Title: The Challenge of Writing a Thesis: Navigating the DDoS Attack

Embarking on the journey of writing a thesis is no small feat. It's a culmination of years of study,
research, and dedication. However, amidst the academic rigors, there's a lurking threat that many
students face: the dreaded DDoS (Distributed Denial of Service) attack on their progress.

The complexity of writing a thesis is already daunting on its own. From formulating a research
question to conducting extensive literature reviews, gathering data, and analyzing findings, every
step demands meticulous attention and effort. But when faced with a DDoS attack, the challenges
multiply.

Picture this: you're diligently working on your thesis, conducting experiments or analyzing crucial
data, when suddenly your system becomes unresponsive. You're unable to access your research
materials, communicate with your supervisor, or even save your progress. This is the reality for many
students who fall victim to DDoS attacks.

The consequences are severe. Not only does it disrupt your workflow and progress, but it also
jeopardizes your timeline and academic goals. Hours, days, or even weeks of work can be lost in an
instant, leaving you frustrated and overwhelmed.

So, what can you do to mitigate the risk of falling prey to DDoS attacks while writing your thesis?
One solution is to seek professional assistance from reliable sources like ⇒ HelpWriting.net ⇔.

⇒ HelpWriting.net ⇔ understands the challenges students face when writing their theses. With
their team of experienced writers and researchers, they offer comprehensive support tailored to your
specific needs. Whether you need assistance with literature reviews, data analysis, or drafting
chapters, they provide reliable guidance every step of the way.

By outsourcing certain aspects of your thesis to ⇒ HelpWriting.net ⇔, you can safeguard your
progress against potential DDoS attacks. Their expertise and dedication ensure that your work
remains secure and on track, allowing you to focus on what truly matters: producing a high-quality
thesis that reflects your academic prowess.

In conclusion, writing a thesis is undeniably challenging, and the threat of DDoS attacks only adds
to the complexity. However, by seeking assistance from trusted services like ⇒ HelpWriting.net
⇔, you can navigate these obstacles with confidence and ensure the successful completion of your
academic journey.
This danger is magnified online, where cybercrime is plentiful. This approach helps to improve the
Quality-of-Service (QoS)of legitimate users during the SIP flooding attack, while maintaining a 100
percent success rate in blocking attack traffic. Focus on IT compliance and the integrity of enterprise
systems to establish a more secure enterprise IT framework At the end of this Masteru2019s
Program, you will be equipped with the following skillsets: 1. Consequently, we propose that the
“known host” list should have an expiry time in order to remove potentially obsolete addresses and
to keep the known host list at a manageable size. ISESS advances the solution by blocking other SIP
request floods, for example CANCEL, OK and BYE floods. JAIN Service Logic Execution
Environment (JAIN SLEE) is a java-based application server specifically designed for event-driven
applications. Furthermore, I would like to thank all my friends in the Computer Science department.
In this approach two FIFO queues are implemented, one to handle SIP INVITE requests and the
other is used to handle all other messages. Michael Walfish, Mythili Vutukuru, Hari Balakrishanan,
David Karger, Scott Shankar. For example, asterisk (an open source SIP-based VoIP switch) is used
by some organizations to establish VoIP calls between internal users and external users. Figure 8
shows the message flow to setup a VoIP session. Page 28. If this network address has the same TTL
as in the table, the request is processed, otherwise it is dropped. Consequently, an improved security-
enhanced SIP system (ISESS) was designed which adds protection for all types of SIP requests
flooding. 4.6.1 Overview of the improved security-enhanced SIP system Figure 31 illustrates the
process of this system, followed by a detailed explanation. Page 70. In this approach, the edge router
creates an IP address database which stores the source IP addresses of legitimate users, so when the
system is subsequently under a DoS attack, the legitimate user traffic can be protected. Dr. NN
Chavan Keynote address on ADNEXAL MASS- APPROACH TO MANAGEMENT in the. An
attacker compromises many hosts Usually spread across Internet. Dr. NN Chavan Keynote address
on ADNEXAL MASS- APPROACH TO MANAGEMENT in the. The average CPU usage at the
firewall is only 15%, which indicates the firewall is not fully utilized. Multifaceted Defense Against
Distributed Denial of Service Attacks. ISESS is an advance on SESS in that it eliminates its
drawbacks, while still maintaining the advantages of SESS. Upload Read for free FAQ and support
Language (EN) Sign in Skip carousel Carousel Previous Carousel Next What is Scribd. This section
explains how the firewall is implemented. 5.1.2.1 DNAT and regular housekeeping The first
requirement for the firewall is to enable destination network address translation (DNAT), and do
regular SIP firewall setup. ACK packets are processed by the SESS proxy to find out the source IP
of a legitimate user. We will also look into the types of DDoS attacks and how you can prevent a
DDoS attack. DoS attacks: Attempt to prevent legitimate users of a service from using it Examples
of DoS include: Flooding a network. In this approach, the pushback mechanism during congestion is
used to identify a malicious host. Table 12 False positives and negatives for SYN flood. An example
of a request header examination is to use Page 42. For simplicity, we will mainly use INVITE
requests to illustrate the impact of SIP floods. In the next section, we use an intelligent SIP-capable
firewall to mitigate SIP flood attacks. 3.2.1.2 Experiment set 2: AR450 Firewall The second set of
experiments was exactly the same as the first, but with the WatchGuard firewall replaced by the
Allied Telesis SIP- aware AR450 firewalls.
Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice). Report this Document
Download now Save Save DDOS Thesis For Later 0 ratings 0% found this document useful (0
votes) 141 views 59 pages Defence Against Distributed Denial of Service Attacks: A Project Report
on Network Ingress Filtering and Egress Filtering Using CLICK Router and MULTOPS Data
Structure Uploaded by Piyush Mittal AI-enhanced title and description Defense AGAINST
DISTRIBUTED DENIAL OF SERVICE ATTACKS is a research project for a master's degree in
information technology. These messages will at least be kept till the last OK message is sent to
terminate the call setup handshake. This delay difference is caused by the differentiated Type of
Service (ToS) settings for frequent users, where frequent users are signed with “Minimize-Delay”.
However, since SIP attackers normally use spoofed IP addresses, it is likely that this approach would
not be very effective. Figure 4 Packet header and the identification of the destination in. When
ISESS is configured, the average CPU usage on the firewall is the same as that in SESS, because the
methods to process spoofed SIP requests are identical on both systems. The CPU usage on the SIP
proxy is 1% which shows that no attack packet has passed through the firewall. 5.3.4 ACK flood on
SESS and ISESS SESS is designed to stop spoofed INVITE and REGISTER flooding requests, as
these can be challenged by digest authentication. Examples: Phoenix Suns (Basketball) WWII
Germany (Blitzkrieg) Does this apply to Internet. The test results from the PROTO group have
demonstrated that SIP is vulnerable to a number of malformed attacks. Page 90. Viruses Worms
Distributed Denial of Service Attacks (DDoS). Further, the application of a protection mechanism
using the IP list requires that the list be synchronised at both the firewall and the SIP server, and so
we propose a new Known Address Synchronisation Protocol (KASP). Page 55. Counteract the
Outflanking of DDoS Countermeasures: A Framework. When all advanced botnet traffic passes
through the firewall, and reaches the SIP proxy server, the server will be totally occupied by these
requests, and this could result in a DoS attack on the system. The router needs to save a large list
containing the source address and destination prefix. The attackers attempted to use a vulnerable
third-party server to intensify the data being sent out to the target’s IP address. If this network
address has the same TTL as in the table, the request is processed, otherwise it is dropped. In the past
year, the attacker behaviour has also changed during the pandemic. Reactive VS Proactive Defence
Some noticeable solutions Crux issues Discussion The “battle” is going on. Figure 10 shows the call
setup delay when the system is under SIP flooding attack. The group responsible named themselves
the Lizard Squad. Dr. Vinod Kumar Kanvaria Dr. NN Chavan Keynote address on ADNEXAL
MASS- APPROACH TO MANAGEMENT in the. Table 4 False positives and negatives for TCP
flood with constant. This is because only legitimate requests are allowed to pass through the firewall,
the SIP proxy server only processes a limited number of requests, and thus even though the system is
under an attack the CPU usage on the proxy server should not be affected by the attack traffic. When
an update packet is received, the daemon reads the payload and converts the KASP message to an
iptables rule. When the network or server closes the connection, the hacker sends out more. However,
flooding attacks based on other spoofed SIP requests such as the ACK packet pass through the
firewall without any authentication and so are not countered by SESS. The PROTO test suite c07-sip
is used to test the robustness of SIP protocol. The message body is either used to describe session
requirements or to encapsulate various types of signalling. Stress tests have been conducted with a
large amount of flood traffic and the test results show SESS and ISESS can still provide good
performance under this attack. Figure 5 shows the flow of interaction of a SIP- based VoIP system.
