Professional Documents
Culture Documents
Guided by Prof.R.C.Gaikwad
Department Of Computer Engineering Pune Vidyarthi Grihas College of Engineering, Nashik University Of Pune Year: 2013-2014
Prof.R.C.Gaikwad
AS A PART OF PROJECT REPORT AS PRESCRIBED BY COMPUTER ENGINEERING
Prof.M.T.Jagtap (H.O.D)
ACKNOWLEDGEMENT
We convey our most sincere thanks to Guide Prof R.C.Gaikwad, for his guidance and effort throughout this Project report. I convey my most sincere heartfelt thanks to Head of the Department of Computer Engineering Prof.M.T.Jagtap for the motivation he had given as during the progress of Project Report. I also convey my heartfelt thanks to my parents and all the individuals who have helped us directly and indirectly to carry out this Project report successfully. Also thankful to all the Staff members.
Abstract
Distributed denial-of-service (DDoS) attacks continue to pose an important challenge to current networks. DDoS attacks can cause victim resource consumption and link congestion. A filter-based DDoS defense is considered as an effective approach, since it can defend against both attacks: victim resource consumption and link congestion. However, existing filter-based approaches do not address necessary properties for viable DDoS solutions: how to practically identify attack paths, how to propagate filters to the best locations (filter routers), and how to manage many filters to maximize the defense effectiveness. We propose a novel mechanism, termed PFS (Probabilistic Filter Scheduling), to efficiently defeat DDoS attacks and to satisfy the necessary properties. In PFS, filter routers identify attack paths using probabilistic packet marking, and maintain filters using a scheduling policy to maximize the defense effectiveness. Our experiments show that PFS achieves 44% higher effectiveness than other filter-based approaches. Furthermore, we vary PFS parameters in terms of the marking probability and deployment ratio, and find that 30% marking probability and 30% deployment rate maximize the attack blocking rate of PFS.
Contents
Chapter 1
1.1 1.2 1.3 1.4 1.5
Introduction
Problem Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .01 Relevant Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .01 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 02 Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 02 Design and Implementation Constraints . . . . . . . . . . . . . . . . . . 03
1.5.1 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 03
Chapter 2
2.1
Requirement Analysis
Validation of Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 05 Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .05 Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 05 External Interface Requirements . . . . . . . . . . . . . . . . . . . . . . . 06
Chapter 3
3.1
System Design
Breakdown Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 07
3.1.1 System Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 07 3.1.2 Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 07
3.2
Project Estimation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2.1 Estimating Software cost . . . . . . . . . . . . . . . . . . . . . 11 3.2.2 Basic COCOMO Model . . . . . . . . . . . . . . . . . . . . . 11
Chapter 4
4.1
System Analysis
. . . . . . . . . .13
4.1.2 Project (Implementation) . . . . . . 14 4.1.3 Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . Breakdown Structure
. . . . . . . . . .15
4.1.4 Project Schedule . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 16
4.1.5 Time Line Chart
...............
. . . . . . . . . . . . . .18
4.2 . . . . . . . . . . . . . . . . . . .19
4.2.1
Analysis Model . . . . . . . . . . . . . . . . . .
. . . . . . . . . 19
4.2.2 Sequence diagram . . . . . . . . . . . . . . . . . .
. . . . . . . . . 20
4.2.3 Activity diagram . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 24
Chapter 5
5.1
Risk Management
Risk Identification . . . . . . . . . . . . . . . . .
Chapter 6
6.1 6.2 6.3
Chapter 7
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
attack was launched on March 4th, 2011, which also targeted about 40 major web site in South Korea. These incidents imply that DDoS attacks are still prevalent in the current Internet. Many approaches have been proposed to defeat DDoS attacks. They can be categorized into three groups depending on the location of their deployment. First, a source-end defense scheme has the most effective benefits, because malicious traffic is blocked before spreading. However, a critical issue of this approach is how to deploy the scheme to the majority of end hosts. Second, a victim-end defense scheme, such as IDS/IPS (Intrusion Detection/Prevention System) ,and flow-based detection , protects a victims server side from DDoS attacks. However, it only covers the victims server or a small network area, and cannot counter a link resource attack (e.g., link congestion). Finally, an intermediate network defense scheme utilizes intermediate routers that can be the most effective locations to defend against both victim resource and link resource attacks .It installs filters to intermediate filter routers to block undesired flows.
