In wirelesssecurity, Denial of Service attack classification 关于DOS攻击分类的讨论

In wirelesssecurity, Denial of Service attack classification

NIHAODONG(201476606)

Departmentof Computer Sciences

Universityof Liverpool

Sgndong2@liverpool.ac.uk

Abstract—The main purpose of this paper is to study the classification methodsystem of DoS attacks. Summarize the classification method system of differentauthors. A brief introduction and classification of DoS attacks. And asystematic summary of the moral, legal and social connotations of security andprivacy. At the same time, evaluate and critically analyze the impact of "securitypsychology" on the adoption of new security architecture.

Keywords—DoS, wireless security, Networkattacks, social connotations, securitypsycholog

1. • Introduction

In wirelessnetworks, information is exchanged between authorized users, but due to thebroadcast nature of wireless media, this process is vulnerable to variousmalicious threats. Security requirements for wireless networks are specified toprotect wireless transmission from wireless attacks, such as eavesdroppingattack, DoS attack, data tampering attack, node destruction attack, etc. [1].

Some businessesrely heavily on their online hosted services. For example, a bank. They arebusinesses that handle a lot of money, and they expect their servers to workduring core hours. Hackers could threaten to shut down or block these serversduring those hours, causing damage.

Denial ofservice (DoS) attacks are the most common method used to perform such attacks.This type of attack first compromises the availability of system services andcan be easily started using a variety of tools. These attacks are difficult todetect and filter because the packets causing the attack are very similar tolegitimate traffic. [1] DoS attacks are regarded as the biggest threat to theIT industry [2], and DoS crimes are increasing every year. Therefore, it isnecessary to classify DoS attacks. Only in this way can protective measures bewell formulated.

2. • Attack patterns and requirements analysis

Different fromthe traditional classification of network attacks [2], Chapman et al. provideda new perspective and introduced the concept of access requirements for attacks[3]. Categorize them by access level. Compared with the traditionalclassification summarized by Simon,H et al., this classification shows thetypes of attacks in wireless networks more clearly. 3 levels of taxonomy areused, 1. No access 2. User access 3. Root access. The various transmission mechanismsof the attack are also discussed. Figure 1 lists the first category and itssubcategories: attack methods that do not require access

1) DoS attack

2) Based on stack buffer overflow

3) Phishing attack

Fig. 1. “attack methods that do not require access”

Check PointSoftware Technologies Ltd., vendor of network security solutions. Check PointResearch, in its cyber Security 2020 Report [4], recorded the attacks launchedby cyber attackers in the past year, among which DoS was the most commonly usedform of attack

3. • Conceptof DoS

DoS attackrefers to the deliberate attack of network protocol implementation defects ordirectly through violent means to deplete the resources of the attackedobjects, the purpose is to make the target computer or network unable toprovide normal service or resource access, so that the target system servicesystem stop responding or even crash. [5]

The denial ofservice attack symptoms defined by THE US Computer Emergency Response Team(US-CERT) under the DEPARTMENT of Homeland Security of the United States [6]include:

1)Unusually slow network(opening a file or visiting a website)

2)Specific sites are not accessible

3)Unable to access any website

4)The volume of spam has increased dramatically

5)An abnormal loss of a wireless or wired network connection

6)A prolonged attempt to access a website or any Internet service isdenied

4. • Classification of attacks

Ramanauskaite,S, and Cenys, A proposed classification of vulnerability categories based onKargl's reporting point [7]. Ramanauskaite, S et al divided DoS attacks inwireless networks into five categories according to the utilization ofvulnerabilities[8] (Figure 2):

Fig. 2. “DoS attack classification”[8]

1. •Bug exploitation attack.

The targetserver had a vulnerability. Then the attacker can exploit the vulnerability toachieve DoS attack. Generally, it can be classified as external direct attackor internal attack. This type of attack is also known as specially designeddata attack. [9]

2. •Resource depletion.

Sending too muchdata to the victim can also slow it down. Therefore, it will consume resourcesto consume the attacker's data rather than provide legitimate data. In February2000, Canadian hackers used this attack to attack amazon and eBay web servers.[10]

Peng.T[11] dividesthis type into the following two subclasses based on the perspective ofresource allocation:

- Memorydepletion attacks. The attack will occupy most of the available memory and nothave enough memory for the new data.

- CPU attack.Forcing all threads of the CPU to start up, backlogs a lot of data to beprocessed, making the CPU processing speed slow down. [12]

3. •Bandwidthexhaustion attack.