There is a strong business and consumer interest in VoIP owing to its potential for providing a more
flexible service at a much lower cost than is typically available from analogue telephony. Koen van
Hove. Researcher at the University of Twente. If this is a new user, the address will be added to the
normal userlist and a timer will be set to remove the user on expiry after time t1. ISESS counters the
flooding attack effectively and avoids timeout due to SIP proxy overloads. CPU usage at SIP Proxy
server 0 5 10 15 20 25 30 0 5000 10000 15000 20000 25000 Number of attack packets CPU usa ge
(% ) CPU usage at SIP Proxy server Page 67. By browsing bankinfosecurity.com, you agree to our
use of cookies. This is because in ISESS when a new user tries to place a call, an extra KASP
message is processed to add that user to the “temporary userlist” on both firewall and SIP proxy.
Click below to talk to a Secureworks Incident Reponse expert. Attack flows can still incur
congestion along the attack path. Penetration. Attacker gets inside your machine Can take over
machine and do whatever he wants. The sharing of hosts that describes a DDoS gives many
advantages to the attacker such as control of many machines to complete a seriously disturbing
attack and it is difficult to recognize the attacker due to multiple locations. Iptables rule sets are a
true layer-three process with no application layer processing required, and this ensures optimal
performance of the system. In summary, source-end DDoS defense strategy is the most effective and
with moderate deployment cost. To prevent DDoS attack, you need strong DDoS protection and
mitigation which can monitor and work in real time. Other SIP requests floods are used to verify
how the proposed systems mitigate flooding of other types of SIP requests. Overall, while a SIP
intrusion detection mechanism is able to inform a system administrator when an attack has been
detected, it will already have had an impact on the SIP system. While TCP has better security than
UDP, since the information update happens between a SIP proxy server and a firewall which is
normally one hop away from the server, and given that the communication link is secured by the
firewall, there is no real benefit to be gained from the security advantage of TCP. For example,
asterisk (an open source SIP-based VoIP switch) is used by some organizations to establish VoIP
calls between internal users and external users. In order to generate a complete hop number table,
thousands of addresses and hop counts have to be stored. The main point in this attack, the attacker
attacks one system from multiple locations. Thus, a large amount of spoofed ACK can exhaust the
resource on the SESS SIP proxy server. Authentic and secure Friends Tekh Decoded Tekh Decoded
is a online magazine focused on computing, electronics and mechanical gadgets. Some of the existing
commercial firewalls, for example: AR450 from AlliedTelesis have SIP anti-flooding mechanisms to
protect a SIP proxy server from DoS attacks. To secure your network and server with these attacks,
DDoS protection is essential. Consequently, an improved security-enhanced SIP system (ISESS) was
designed which adds protection for all types of SIP requests flooding. 4.6.1 Overview of the
improved security-enhanced SIP system Figure 31 illustrates the process of this system, followed by
a detailed explanation. Page 70. The group responsible named themselves the Lizard Squad. The
client starts to get “500-server internal error” responses. Page 35. Routers too have rate-limiting and
ACL ability that can help to prevent flooding (Brindley, 2002). This process is slightly different if
authentication is enabled on the proxy server. Connection Resource Exhaustion packets designed to
saturate all available resources for servicing new connections. e.g syn flooding.
The call setup delay differences between normal users and frequent users in both SESS and ISESS
are very similar (0.2 and 0.17 Page 94. It’s a defense mechanism against legitimate looking requests
that consume computational resources. Figure 18 Detection of packets with malformed headers.