1.2 Scope
The Area of our concept is in networking. In this system we are using Linux, Windows as an operating system platform , and placing multiple system in different LAN networks connected by routers or switch. One group in LAN will have both legitimate and malicious traffic. Our job is to find out and block the malicious one without banning all the clients from same LAN by using filter rules.
1.3 Objective
A service which enable to Network Administrator to, To actively monitor incoming and outgoing traffic. An User interface that will allow Network Administrator to
To Ability to block and prevent system from severe loss and downtime. Blocking DDoS attacks from infected machines without banning all the IP range.
High Availability of Web resource or service. Providing access to service or web resource without any interruption in the service.
Requirement Analysis is a Software engineering task, which bridges the gap between system level software description and design model. The System description describes overall system functionally of the System including software, hardware, databases, human interfaces and other system elements and the software design mainly focuses on application architectural, user interface and component level designs. As per problem definition and scope of the project
discussed in the previous chapter, the requirement analysis from the point of software has been performed. The requirements have been elaborated in the following sections.
We divide the whole quality requirements in three parts: Normal Requirements. Expected Requirements. Excited Requirements.
E1: User interface for Network administrator. E2: Rules enforcement on connection E3: Tracing source and destination IP , port , protocol ,packet
2.2
Validation of Requirements
In software project management, software testing, and software engineering, verification and validation (V&V) is the process of checking that a software system meets specifications and that it fulfills its intended purpose. It may also be referred to as software quality control. It is normally the responsibility of software testers as part of the software development lifecycle. Requirements are properties or attributes, which demonstrated in a way that how problems of real world can be. They are details of how the system should operate; constraints on the systems operations, and application domain information, requirements validation is concerned to check the requirements document for consistency, completeness, and accuracy. Usually, most of the bugs / errors exist in the software are due to incomplete, inaccurate, and inconsistent functional requirements. Figure, illustrates requirements validation process; where requirements documents, organizational knowledge and organizational standards are inputs. List of proposed problems and agreed actions for resolving these problems are outputs of the requirements validation process.
2.3
Software Requirements
o o VMware vSphere,Workstation,Infrastructure 3 Windows Server 2003 or higher
2.4
Hardware Requirements
a. For an x86-based computer:
i. One or more processors with a recommended minimum speed of 3.4 Ghz ii. 4GB of RAM
ii. 4 GB of RAM
try to connect to some web resource on server. Our job is to find out who are real users and blocks the attacks from malicious users.
3.1.2 Modules
Module I: Traffic Monitoring In this module we will be analyzing our incoming traffic and request made by number clients from different sets of IP ranges. We will actively monitoring the port , protocol,Source,Destination IPs,Packet.
Module II: Traffic Analyzing Incoming traffic is analyzed. Extract the packet header , Check the protocol associated , Compare with the rules, Check the source and destination add. If protocol is same.Check out the port if protocol is TCP.
3.2
Project Estimation
Administration
A web based application will be developed for the administration purpose. The module would consist of different login and screens and functionality for different login. The admin would be able to create, modify and delete accounts of the service incharge. The admin would also be able to check the status of the service incharge for every vehicle and also the work performed. He would also be able to check the final bill amount for each customer.
The admin would be provided with an interface for managing the company info.
fs are a set of additional factors, besides Size, that are deemd important PROD (fs) is the arithmetic-product of the fs
Semidetached : A = 3.0 ; C= 1.12 ; D= 2.5; E = .35 Embedded : A = 2.8 ; C = 1.20 ; D= 2.5; E = .32
Calculation of E(effort):
E=a1 *(KLOC)^a2 E=3.0 *(2.5)^1.120 E=8.371 person-months
Calculation of T(duration):
Tdev = b1*(E)^b2 Tdev = 2.5*(8.371)^0.35 Tdev = 5.259 Months
Now we have N, Number of people = EFFORT/DURATION =E/D For our project N = 4 D=E/N D = 8.371/4 D = 2.092 Months Thus we require 2.092 months to complete the software part.