Gurusamy, U et. alsummarized the broadband consumption attack can be divided into two differentlevels in the analysis of UDP redditing attack. 1. Flood attack 2.Magnification attack [13].

The defects ofTCP protocol are exploited. [14][15] (figure 3)IP spoofing is adopted, and themessage sent by the server is not responded at all. At this time, the serverwill wait and retransmit until the number of retransmissions exceeds themaximum number of retransmissions specified by the system before stopping.

Fig. 3. “TCP 3 handshake”[15]

Not only canflood attack be carried out remotely, but also the source IP address can beforged, which makes it very difficult to trace. To find all the backbonenetwork operators must be looked up by the router.

Fig. 4. “Forge the source IP address”[15]

Theamplification attack is similar to that by malicious amplification of trafficlimiting the victim's system's broadband; Its characteristic is using botnetsusing spoofed source IP (that is, the target IP) to certain loophole serversends the request, the server after processing the request send fake source IPresponse, due to the particularity of the service lead to longer responsepackage than request packet, so using a small amount of broadband can make theserver sends a large number of responses to the target host.

4. •Indirectcommand the assignment.

Networkattackers often use proxy servers to hide their IP. Most researchers call itthe Distributed HTTP Flood [16][13][9]. Use the proxy server to send a largenumber of seemingly legitimate requests to the target server (using HTTP GET).For example, CC (Challenge Collapsar), named after its tools, allows attackersto creatively use the proxy mechanism to launch attacks using the widelyavailable free proxy servers. Most free proxy servers also support anonymity,which makes tracking difficult. [16]

By comparing theresearch of Sreeram, I[16] and the effect-based method of Ramanauskaite, S etal [17], the following detailed classification can be concluded:

•Reflector Usage. An attacker sendsfraudulent packets to the middle tier.

•Amplifierusage. where the attacker makes use of the function of open DNS resolver inorder to use a larger quantity of traffic to overpower the target server ornetwork.

5. • Variablerate.

According to thechanging mode of attack packet sending rate [18][19], DoS attacks can bedivided into:

•Fixed rate, It ismore easily detected by the target server

•The variablerate, Variable rate sends packets intermittently making it difficult for ids todetect persistent anomalies.

5. • The meaning of DoS classification

DoS attack is amajor security threat because it is easy to implement and common in the realworld. In this paper, DoS attack classification, case analysis and mechanismdescription, to show the DoS attack principle and technical characteristics, tohelp security personnel better understand this kind of attack, timely find outthe possible DoS attack methods in the network, and expand the defense ideas.And combined with the literature research of several authors, dialecticalthinking, give the relevant personnel different thinking direction.

6. • Ethics of security and privacy. Legal and social implications

Modern computerinformation and network technology is a powerful force, the correct or illegaluse of it completely depends on the direction of people's ethical and moralvalues. [20] It is necessary to study the new ethical and moral problems causedby this new technology and gradually establish new values and moral norms.

Summarized inBarger, R. N. "Computer Ethics: A Case-based approac" [21], the mainethical issues include:

•Intellectual property issues. We will respect and protect the intellectual

property rights of information networks.

•Informationand network security issues. Information is an asset that needs to beprotected, and the theft of technical or strategic secrets gives a powerfulcompetitive advantage. The networking of personal computers has complicated thesecurity of information systems.

•Privacyissues. In the era of information network, the privacy right of individuals isseriously challenged by the greatly enhanced information capacity ofinformation technology system, such as collection, retrieval, processing,reorganization and dissemination.

•Theresponsibility of information technology products to consumption and society.Professional technicians and their moral and legal responsibilities toconsumers and society.

Both IEEE andACM have developed the Code of Ethics for IT practitioners [22], whichemphasizes more on the social responsibilities of computer practitioners. Sowhen considering a particular problem, the computing professional needs toconsider multiple principles while maintaining an ethical basis.

Computerpractitioners must be clearly aware that any use of computers or computernetworks for sabotage, theft, fraud and personal attack is unethical or illegaland will be held accountable or punished accordingly.

It is alsoimportant to realize that different countries have different standards forcomputer ethics. Digital data on the Internet do not follow the politicalboundaries of the world.

Michael E et al.examined computer usage ethics in nine countries (Singapore, Hong Kong, THEUnited States, Britain, Australia, Sweden, Wales and the Netherlands). Theanalysis showed that for each scale, there were significant differences inmoral values among different ethnic groups. [23]

An example inpaper [23]. in Potential cultural differences in intellectual propertyownership should not be minimized; In 1996 alone, software developers lost anestimated $11.2 billion. While individual countries lost the most in realterms, with the United States losing the most (estimated at $2.3 billion),North America had the lowest overall piracy rate (28%). Globally, theAsia-Pacific region has the highest rates of lost revenue and piracy.