Contrarily, the performance of the system would also degrade if the user list expiry time is set too
high, as this could result in a very Page 95. Hashtables are used to store the legitimate user IP
addresses. In the 407 message, there is a “nonce” value, which is a random string generated by the
proxy server used for one challenge only. The firewall queuing, userlist and frequent userlist update
mechanisms are the same as in SESS, which maintains a good QoS for legitimate users during flood
attacks. The SIP proxy server has a module built-in to examine the content of a SIP message header
to spot malformed SIP requests. Figure 28 The topology that is used to generate traces for. In this
experiment, the CPU usages on both firewall and SIP proxy server are measured during an INVITE
flood attack. The Strategic Role of Sweepstake Software in Business Expansion 9 February, 2024
Marketing might just be the single most powerful tool. Design security architecture and framework
for a secure IT operation 4. This is because in ISESS when a new user tries to place a call, an extra
KASP message is processed to add that user to the “temporary userlist” on both firewall and SIP
proxy. However, since other SIP messages would not require much processing from the SIP proxy
server, this is of relatively low concern. Page 65. TCP-ratio 143.112 352.508 14109.251 50448
191.168.1.2 SYN flood. Koen van Hove. Researcher at the University of Twente. This thesis focuses
specifically on SIP-based flooding which is one of the more common ways to attack SIP systems.
2.1.1 Quality of Service (QoS) and security requirements of VoIP VoIP faces two challenges which
are more serious than in traditional PSTN networks: quality of service and security. Advisor: Frank,
Y.S. Lin Present by C.Y. Hsu. Optimal Allocation of Filters against DDoS Attacks. Benefits: 1)Avoid
Collateral Damage that can result from large attacks that can saturate uplinks within an enterprise
network, either at the edge or within the core andaggregation layers 2)Speed. In this system, a SIP
proxy server is in charge of forwarding SIP requests and responses to the corresponding recipients,
and is most vulnerable to flooding attacks, because it has to process each incoming SIP request, look
up the address of the recipient and it may need to generate, store and send authentication requests.
This process is slightly different if authentication is enabled on the proxy server. It’s a defense
mechanism against legitimate looking requests that consume computational resources. In ISESS, an
ACK can only be added to a userlist if it is already on the tempUserList. It is worth noting that the
ISESS system cannot compensate for a heavily congested network. The SIP client software was an
X-lite SIP soft phone. Furthermore, H.323 has poor extensibility, which means it is hard to develop
additional extensions for this protocol. The attacker can specify the content of each header field (to
form either malformed message attack or overflow attack) to cause a denial of service problem on
the SIP proxy server. However, when there are multiple domains, H.323 has a scalability problem as
there is no easy way to perform loop detection. The test results from the PROTO group have
demonstrated that SIP is vulnerable to a number of malformed attacks. Page 90. The results may
differ if tested in other systems. In the following experiments, for simplicity SIP INVITE flood is
used in most of the system performance tests.
TRUE) then Write P to the oneway.dat Delete P from pair table. ICMP flood 30.68 3.91 4401.42 120
3 171.221.4.115 SYN flood 486.97. The SIP client software was an X-lite SIP soft phone.
Understand security in cloud computing architecture in depth 3. In stage one, this project proposes
the Security-Enhanced SIP System (SESS), which contains a security-enhanced firewall, which
evolved from the work of stage one and a security-enhanced SIP proxy server. However this value
varies depending on the profile of previous attack traffic. The experiment results should show that
when using SESS and ISESS, during an INVITE or REGISTER flooding attack the call setup delays
for normal users and frequent users should not be affected by the attack, while the call setup delay
for unknown users should be longer than usual, as it has to go through layer-7 authentication process.
Flooding means, the system receives excessive amount of traffic for the server to buffer that cause
system to slowdown and stop (Denial of Service Attack, n.d.). Other DoS attacks normally take
advantage of bugs or faults that cause the target system to crash. The call setup delay differences
between normal users and frequent users in both SESS and ISESS are very similar (0.2 and 0.17
Page 94. For Later 100% 100% found this document useful, Mark this document as useful 0% 0%
found this document not useful, Mark this document as not useful Embed Share Print Download
now Jump to Page You are on page 1 of 175 Search inside document. Each incoming ACK message
is logged and the IP address of the sender of this message is stored on one of the user list, depending
on the time it made the last phone call. In stage one, this project proposes a Security-Enhanced SIP
System (SESS), which contains a security-enhanced firewall evolved from an application-layer
stateless firewall with additional layer-3 queuing and a security-enhanced SIP proxy server. Protect
data movement, perform disaster recovery, access CSP security and manage client databases Learn
more at. Owing to the fact that in VoIP networks there is typically a great deal of infrastructure
resource sharing, the quality of a VoIP network cannot be guaranteed to the same extent as in the
PSTN network. Figure 11 Calculation of TCP ratio and detection of TCP-based. This approach helps
to improve the Quality-of-Service (QoS)of legitimate users during the SIP flooding attack, while
maintaining a 100 percent success rate in blocking attack traffic. If any of the header fields have been
changed by an attacker, the nonce that is computed will be different, the server will detect this
condition, and the request will be rejected. The attacks were said to come from Russian IP addresses.