T31: Analysis
T1: Communication: Software development process starts with the communication between customer and developer. Requirements are gathered according to need of the project.
T4: Risk Management It involves identifying the risk during project development & according to that, managing the risk which affects the project development.
T5: Testing After completing all the phases different testing technique is applied at the time of designing of the system.
T6.2:
Packet Rules Checking
4.1.3 Tasks:
As per the various modules described above, by applying the concept of modularity we can divide the project work in following tasks and subtasks. Each of the following tasks is so basic that it can be easily understood and implemented. T1. Communication T1.1.Requirement Gathering T2. Project Planning T2.1. Project Estimation T3. Modeling T3.1. Analysis T3.2. Design T4. Risk Analysis and Management Analysis T5. Traffic Monitoring T5.1. Incoming traffic monitoring T5.2. Outgoing Traffic monitoring T6. Traffic Analysis T6.1. Packet Extraction T6.2. Packet rules checking
Days 25 15 8 10 30 15 8 60 8 10 2
Dependencies T1 T1 T4 T3,T5 T5 -
Developers Assigned D1,D2,D3 D1,D3,D4 D1,D2,D3,D4 D2 D1,D2 D1,D4 D2,D3 D3,D4 D2,D1 D1,D3 D2,D4
Task
Plan Start
T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11
27/07/13 22/08/13 19/09/13 28/09/13 17/10/13 30/11/13 17/12/13 30/12/13 13/01/14 09/03/14 08/04/14
19/08/13 20/09/13 25/09/13 15/10/13 26/10/13 19/12/13 29/12/13 10/01/14 20/03/14 03/04/14 22/04/14
D1,D2 D1,D2,D3,D4 D1,D3 D2,D3,D4 D2,D3,D4 D1,D2 D3,D4 D1,D2,D3 D1,D2,D3,D4 D1,D2 D1,D2,D3,D4
Each task is assigned to different team member, where D1: Amey Vaidya
M1: M2: :
Requirement Gathering and validation Completed. Project Planning and System Design Completed. Indicates M1 & M2 are Milestones
4.2
Analysis Model
A sequence diagram is a graphical view of a scenario that shows object interaction in a time-based sequence what happens first, what happens next. Sequence diagrams establish the roles of objects and help provide essential information to determine class responsibilities and interfaces. This type of diagram is best used during early analysis phases in design because they are simple and easy to comprehend. Sequence diagrams are normally associated with use cases.
Connection()
Drop packets()
Acknowledgement()
If server is under heavy ddos attack then customer may or may not be able to use web resource on server. Technical risk: If IP spoofing attack performed then some of the IPs may get blocked.
Risk table along with RMMM Risk Mitigation R1 System incompatibility Monitoring Management
By setting up the Checking the alternative for software tools during software tools implementation
R2
Conduct reviews
R3
Ensure that the developers are Consider experience with proper knowledge
Check database
R4
Technical assistance
Searching technologies
for
new
6.3
Limitation
6.2.1 6.2.2 Technical Problems System should always be online
The system will work on minimization DDoS attack impact on web server. This will allows legitimate users to have access to web resource. It will stop the Link congestion and resource depletion of victim, by early detection and prevention mechanism. Packet based Filtering helps to eliminate these problems but its effectiveness improves when multiple filtering are scheduled and system installed on destination for more effective approach.
Even today many commercial web services are continued to face challenges of such attack every day or so. Placing right system will increase their effective against it.
References
____________________________________________________________
[1] http://en.wikipedia.org/wiki/Denial-of-service_attack [2]http://en.wikipedia.org/wiki/Distributed_denial_of_service_attacks_on_root_na meservers [3] http://en.wikipedia.org/wiki/Firewall_%28computing%29 [4] http://manuals.kerio.com/kpf/en/ch08s01.html [5]http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6114645&url=http%3 A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D611464 5