Analysis of Firm or Organisation Should Be Protected Against DOS

Question: Discuss about the Analysis On How An Organisation/Firm Should Be Protected Against Denial Of Service (Dos) Attacks In Wireless Sensor Network. Answer: Introduction Nowadays, with the vast advancement of the technologies, internet is becoming the most popular need of the people. No matter what the condition or place is but internet has become the first priorities for the new generation. Therefore, most of the small and large business houses are opting for online business through e-commerce websites. WSN i.e. Wireless sensor networks are very effective and its implementation is very easy. Because of so much of ease and flexibility, it is widely used in business as well as military applications. But there is lack of security issues as well as energy resources which make it very vulnerable to the security threats. As discussed above, the most popular attack is DOS. It disrupts the services by disabling the machine access to the user. It weakens the network connectivity and rends the website network to be incapable of providing the services that they are actually targeted to. This attack works by sending a no. of packets at the victims end that weakens his network connectivity and deny the user to have access to the data (Gong, 2007).. Various techniques have been developed by several researchers that prevent the DOS attack. These prevention techniques are usually based upon AI, Soft computing and multi-agent computing approaches. Most of the business websites are disrupted by DOS attack. It has become the biggest threat to the e-business because of its low security concern. These attacks can result in loss of data, reputation and even money loss for the business. It also disable some services that results in operation delays for the organizations. For a business website these attacks can jam the organization data base by crafting SQL queries and block users by repeating invalid login requests. These attacks may also result in formatting the data from the server computer systems and can cease the website operations that are being accessed by multiple users Risks through Denial of Service DOS works on the concept that overloading a system can crash the system easily. In website applications, it overloads the software by sending multiple no. of attacks due to which the application functioning stops or the application does not remain able to provide the proper web pages. For crashing the web application, threats are send to the following services: Bandwidth of the network Total memory of the server Exception handling approaches of the system Usage of CPU by Application Database connect Space for storing database Earlier, the DOS attacks were used by ethical hackers so as to protest any of the website, but the study has confirmed that these attacks are used as cybercrime profit making tool. In case, if prevention is absent, these threats can lead to: Extortion: The DOS attackers can disrupt the network until the complete payment is not processed. Sabotage: It can attack the websites in order to increase the share rates in the market. Damaging brands: Insecurity of websites may loosen the brands reputation to a great extent. Financial loss: DOS attack does not allow the websites to run their business online effectively that result in loss of advertisement cost and sales revenue. Approaches for Launching DOS attack: There are several ways that an attacker can follow to launch DOS attack: They can attack the system by unplugging the network server. This can only be done if the attackers can contact the servers physically. Another way is by coordination of large no. of computers called zombie computers. This attack is launched to perform attacking at a very large level. This can be done against the target by using: Buffer overflows in the functioning of applications. Upload large files to the server. Recursive queries of SQL. Complex search queries There are various tactics that are used by attackers. The mostly used tactics are as follows: Ping Flooding This is also known as Smurf attack. The working of this testing include the sending of large no. of ping packets to the target. This sending of packets is performed by using ping command. It is the easiest way to launch the attack. The only requirement is to increase the website traffic by sending large no. of packets to such extent that the traffic exceeds the network bandwidth of the website. The packets can also be sent by using forged message addressing. In this, the senders address in not present, therefore it results in ending closed networks. By increasing the no. of packets, we can successfully disrupt the network. Peer-to-Peer In these attacks the attackers disconnect the peer-to-peer connectivity in the targeted system network and connect the target systems website with itself. If there are large no. of systems that are trying to connect to the target system, ten it will surely lower the performance of the web application and result in overflowing of data (Stavros, 2012). In these types of attacks there is no need to have the communication with the systems that the attackers use to launch the attack. Application Level Floods These attacks are not for exploitation of the network bandwidth of the targeted network but it deals with the creation of confusion in the computer applications that result in filling up of the system memory and ultimately in degrading the performance of the application. This tactic is usually performed by using buffer overloading technique. Need to prevent DOS attacks Before moving towards the prevention techniques for DOS attacks, firstly we should know why it is required to