy 1
Increase
Increase
Strategy 2
Increase
Decrease
Strategy 3
Decrease
Increase
Strategy 4
Decrease
Decrease
In order to increase the capability of a server to providing services, the value of Ploss must be enough small.
Also in order that a server provides more services to the
normal requests, the value of buffer ownership by normal
requests must be enough big, and the time of ownership
of buffer be the attack requests must be enough small.
Thus objectives of this paper are:
1. Reducing the value of request blockage.
2. Increase of percent and time of occupancy of buffer by
regular requests
3. Reduction of percent and time of buffer occupancy by
attack requests
We use this information and define the purposed
function for SFDM game as Equation 1 and maximizing
this functions value is objective. So, the more maximize of
the functions value, the more ability to service to regular
requests.
F(t) = Pr / (Pa Ploss)
(1)
1621
5.References
Figure 7. Sink buffer occupancy with attackers.
4.Conclusion
This paper represented a novel approach for defense
against SYN-flooding attacks. In order to defend against
SYN-flooding attacks, we modeled the system under
attack by using game theory and defending against these
attacks to have defined a zero-sum game. Then, to provide
1. Alam M. A fine-grained and user-centric permission delegation framework for web services. Int J Physical Sciences.
2011; 6(6):206071.
2. Al-Bakri S. Securing peer-to-peer mobile communications
using public key cryptography: New security strategy. Int J
Physical Sciences. 2011; 9:9308.
3. Alpcan T, Basar T. An intrusion detection game with limited
observations. 12th International Symposium on Dynamic
Games and Applications; 2006; Sophia Antipolis, France.
4. Bicakci K, Tavli B. Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks. Computer
Standards & Interfaces. 2009;31(5):93141.
5. Bisnik N. Applying game theory to study communication
networks. ECSE Department RPI, Troy, NY.
6.
Chang R. Defending against flooding-based distributed
denial-of-service attacks: a tutorial. IEEE Communications
Magazine. 2002; 40(10):4251.
7. Charilas D, Panagopoulos A. A survey on game theory
applications in wireless networks. Comput Networks. 2010;
54(18):342130.
8. Crosby A, Wallach D. Denial of Service via Algorithmic
Complexity Attacks. Proceeding of the 12th USENIX
Security Symposium. 2003; 2944.
9. Gligor V. A note on the denial-of-service problem. IEEE
Symposium on Security and Privacy. 1983; 13949.
10.
Golestani S, Bhattacharyya S. A Class of End-to-End
Congestion Control Algorithms for the Internet. IEEE/
ACM Transactions on Networking. 1999.
11. Gordon A, et al. 10th annual CSI/FBI computer crime and
security survey. Computer Security Institute. 2005; 126.
12. Hamdi M, Boudriga N. Detecting Denial-of-Service attacks
using the wavelet transform. Computer Communication.
2007; 30(16):320313.
13. Kelly F, Maulloo A, Tan D. Rate control for communication
networks: shadow prices, proportional fairness and stability. J Oper Res. 1998; 49:237252.
14. Khirwadkar T. Defense against network attacks using game
theory [Masters thesis]. University of Illinois at UrbanaChampaign, Urbana, Illinois, 2011.
1623
15. Long M, Wu C, Hung J. Denial of service attacks on network-based control systems: impact and mitigation. IEEE
Transactions on Industrial Informatics. 2005; 1(2):8596.
16.
Low S, Lapsley D. Optimization Flow Control-I: Basic
Algorithm and Convergence. IEEE/ACM Transactions on
Networking. 1999; 7(6):116.
17. Manshaei M, et al. Game Theory Meets Network Security
and Privacy. Technical report. EPFL, Lausanne; 2010.
18. Naserian M, Tepe K. Game theoretic approach in routing
protocol for wireless ad hoc networks. Ad Hoc Networks.
2009; 7(3):56978.
19. Nejati F, Khoshbin H. A novel secure and energy-efficient
protocol for authentication in wireless sensor networks. Int
J Physical Sciences. 2010; 5(10):155866.
20. Niyato D, Hossain E. Radio resource management games
in wireless networks: an approach to bandwidth allocation and
admission control for polling service in IEEE 802.16. IEEE
Wireless Communications. 2007; 14(1):2735.
21. Roy S, et al. A Survey of Game Theory as Applied to
Network Security. Hawaii International Conference on
System Sciences; 2010 Jan 47; USA.
22. Sachdeva M, et al. DDos incidents and their impact: a
review. Int Arab J Inform Tech. 2010; 7(1):1420.
23. Safa H. et al. A collaborative defense mechanism against
SYN flooding attacks in IP networks. J Netw Comput Appl.
2008; 31(4):50934.
24. Sallhammar K, Helvik B, Knapskog S. On stochastic modeling for integrated security and dependability evaluation.
Journal of Networks. 2006; 1(5):3142.
25.
Siris V, Papagalou F. Application of anomaly detection
algorithms for detecting SYN flooding attacks. Computer
Communication. 2006; 29(9):143342.
26. Srivastava V, et al. Using game theory to analyze wireless
ad hoc networks. IEEE Communications surveys. 2006;
7(4):4656.
27. Tembine H, et al. Multiple access game in Ad-Hoc network.
Proceeding of Game Comm; 2007; Nantes, France.
28. Wang H, Zhang D, Shin K. Detecting SYN flooding attacks.
Proceedings of IEEE INFOCOM. 2002; 15309.
29. Wang Y, et al. A queuing analysis for the denial of service
(DoS) attacks in computer network. Computer Networks.
2007; 51:356473.
30. Warrender B, Forrest S. Detecting intrusions using system calls: Alternative data models. IEEE Symposium on
Security and Privacy. 1999.
31. Xiao B, Chen W, He Y. An autonomous defense against SYN
flooding attacks: Detect and throttle attacks at the victim
side independently. J Parallel and Distributed Computing.
2008; 68(4):45670.
32. Yu C, Gligor V. A formal specification and verification
method for the prevention of denial of service. IEEE
Symposium on Security and Privacy Proceedings. 1988.
33. You ZX, Shiyong Z. A Kind of network security behavior
model Based on game theory. Proceedings of the Fourth
International Conference on Parallel and Distributed
Computing Applications and Technologies. 2003.