DON BOSCO INSTITUTE OF TECHNOLOGY, DBIT, MUMBAI 400070

CDUPG 13-14 Project Proposal TITLE OF THE PROJECT

Submitted to the Department of Computer Engineering Don Bosco Institute of Technology

Proposal Number Area Date Submitted

: : NETWORKING : JUNE 07th 2013

DON BOSCO INSTITUTE OF TECHNOLOGY, DBIT, MUMBAI 400070 1. Title of the project: Optimal Source-Based Filtering of Malicious Traffic

2. Brief idea of why the project is being done: we consider the problem of blocking malicious traffic on the Internet via source-based filtering. We can protect our network infrastructure from malicious trafc, such as scanning, malicious code propagation,spam, and distributed denial-of-service (DDoS) attacks? These activities cause problems on a regular basis, ranging from simple annoyance to severe nancial, operational and political damage to companies, organizations and critical infrastructure. 3. Background knowledge the student is expected to have topics and depth: Protecting a victim (host or network) from malicious traffic is a hard problem and it requires knowledge of coordination of several complementary components, including nontechnical (e.g., business and legal) and technical solutions (at the application and/or network level). Filtering support from the network is a fundamental building block in this effort. Within this framework, we formulate and solve five practical source-address filtering problems, depending on the attack scenario and the operators policy and constraints. Our contributions are twofold. On the theoretical side, filter selection optimization leads to novel variations of the multidimensional knapsack problem. On the practical side, we provide a set of cost-efficient algorithms that can be used both by operators to block undesired traffic and by router manufacturers to optimize the use of TCAM and eventually the cost of routers. Following is the module about the project is excepted to be known details of it in describe in point no.6: Network Creation Module Optimal Source based filtering module: Filter Selection Module Evaluation module:

4. Scope of project expected outcomes in measurable terms: The existence of blacklist, this can be constructed based on either history data or attacking information from other host. we can insert additional information between IP and MAC header, (e.g., the same as MPLS), or in the option positions so as to carry some information between adjacent routers.The routers are less likely to be attacked and intradomaincommunications are secure, despite our efforts to take failsafe into account. Using our scheme, we may not prevent malicious trafc at the border routers. Some ISPs do tolerate the existence of malicious trafc inside their networks . Client-side attacks have become the preferred method of network attacks. Organized crime regularly launch huge campaigns on the internet where the goal is to fool the regular users into opening content exploiting common applications found on most personal computers. This gives the attacker a plethora of vulnerabilities to exploit in all kinds of client applications, as well as

DON BOSCO INSTITUTE OF TECHNOLOGY, DBIT, MUMBAI 400070 exploiting the users lack of security knowledge.We will study this in more details in our future work so that we can focus on router cooperation . 5. Time line to be adhered to by the student and expected outcome (deliverables) at each mile stone: Deliverables are given in the form of four cases as follows : Case 1 - Server Timeout without Traffic Control Case 2 - Server Timeout with Traffic Control One attacker and filtering rate is fixed at 1/1000 Case 3 - Server Timeout with Traffic Control One attacker and varying filtering rates of 1/100 1/250 1/500 1/750 and 1/1000 Case 4 - Server Timeout with Traffic Control Three attackers and varying filtering rates of 1/100 1/250 1/500 1/750 and1/1000

6. Learning points for the student: It is a general framework for studying source prefix filtering as a resource allocation problem.The proposed system can be used to protect all network infra-structure from malicious traffic, such as scanning, malicious code propagation, spam, and distributed denial-of-service (DDoS) attacks. The following are the MODULES used: Network Creation Module Optimal Source based filtering module Filter Selection Module Evaluation module MODULE DESCRIPTIONS: Network Creation Module In this module we construct a network using socket programming, as shown in our Architecture. Where the users can send data to other nodes/network by using the options given. The user node will be listing all the nodes which are connected to the network. The sender can able to select the node name and then send the data.

Optimal Source based filtering module In this module we design Framework for optimal filter selection defined various filtering problems

DON BOSCO INSTITUTE OF TECHNOLOGY, DBIT, MUMBAI 400070 designed efficient algorithms to solve them - Lead to significant improvements on real datasets Compared to non-optimized filter selection , to generic Clustering, or to uncoordinated routers Because of clustering of malicious sources Filter Selection Module In this module we implement the following filter algorithms: BLOCK-ALL BLOCK-SOME TIME-VARYING BLOCK-ALL/SOME Evaluation module In evaluation module, the evaluation nodes list the details of the malicious node and the good nodes. This node is designed as such it will be refreshed for a few seconds of period to update the information on each and every second. This node acts as a evaluation node as since it evaluates the nodes from malicious ones. 7. Future scope: The effects of filtering malicious traffic to the survivability of the server under DoS attacks. It can be shown that a simple and fast anomaly detection is possible by using the traffic arrival rate.Future work is to make Snort adaptive which can respond to different arrival rates with adaptive filtering rate. 8. References: Atighetchi M. el.al. Adaptive Cyberdefense for Survival and Intrusion Tolerance IEEE Internet Computing Nov-Dec 2004 Deri L. Carbone R. and Suin S. Monitoring Networks Using ntop. Proceeding of the 2001 IEEE/IFIP International Symposium on Integrated Network Management May 2001. Houle K.J. and Weaver G.M. Trends in Denial of Services Attack Technology. CERT Coordination Center Camegie Mellon University October 2001. Hwang K Chen Y and Liu H. Defending Distributed Systems Against Malicious Intrusions and Network Anomalies. Proceedings of 19th IEEE International Parallel and Distributed Processing Symposium April 2005. Kashiwa D Chen E.Y. and Fuji H. Active Shaping A Countermeasure Against DDoS Attacks. Proceedings of 2nd European Conference on Universal Multiservice Networks April 2002. Keromytis A. et.al. A Holistic Approach to Service Survivability Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems October 2003.

DON BOSCO INSTITUTE OF TECHNOLOGY, DBIT, MUMBAI 400070

Lan K. Hussain A. and Dutta D. Effect of Malicious Traffic on the Network Proceedings of Passive and Active Measurement Workshop April 2003. Lau F Rubin S.H. Smith M.H. and Trajkovic L. Distributed Denial of Service Attacks. Proceedings of IEEE International Conference on Systems Man and Cybernetics October 2000. Long M. Wu C-H and Hung J.Y. Denial of Service Attacks on Network-Based Control Systems Impact and Mitigation IEEE Transactions on Industrial Informatics 1 (2) May 2005.

9. Group details: Sr.no. 1. 2. 3. 4. Roll no. 33 40 61 Name of the student Steffi Varghese Gloria Menezes Snehal Suryarao Signature