prevent these attacks. These attacks are randomly used once they are launched for disrupting any medium, small or large business. If these attacks are not launched for high profile websites then it is launched because of any of the following reasons: Grudge: Enemy or any jealous employee or competitors may have the wish to disrupt a business website so as to get financial profit or to take any kind of revenge. Name Confusion: There may be chances that the websites name can be resembled to any persons name or any place name. Easy target: Small business houses usually dont opt for the security against DOS attack. Therefore, some new start-ups can use their business knowledge for their betterments. Bad luck: Sometimes, in random selection, the attackers choose the website and attack them. These attacks are always unknown and unintentional for the business websites. Therefore there must be proper prevention against these attacks so as to improve the business efficiency as well as for making greater profits. Preventive measures for DOS attack Various preventive measures have been given by several researches that can prevent the websites and system from DOS attack. Following is the table that contain the comparison between the techniques that are being used for prevention from DOS attacks: Technique name Harmful Behaviour Good behaviour Parameters Protocols Evaluating Parameters Game theory Threshold values and falsifying label Reputation Cooperation, reliability, density and distance UDSR protocol Mean of dropped packets Repeated game theory Fails in recognizing the node agreeing to the forward packets. Cooperation Forward packet cost, reputation, rating DSR protocol Hops no. in packets received KDS protection Replication of nodes Reputation HEED protocol Use of energy and life time of the network MOM Frequent attacks to the content Utility Content and no. of messages MOM protocol Packets low rate and amount of packets Cooperative game theory Total detection ratio Attack detection cost Fuzzy Q-Learning protocol Defence rate accuracy and consumption of energy Bayesian game theory Presence of nodes that are non-cooperative Reputation S-LEACH Packets dropped and throughput Prevention and detection based on strength Reply of the message hello Strength of the signal Signal strength AODV routing Receive packets, dropped packets and the ratio of delivery of packets Economical modelling for Security enforcing Presence of nodes that are non-cooperative Reputation SAR Reputation and dropped packets mean Framework base on ant Flooding Low cost Size of buffer Ant-Based Co-FAIS Low time response Usage of energy and in time response Co-FAIS Accurate calculations of the rate of defence and high consumption of electricity The game theory technique is based on the USDR protocol and is used as for routing of security. The protocol used in this technique is actually derived from DSR protocol. In this technique there are four main components: a) Watch-list b) Utility c) Cooperation d) Reputation. Out of all these components, Watch-list is for identifying the code that is malicious in nature, the value of the Utility helps in choosing the security routes, both the remaining components are used for calculating the misbehaviour of the nodes. The repeated game theory protocol is actually based on the theory of a game that is for the recognition of the nodes agreeing to packets that are forward but the nodes are unable to agree the packets. This technique maintains cooperation between the system nodes and if a node behaves as non-cooperative nodes, it does punish those nodes. First of all, the clustering of the sensor nodes is done using the HEED protocol. The residual energy and inter cluster communication are the two parameters of the clusters that are used for selecting CHs value. On detection of a harmful node by the CH, the KDS is sent a request in which KDS disrupts all the operations that are being performed by the harmful node. This disruption is done by deletion of the secret key of the harmful node which makes the node keyless and hence results in disruption of the operations performed by that node. MOM stands for message observation mechanism. In this mechanism, the identification of the content attack as well as the frequent attack is done by using MOM similarity function. After this identification, the harmful node is isolated by adopting rekey and rerouting via MOM. There are three components of MOM: a) NML b) AML c) OM. Here NML stands for normal message list, AML stands for abnormal message list and OM stands for Observation mechanism (Gregory, 2015). The cooperative game theory is based upon Fuzzy Q-Learning protocol. Actually, this technique is made from combining two theories: game and Fuzzy Q. This technique can identify present as well as future attacks. The present attacks are identified via using game theory and the future attacks are identified via using Q-Learning mechanism. These can also identify irregular attacks. In this, three players are present that performs all the tasks. These players are a) Sink node B) base station c) attacker. The sink node is used for monitoring of the message attacks via operation called FQL. If the sink node receives the abnormal message, it sends the alarming signal to the base station, here the sensor node is being assaulted by the attacker. Beyesian game protocol is used for securing the LEACH protocol. This is also called S-LEACH. There are two rounds in this protocol: a) set up phase b) steady state phase. In first phase, the selection of the cluster heads is performed, in the second phase, the time is assigned to the sensor nodes to the belonging Clusters via CHs. These can also perform