5. When the Lizard Squad wiped out Xbox and PlayStation Network over Christmas In 2014,
PlayStation Network and Xbox Live were brought down by a series of DDoS attacks, resulting in
millions of customers being knocked offline. This mechanism usually requires specific agents to be
installed on intermediate routers. If it is less than the frequent user expiry time t2 the user will be
promoted from the normal Page 59. However, prevention from DDos attack is still not available due
to its distinctive characteristics. Figure 22: Overall process of Security-enhanced SIP proxy server
When a SIP request comes in at the firewall’s SIP port (5060), it will check whether it is an INVITE
or REGISTER. Table 41 Alerts and their attributes for low rate, long duration. To start with,
dedicated DoS mitigation devices go through the very same. In our experiment, we have enabled
this function, and flooded the SIP proxy server with 60,000 INVITE requests. The Ministry of
Utmost Happiness by Arundhati Roy The Ministry of Utmost Happiness by Arundhati Roy 2023
MAP Data Analysis - St. This is because predictive nonce checking is not native to a system, so there
is no kernel support, and a single FIFO queue is used to pass all SIP INVITE and REGISTER
packets from the network interface to the application-layer process which makes the setup delay
increase as the number of attack packets increases. ISESS is an advance on SESS in that it eliminates
its drawbacks, while still maintaining the advantages of SESS. Flood 1.15 546.97 34900.27 630
87.231.142.6 UDP Flood 6.82 154.88. Eric Bulgrin February 8, 2005. Overview. Why are attacks
prevalent.
This involves having a detection component to distinguish a SIP flooding traffic from normal SIP
requests. The message body is either used to describe session requirements or to encapsulate various
types of signalling. Traffic flow is asymmetric, meaning the responses do not need to come back
through us, ensuring a quick response for legitimate requests. In Chapter three, the details of this
type of attack will be discussed, followed by existing mitigation techniques. Page 27. If not, the
message is allowed to pass through. Page 63. Request messages are used by UAC, and responses are
used by UAS. Table 3 Attack attributes for TCP flood with constant sequence. The following PDF
gives some useful advice regarding the same. Connection Resource Exhaustion packets designed to
saturate all available resources for servicing new connections. e.g syn flooding. However, there are
excellent and effective tools that can help moderate the impact of this attack. If a user is removed
from the userlist, the user will be considered to be unknown when they next make a phone call.
Using this mechanism, the password is never sent in clear text. In a router IP traceback mechanism,
when a DDoS attack is detected, traceback is triggered. By registering in Slidesgo, you will be able
to edit online templates and download up to 5 templates per month. These messages will at least be
kept till the last OK message is sent to terminate the call setup handshake. Understand security in
cloud computing architecture in depth 3. While TCP has better security than UDP, since the
information update happens between a SIP proxy server and a firewall which is normally one hop
away from the server, and given that the communication link is secured by the firewall, there is no
real benefit to be gained from the security advantage of TCP. As can be seen, when there is no
security deployed in the system the flooding attack can easily overload the SIP proxy server with
spoofed requests (the server is almost at 100% CPU) and result in the high call setup timeout rate
seen in the previous experiments. Figure 6 The problem of capturing network traces in presence of.
The average call setup delay for users under no security is 9.39 (this calculation does not include the
call setup timeouts) seconds. Eric Bulgrin February 8, 2005. Overview. Why are attacks prevalent.
