24-03-2011, 03:05 PM
[attachment=10919]
DETECTING MALICIOUS PACKET LOSSES
Abstract
We consider the problem of detecting whether a compromised router is maliciously manipulating its stream of packets. In particular, we are concerned with a simple yet effective attack in which a router selectively drops packets destined for some Victim. Unfortunately, it is quite challenging to attribute a missing packet to a malicious action because normal network congestion can produce the same effect. Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities. Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply malicious intent. However, this heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create unnecessary false positives or mask highly focused attacks.
1. INTRODUCTION
We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur.
Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We have tested our protocol in Emulab and have studied its effectiveness in differentiating attacks from legitimate network behavior.
We use RED algorithm in our project and the importance of it is as follows
RED monitors the average queue size, based on an exponential weighted moving average: where the actual queue size and weight for a low-pass filter. RED uses three more parameters in minimum threshold,
Maximum, Maximum threshold. Using, RED dynamically computes a dropping probability in two steps for each packet it receives. First, it computes an interim probability, Further; the RED algorithm tracks the number of packets, since the last dropped packet. The final dropping probability, p, is specified to increase slowly as increases.
1.1 LITERATURE SURVEY:
We have source router , destination router and receiver router in this project. In this project, source ip, TTL, packet size , protocol,packet Data.
Source ip:It defines the particular IP Dress.
Packet Size:It defines the packet size
Protocol:Here we are using TCP protocol to send the data from one router to another router.
Packet Data:Here we are sending data from one router to another router.
We Have to mention the No of Packet in the InputText.Based on the no of packet we took the packets.And We send packets from sourcerouter to destination router.The destination router send packets to receiver.The Receiver missing one packet from the Destination router.We have know oueselves how many packets are missing during the Transmission.
1.2 PROJECT DESCRIPTION
The project entitled as “Detecting Malicious packet losses” developed using JAVA. Modules display as follows.
• Sender
• Source Router
• Destination Router
• Receiver
MODULES DESCRIPTION:
1) Sender:
This is a module mainly designed to provide the sender UI which accepts the number of packets to be sent and data of the packet. It creates an user interface to send the packets from sender to the receiver.
2) Source Router
It forwards the packets to the destination router from the sender.
3) Destination Router:
It receives the packets from the source router and forwards it to the receiver.
4) Receiver:
It receives the packets from the sender via source router and destination router.
2. SYSTEM STUDY
2.1 FEASIBILITY STUDY
The feasibility of the project is analyzed in this phase and business proposal is put forth with a very general plan for the project and some cost estimates. During system analysis the feasibility study of the proposed system is to be carried out. This is to ensure that the proposed system is not a burden to the company. For feasibility analysis, some understanding of the major requirements for the system is essential.
Three key considerations involved in the feasibility analysis are
• ECONOMICAL FEASIBILITY
• TECHNICAL FEASIBILITY
• SOCIAL FEASIBILITY
ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will have on the organization. The amount of fund that the company can pour into the research and development of the system is limited. The expenditures must be justified. Thus the developed system as well within the budget and this was achieved because most of the technologies used are freely available. Only the customized products had to be purchased.
TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical requirements of the system. Any system developed must not have a high demand on the available technical resources. This will lead to high demands on the available technical resources. This will lead to high demands being placed on the client. The developed system must have a modest requirement, as only minimal or null changes are required for implementing this system.
SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the user. This includes the process of training the user to use the system efficiently. The user must not feel threatened by the system, instead must accept it as a necessity. The level of acceptance by the users solely depends on the methods that are employed to educate the user about the system and to make him familiar with it. His level of confidence must be raised so that he is also able to make some constructive criticism, which is welcomed, as he is the final user of the system.
2.2 EXISTING SYSTEM
The ambiguity in the packets is considered as packet losses.
It cannot differentiate from legitimate behaviour of the system and packet losses.
The existing protocol used do not infer on the buffer size and traffic rates .
2.3 PROPOSED SYSTEM
• The proposed one provides good detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur.
• It differentiates attacks from legitimate network behaviour.
• The ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions.