the transmission of data from the nodes to the clusters. The prevention and detection strength protocol is based on the Hello flood protocol. This protocol attacks on the network layer of the system. In this technique, we make use of the hello message for detecting a nodes presence. On the receiving of the message by any of the node, its neighbour table are updated by the node. This update process is performed so as to route the node in the forward direction to the base station. In this a friend and strange node is detected by using simple text packets. The node that receives the hello message reply a simple text packet to the sending node, if the node receives the reply with in the allotted time then it is considered as friend node else is considered as stranger node. This algorithm makes use of AODV-HFDP algorithm for routing procedure. The Economical model protocol for strength is also known as SAR. SAR stands for Secure Auction based routing. In this timeout timer is used for recognition of harmful node. If the time expires while the nodes are moving towards the destination, it added the bad route nodes to the base station and then the placing of these nodes is done in the watch-list. If a node is repeated in the watch-list, it is ignored by the watch-list and it displays all the remaining nodes. In the ant-based protocol, the detection of the attack is done by the DDA. Here DDA stands for DDOS detecting Ants. In case of the high traffic the control from the DDA is transferred to the DPA. If the packets received by DPA are unaffected by the attack then these are considered as uncontaminated packets and if the received packets are affected then these are considered as contaminated packets and are neglected. The Co-FAIS technique works by the continuous sniffing of data from network and the inspection of the behaviour of the sensors. There are six modules in this technique: a) sniffer b) Fuzzy misuse detector c) Danger detection d) Q-Learning vaccination e) cooperative making of decision f) response. First of all, the packets are received by the sniffer module, then this module transmit all the packets to the detection module where the similarity of the packets is compared by Fuzzy misuse detector. Then the compared packets are transferred to the danger detection mode where the current system usage profile and normal usage file of the system is compared. Then the vaccination system examines the threshold of the used system and then the decision making mode selects the behaviour of the packet as per the comparison of detection modes and vaccination modes, if it examines a real cause attack then the response module removes it, else it keeps the packets. Evaluation All the above techniques that are used for the prevention of system from Denial of Service attack are compared as per their meaning, protocols used by them, their disadvantages, advantages and parameters. Each of the above technique is based upon the finding of the harmful attack and then ignoring it. These harmful packets are removed so as to prevent from the DOS attack. Out of all the above mentioned techniques, Co-FAIS can be considered as the most effective technique for preventing the system for the Denial of Service attack. It is because that in all other techniques only the sent nodes behaviour is being checked. While in the Co-FAIS technique, the behaviour of the node is identified along with it all the neighbour nodes are also alerted with the identification pattern which makes the system more secure. But there are some disadvantages of this technique which are needed to be resolved so as to get the best results from this technique (Booth, 2007). Updates required in Current Co-FAIS system It is an immune system that is used for the prevention from DOS attacks in wireless sensor networks. It is a real time method for providing real time security to the system. This technique has lot of advantages but there are various disadvantages too. It lacks the capabilities of learning and other than this, it is a single normal model due to which it remains constant during the process of detection. The current Co-FAIS system can be modified by the addition of two learning parameters in the logic given by fuzzy. It will reduce the disadvantages of this technique and also increase the detection accuracy rate of the system and helps in improving the capabilities of learning. The modified immune system contains 6 components: Sniffer module: The main aim of this module is the grabbing of the packets from the online networks and then the transmission of those packets to the Fuzzy Misuse detector module. Fuzzy Misuse Detector: This step involves the identification of the harmful packet. The main aim of this step is to compare the reports of the currently processed packets with the normal packets and finding the packets that cross the threshold value. If the threshold value of the packets exceeds the limit value then it sends the attack warning and if remains under the limit then the system is safe from any kind of threat. Danger Detector: If the previous step, detected the attack then the main aim of this module is the calculation of the difference between the harmful packet parameters and the parameters of normal packets. Fuzzy Q-learning detection: The main step of observation of the attack is performed in this module. This module makes the use of FQL protocol for this purpose. This protocol consists of fuzzy controller. The main aim of this fuzzy controller is the conversion of continuous inputs into the fuzzy sets. There are six fuzzy sets: Eu Tr Bs Co Th Si Here, Eu stands for usage of energy. Tr stands for response time. Bs stands for Buffer size. Co stands for