Novel mechanisms to detect and prevent flooding and worm attacks

Abstract

While the Internet has transformed and greatly improved the way we do business this vast network and its associated technologies have opened the doors to an increasing number of security threats from which corporations must protect them Hackers viruses worms trojans and various other network attacks like Denial of Service attacks present dangers to networks A new dimension of denial of service attacks called TCP SYN Flood attack has been witnessed which has amplified the severity of damage Instead of aiming at a single organization these attacks are now targeted towards the Internet newlinebackbone Another major threat to the internet is worms A new class of active worms called camouflaging worms has the capability to rapidly infect as many vulnerable hosts as possible It is therefore necessary to detect these kinds of threats in order to prevent the loss of security in the networking environment Currently available detection mechanisms do not efficiently handle these threats This thesis addresses the issues in the existing techniques and proposes new detection mechanisms and also provides some recovery newlinemodels The first detection scheme is Anomaly based detection of TCP SYN Flood attack to detect attack variants which look for abnormal behavior Efficient packet marking technique with anomaly detection is used to trace back the real source of the attack which in turn can trace both flooding and software exploit attacks The second detection scheme is based on Pre shared key authentication mechanism This mechanism is used to trace newlineback the source of attack in case of IP Spoofing and trace back failure The presence of camouflaging worms is sensed by means of a technique called Controlled Packet Transmission technique Finally the network which is affected by these types of worms are detected and recovered by means of Centralized Worm Detector mechanism newline newline newline