Thus, SIP requests from frequent users are passed to the SIP proxy server with the highest priority,
and requests from normal users are not prioritised. Nguyen Thanh Tu Collection The Ministry of
Utmost Happiness by Arundhati Roy The Ministry of Utmost Happiness by Arundhati Roy Trushali
Dodiya 2023 MAP Data Analysis - St. Then using the predictive nonce-checking firewall, the total
number of received attack packets are recorded to calculate the percentage of the attack traffic that
managed to navigate through the firewall and the client call setup delay was measured to verify the
system performance impact of this firewall. If the headers have not changed, the resulting nonce will
be identical to the one issued in the challenge, and the digest response will be valid. As specified in
RFC 3261, Section 9.1 states: The Request-URI, CallID, To, the numeric part of CSeq, and From
header fields in the CANCEL request MUST be identical to those in the request being cancelled,
including tags. The Strategic Role of Sweepstake Software in Business Expansion 9 February, 2024
Marketing might just be the single most powerful tool. JAIN SLEE is used to implement
enhancements of the SIP proxy server, as it is becoming a popular choice in implementing
communication applications. JAIN SLEE is used to implement enhancement of the SIP proxy server.
Since the transmission link between the internal and external users is the internet, the VoIP switch is
vulnerable to attacks sfrom the internet.
ISESS counters the flooding attack effectively and avoids timeout due to SIP proxy overloads. In
order to test this hypothesis, an improved iFlood was developed. Dr. NN Chavan Keynote address
on ADNEXAL MASS- APPROACH TO MANAGEMENT in the. Thus, we can assume all IP
addresses that have completed a handshake are legitimate, which includes all users that have
successfully registered or made a phone call. This project firstly examines the impact of a SIP
flooding attack on a SIP-based VoIP system. However, with SESS and ISESS configurations, the
call setup delay for new users, normal users and frequent users should differ and so the call setup
delay for the three types of users is measured separately. However, prevention from DDos attack is
still not available due to its distinctive characteristics. The following subsections detail the call setup
and management in the two protocols, 2.1.2.1.1 H.323H.323 is a protocol suite that was designed to
enable IP-based multimedia communications, and it was the first widely adopted and deployed VoIP
protocol. Figure 28 The topology that is used to generate traces for. Nguyen Thanh Tu Collection The
Ministry of Utmost Happiness by Arundhati Roy The Ministry of Utmost Happiness by Arundhati
Roy Trushali Dodiya 2023 MAP Data Analysis - St. Accessing network information or services by
excessive. The easiest form of marking is node append, where every router on the path crossed by a
packet adds its IP address to the packet to facilitate the traceback process. Introduction IPV4 IPV6
VOIP IPV4 to IPV6 Migration of VOIP to IPV6. Table 12 False positives and negatives for SYN
flood. Figure 22: Overall process of Security-enhanced SIP proxy server When a SIP request comes
in at the firewall’s SIP port (5060), it will check whether it is an INVITE or REGISTER. Chapter
seven is the conclusion section and suggestions for future work are also discussed. Page 11. Let's
help you with the presentation for your thesis defense on cybersecurity. The vulnerabilities of VoIP
will also be described. 2.1.2.1 Signalling protocols Both H.323 and SIP provide functionalities for
call setup, management, and termination. However, in the flooding attack scenario, attack traffic is
likely to be generated by a single host and so the TTL is the same from all incoming packet. The time
for known user lists expiry will affect the call setup delays for all users to an extent. That router
would firstly build a hop- count table, containing hop-count information on all possible destinations.
Find a connection C that P belongs to, or create it if not found If. This project has identified and
trialled a number of countermeasure designs. This will certainly result in a network or a server is not
able to locate the return address of the hacker when sending out the verification approval. For one, a
15-year-old boy who went under the alias Mafiaboy infamously brought down some of the biggest
commercial websites in the world, including Yahoo!, CNN, Amazon, Dell, and eBay. The average
call setup delay for new users was 7.14 seconds which is consistent with the application layer
stateless firewall, as expected. To secure your network and server with these attacks, DDoS
protection is essential. Figure 7: Registration removal message 2.3.1.3 Registration hijacking
Registration hijacking occurs when an attacker impersonates a valid UA to a registrar and replaces
the legitimate registration with its own address. This test result also shows that during an INVITE
flood, the average call setup delay is slightly greater (0.155 seconds) than with an ACK flood as the
firewall has to send back digest authentication messages to the spoofed addresses. Tags: DDoS,
distributed denial of service attack About the Author Sunit Nandi I'm the leader of Techno FAQ.