count. Th stands for throughput And Si stands for Sleep interval. A threshold value is given to each of the Fuzzy state and then the optimal cost of the system can be calculated as per its values Cooperative decision making: The main aim of this module is the combining of the outcomes that we have obtained in the FMDM and FQDM detectors. This combination is performed so as to get the consolidated results of the threshold value and for analysis the source of the attack. Response: The main aim of this module is to perform the update processes in the main table and modification of all the entries of the host table. This module also deals in the production of signature related to the attack and the elimination of all the possible attacks from the system (Alzaghal, 2006). In this way, by the addition of the two new parameters in the Fuzzy Q-Learning module we can resolve the disadvantages or the limitations of the Co-FAIS system by improving its learning capabilities and increasing the accuracy of the detection rate of the attacks. Conclusion Denial of service attacks reduces the system performance to a great extent. In Wireless sensing networks, the integrity and the protection of the data are considered as the major security concerns. Dos leads to the loss of data and total insure environment for the databases. Therefore, there must be proper prevention techniques for the prevention of the system from DOS attacks. Various researchers have developed several techniques that can be used for the prevention of system from the DOS attacks. In this paper, we have studied a lot regarding the WSN and DOS attack to the system. This much knowledge is sufficient for proposing a technique for prevention from denial of service attack. Therefore, we have proposed a new system by doing the enhancement in the C0-FAIS system. The current Co-FAIS system lacks the capabilities of learning and the detection accuracy rate is also less. Therefore, we have added two new parameters in the Fuzzy Learning detector so as to overcome the disadvantages of the current technique and getting more accurate results than ever before. The new proposed technique provides proper security to the system and prevents it completely from any of the service attacks including DOS attack. Therefore, we can easily rely on this technique for the business websites (Alrajei, 2014). References Alrajei, N. M. (2014). Intrusion detection in wireless sensor networks. Alzaghal, M. H. (2006). Wireless sensor network: channel propagation measurements and comparison with simulation. Monterey, CA: Naval Postgraduate School. Booth, J., Gildenhard, I. (2007). Cicero on the attack: invective and subversion in the orations and beyond. Swansea: The Classical Press of Wales. Britz, M. (2009). Computer forensics and cyber crime: an introduction. Upper Saddle River, NJ: Pearson Prentice Hall. Burch, H. (2005). Measuring an IP network in situ. Pittsburgh, PA: School of Computer Science, Carnegie Mellon University. Girwodz, C., Chandra, S. (2006). Multimedia computing and networking 2006. Bellingham, WA: SPIE. Gong, C. (2007). Practical and scalable deployment of DoS defense measures in the internet. Gregory, P. H. (2015). CISSP guide to security essentials. Boston, MA, USA: Cengage Learning. Hu, J. M. (2006). Wireless sensor network: localization and routing. Jahnke, M. (2009). Graph-based automated denial-of-service attack response. Waabs: GCA-Verl. Janczewski, L., Colarik, A. M. (2008). Cyber warfare and cyber terrorism. Hershey: Information Science Reference. Mirkovic, J. (2005). Internet denial of service: attack and defense mechanisms. Upper Saddle River, NJ: Prentice Hall Professional Technical Reference. Naznin, M. (2009). Wireless sensor network: coverage, scheduling and optimization. Saarbrucken: VDM Verlag. Nissar, N. (2011). Secure routing in WSN. Ifrane: Al Akhawayn University Press. REHMAN, S. U. (2012). WIRELESS SENSOR NETWORK. S.l.: LAP LAMBERT ACADEMIC PUBL. Robinson, E., Bond, M. (2011). Security for Microsoft Visual Basic .NET. Sebastopol: Microsoft Press. Romero, M. A., Ahmed, T., Bonni, F., Altuna, J. (2006). Wireless sensor network. Arrasate-Mondrago?n: Mondragon Goi Eskola Politeknikoa, Mondragon Unibertsitatea. Saied, A. (n.d.). Distributed denial of service (DDoS) attack detection and mitigation. Soltanian, M. R., Amiri, I. S. (2015). Theoretical and experimental methods for defending against DDoS attacks. Waltham, MA: Syngress is an imprint of Elsevier. Stavros, A. V. (2012). Advances in Communications and Media Research. New York: Nova Science , Inc. Thulasiraman, P. (2007). Frontiers of high performance computing and networking --ISPA 2007 workshops: ISPA 2007 international workshops, SSDSN, UPWN, WISH, SGC, ParDMCom, HiPCoMB, and IST-AWSN, Niagara Falls, Canada, August 29-31, 2007: proceedings. Berlin: Springer. Tran, T. P., Tsai, P., Jan, T., Kong, X. (2010). Network Intrusion Detection using Machine Learning and Voting techniques. INTECH Open Access Publisher. Wang, P. (2009). Wireless sensor network: energy efficiency, security, and, fault tolerance. Ottawa: Library and Archives Canada = Bibliothe?que et Archives Canada. Wang, Y., Zhang, X. (2012). Internet of things International Workshop, IOT 2012, Changsha, China, August 17-19, 2012. Proceedings. Berlin: Springer. Whitman, M. E., Mattord, H. J. (2016). Principles of information security. Australia: Delmar. Wu, C. (n.d.). On network-layer packet traceback: Tracing denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. Wu, X. (2006). System and control engineering approaches to some network vulnerability problems. Yu, S. (2014). Distributed Denial of Service Attack and Defense. New York, NY: Springer New York.