7. • The influence of "safety psychology" on the adoption ofnew security architecture

Technology acceptance model (TCM) presents two main determinants:1. Perceived usefulness, to reflect the degree to which a person thinks the useof a specific system will improve the performance of his work, 2. Perceivedease of use reflects the degree to which a person considers it easy to use aspecific system.[24]

The network security psychology tells us that it is very difficultto cultivate the security awareness of ordinary users [25], for example, not toclick malicious links or email attachments. Without a deep understanding ofusers' online behavior psychology and context, it is impossible to provide atruly effective security awareness enhancement program. A recent study by Google'sA/B testing group suggests that effective persuasion in real life doesn't workat all online, or even has the opposite effect.[26]

Due to the emerging of new network attack techniques, the networkdefense side has to update and upgrade the network security defense techniquesfrequently.

Take face recognition technology for example. Considering thespecial sensitivity of human face, people from all walks of life areincreasingly concerned about the potential technical defects, discriminationand unpredictability of face recognition technology, which pose challenges toprivacy and equality protection of natural persons. [27]

In 2019, cases related to the use of face recognition technologyworldwide [28] :

Sweden's data protection agency (DPA) fined a local high school 200,000 Swedish kronor (146,000 yuan) for using facial recognition technology to record student attendance

Four US cities have banned facial recognition technology from government departments

Microsoft has deleted the world's largest facial recognition database MS Celeb for suspected privacy and licensing issues

Facebook faces up to $35 billion in class-action claims over facial recognition

Fig. 5. “case”[28]

The new security architecture can bring people better security,but it has both advantages and disadvantages. This requires us to use TCM toevaluate new security architectures. When conducting empirical research on eachresearch model, independent variables, intermediate variables and dependentvariables of the model are firstly determined according to the research model,and then appropriate samples are selected to conduct data sampling on eachvariable, analyze the sampled data and draw corresponding conclusions. [24]Different people have different safety psychology, which should be based onpeople's acceptability.

8. • Conclusion

DoS attack is a kind of computer network attack, which is easy toimplement and has great impact. It has become the main factor that endangersthe security and normal operation of Internet network. Enough attention must bepaid to the evaluation of its classification system.

Different DoS attack modes, their attack agent propagation mode,communication mode, mechanism of action and so on are different, this papersummarizes different authors of the classification method system, and tointegrate the summary, so that the reader has a brief understanding of DoSmechanism. At the same time combined with the literature research of severalauthors, give the relevant personnel different thinking direction. Only in thisway can we develop a reasonable and effective defense mechanism. Ensurewireless security.

At the same time, computer practitioners must have a systematicand thorough understanding of the moral, legal and social connotations ofsecurity and privacy, so as to ensure the healthy development of the computerindustry.

Based on TCM, assess people's safety psychology and acceptance ofnew defense architectures, and describe their advantages and disadvantages.

References

1. Rhee,M.Y. 2013, Wireless mobile internet security, 2nd edn, Wily& Sons, Chichester.

2. Simon Hansman andRay Hunt. A taxonomy of network and computer attacks. Computers and Security,24(1):31–43, 2005.E.

3. Ian M Chapman, Sylvain P Leblanc, and Andrew Partington. Taxonomy ofcyber attacks and simulation of their effects. 2011 Military Modeling &Simulation Symposium, pages 73–80, 2011.

4. Leader in Cyber Security Solutions | Check Point Software (2020).Available at: https://www.checkpoint.com.cn/pages/index.html (Accessed: 6December 2020).

5. Gupta, B.B. & Badve, O.P. 2016;2017;, "Taxonomy of DoS andDDoS attacks and desirable defense mechanism in a Cloud computingenvironment", Neural computing & applications, vol.28, no. 12, pp. 3655-3682.

6. MacFarland, D.C., Shue, C.A. & Kalafut, A.J. 2017, "Thebest bang for the byte: Characterizing the potential of DNS amplificationattacks", Computer networks (Amsterdam, Netherlands : 1999), vol.116, pp. 12-21.

