INFORMATION CHANGE THE WORLD

International Journal of Computer Network and Information Security(IJCNIS)

ISSN: 2074-9090 (Print), ISSN: 2074-9104 (Online)

Published By: MECS Press

IJCNIS Vol.7, No.11, Oct. 2015

Data Traffic Modeling During Global Cyberattacks

Full Text (PDF, 1222KB), PP.20-36


Views:63   Downloads:1

Author(s)

Volodymyr Mosorov, Andrzej Kosowski, Roman Kolodiy, Zenoviy Kharkhalis

Index Terms

Denial-of-Service attack;network simulator;data traffic;attack modelling;attack scenarios

Abstract

The article analyses the possibilities and techniques of modeling global cyber-attacks on an internetwork of small countries. The authors study the Distributed Denial of Service (DDoS) attack against Estonian internetwork, which took place in 2007, in an open-source Nessi2 simulator environment, as DDoS appears to be the most common type of informational attack on resources used todeay. Such a modeling can be replicated with a certain degree of accuracy because the most of powerful attacks have been relatively well-documented. The article covers the most lifelike attack scenarios accomplished by sophisticated modeling of underlying traffic cases. Conclusions drawn from the simulation show that even large-scale DDoS attacks can be successfully modeled using limited resources only. Future research directions, motivated by the research, underlying this article, are highlighted at the end.

Cite This Paper

Volodymyr Mosorov, Andrzej Kosowski, Roman Kolodiy, Zenoviy Kharkhalis,"Data Traffic Modeling During Global Cyberattacks", IJCNIS, vol.7, no.11, pp.20-36, 2015.DOI: 10.5815/ijcnis.2015.11.03

Reference

[1]Xiang Y., Zhou W., Chowdhury M., A Survey of Active and Passive Defence Mechanisms against DDoS Attacks. Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia, March 2004.

[2]Specht S. and Lee R., Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures // Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems, 2004 International Workshop on Security in Parallel and Distributed Systems, 2004 September. – P. 543 – 550.

[3]http://dictionary.reference.com/browse/botnet (acc. May, 31, 2014).

[4]Host icon by Everaldo Coelho, reposted under GNU Free Documentation License Version 2.1, http://upload.wikimedia.org/wikipedia/commons/thumb/7/77/Computer_n_screen.svg/500px-Computer_n_screen.svg.png (acc. Nov 30, 2013)

[5]Server icon by George Shuklin, reposted under GNU Free Documentation License Version 2.1, http://upload.wikimedia.org/wikipedia/commons/7/7c/Server-tower.svg (acc. Nov 30, 2013).

[6]http://sourceforge.net/projects/nsnam/files/ (acc. Nov 15, 2013).

[7]http://www.isi.edu/nsnam/ns/ (acc. Nov 19, 2013).

[8]NS-3 official website, http://www.nsnam.org/ (acc. Nov 19, 2013).

[9]Kuhl M., Kistner J., Costantini K., Sudit M., Cyber Attack Modelling and Simulation for Network Security Analysis // Proceedings of the 2007 Winter Simulation Conference P. 1180-1188.

[10]Cisco Packet Tracer Datasheet, http://www.cisco.com/web/learning/netacad/course_catalog/docs/ Cisco_PacketTracer_DS.pdf (acc. Nov 19, 2013).

[11]http://pcl.cs.ucla.edu/projects/glomosim/ (acc. Nov 19, 2013).

[12]SCALABLE Network Technologies home page, http://www.scalable-networks.com/products/qualnet/ (acc. Nov 19, 2013).

[13]http://tetcos.com/software.html (acc. Nov 19, 2013).

[14]http://www.opnet.com/solutions/network_planning_operations/ (acc. Nov 19, 2013).

[15]http://www.ece.gatech.edu/research/labs/MANIACS/GTNetS/feature_set.html (acc. Nov 19, 2013).

[16]Karsten Bsufka and Rainer Bye, NeSSi2 Ver. 2.0.0-beta.3 Manual http://www.nessi2.de/fileadmin/Dateien/NeSSi/2.0.0-beta.3/NeSSi2Manual.pdf (acc. Nov 19, 2013).

[17]http://www.nessi2.de/ (acc. Nov 16, 2013).

[18]This has been changed in the newest version (beta3), where all link types indicate bandwidth [author's note].

[19]Cotton, M., Vegoda, L., "Special Use IPv4 Adresses", ICANN, IETF, January 2013, http://tools.ietf.org/html/rfc5735 (acc. Nov 17, 2013)

[20]Davis, J., "Hackers take down the most wired country in Europe", Wired Magazine, August 21, 2007, http://www.wired.com/politics/security/magazine/15-09/ff_estonia (acc. Sep, 12 2013).

[21]"Facts about e-Estonia", Estonian Informatics Center, http://www.ria.ee/27525 (acc. Sep 30, 2013).

[22]Based on Eesti Statistika population statistics, http://pub.stat.ee/px-web.2001/Dialog/varval.asp?ma=Po0291&lang=1 (acc. Nov 19, 2013).

[23]Map of municipalities of Estonia (edited) – public domain image, http://commons.wikimedia.org/wiki/File:Estonia_municipalities.png (acc. Nov 21, 2013).

[24]Based on Eesti Statistika population statistics, http://pub.stat.ee/px-web.2001/Dialog/varval.asp?ma=PO0222&path=../I_Databas/Population/01Population_indicators_

and_composition/04Population_figure_and_composition/&lang=1 (acc. Nov 23, 2013).

[25]http://www.stat.ee/main-indicators (acc. Nov 23, 2013).

[26]http://www.merlyn.demon.co.uk/critdate.htm (acc. Nov 24, 2013).

[27]http://download.oracle.com/javase/6/docs/api/java/lang/System.html#nanoTime%28%29(acc. Nov 24, 2013).

[28]http://download.oracle.com/javase/1.4.2/docs/api/java/lang/OutOfMemoryError.html(acc. Nov 24, 2013).

[29]BredoLab downed botnet linked with Spamit.com, InfoSecurity Magazine, November 1, 2010, http://www.infosecurity-magazine.com/view/13620/bredolab-downed-botnet-linked-with-spamitcom/ (acc. Nov 24, 2013).

[30]Poppe, Y., "Evolution of transoceanic lambdas. A GLIF capacity supplier perspective", 23th APAN Meeting, January 22-26, 2007, http://www.apan.net/meetings/manila2007/presentations/backbone/lambdas-YP.ppt (acc. Nov 24, 2013).