7. Kargl F., Maier J., Weber M., Protecting Web Servers fromDistributed Denial of Service Attacks. In: WWW10, Tent International World WideWeb Conference (1-5 May 2001, Hong Kong), ACM, 514-524, 2001

8. Ramanauskaite, S., Cenys, A. Taxonomy of DoS attacks and theircountermeasures. centr.eur.j.comp.sci. 1, 355(2011).

9. Saha, S., Saha, S., Nandi, S., Nandi, S., Verma, R., Verma, R.,Sengupta, S., Sengupta, S., Singh, K., Singh, K., Sinha, V., Sinha, V., Das,S.K. & Das, S.K. 2018, "Design of efficient lightweight strategies to

10. Marimuthu, M. & Krishnamurthi, I. 2013, "Enhanced OLSR fordefense against DOS attack in ad hoc networks", Journal ofcommunications and networks, vol. 15, no. 1, pp. 31-37.

11. Peng, T., Leckie, C. & Ramamohanarao, K. 2007, "Survey ofnetwork-based defense mechanisms countering the DoS and DDoSproblems", ACM computing surveys, vol. 39, no. 1, pp.3-es

12. Li, F., Ye, Y., Tian, Z. & Zhang, X. 2018;2019;, "CPUversus GPU: which can perform matrix computation faster—performance comparisonfor basic linear algebra subprograms", Neural computing &applications, vol. 31, no. 8, pp. 4353-4365.

13. Gurusamy, U., K, H. & MSK, M. 2019, "Detection andmitigation of UDP flooding attack in a multicontroller software defined networkusing

14. Alipio, M., Tiglao, N.M., Bokhari, F. & Khalid, S. 2019,"TCP incast solutions in data center networks: A classification andsurvey", Journal of network and computer applications, vol.146, pp. 102421

15. TCP, I. (2020) TCP (Transmission Control Protocol) – Thetransmission protocol explained, IONOS Digitalguide. Available at:https://www.ionos.co.uk/digitalguide/server/know-how/introduction-to-tcp/(Accessed: 11 December 2020).

16. Sreeram, I. & Vuppala, V.P.K. 2019, "HTTP flood attackdetection in application layer using machine learning metrics and bio inspiredbat algorithm", Applied computing & informatics, vol.15, no. 1, pp. 59-66

17. Ramanauskaite, S., Cenys, A. Taxonomy of DoS attacks and theircountermeasures. centr.eur.j.comp.sci. 1, 355(2011).

18. HusainA。HeidemannJ。PapadopoulosC.A Framework for Clasifying Denial of Service Atack.In:Proceedings of SIG—C0MM 2003

19. Razmov V.DenialofServiceAtacksandH OW toDefendAgainst Them. http:{{n.CS.washington.edu /homes/valentin/pa— pers/DoSAtacks.pdf

20. Tavani, H.T. 2007, Ethics and technology: ethical issues inan age of information and communication technology, 2nd edn, Wiley,Hoboken, N.J.

21. Barger, R.N. 2008, Computer ethics: a case-based approach,Cambridge University Press, Cambridge.

22. Tractenberg, R.E., Tractenberg, R.E., Russell, A.J., Russell, A.J.,Morgan, G.J., Morgan, G.J., FitzGerald, K.T., FitzGerald, K.T., Collmann, J.,Collmann, J., Vinsel, L., Vinsel, L., Steinmann, M., Steinmann, M., Dolling,L.M. & Dolling, L.M. 2015, "Using Ethical Reasoning to Amplify theReach and Resonance of Professional Codes of Conduct in Training Big DataScientists", Science and engineering ethics, vol. 21, no.6, pp. 1485-1507.

23. Whitman, M.E., Townsend, A.M. & Hendrickson, A.R. 1999,"Cross-National Differences in Computer-Use Ethics: A Nine-CountryStudy", Journal of international business studies, vol.30, no. 4, pp. 673-687.

24. Kesharwani, A. & Bisht, S.S. 2012, "The impact of trust andperceived risk on internet banking adoption in India: An extension oftechnology acceptance model", International journal of bankmarketing, vol. 30, no. 4, pp. 303-322.

25. Trepte, S. & Reinecke, L. 2011, Privacy online:perspectives on privacy and self-disclosure in the social web, Springer,London;Berlin;.

26. Srxh - neglected network security Psychology (2020). The Availableat: http://www.srxh1314.com/neglected-network-security-psychology.html (anotherawarding Accessed: 11 2020).

27. Zhang, X. & Gao, Y. 2009, "Face recognition across pose: Areview", Pattern recognition, vol. 42, no. 11, pp.2876-2896.

28. Discussion on the boundary of Face recognition: What level ofinformation collection is applicable? (2020). Available at:https://www.huxiu.com/article/326103.html?f=member_article (Accessed: 11December 2020).