Evaluating Energy-Oriented Distributed Denial-of
Transcription
Evaluating Energy-Oriented Distributed Denial-of
Australian Journal of Engineering Research SCIE Journals Evaluating Energy-Oriented Distributed Denial-of-Service Attacks by Using Energy Points and Cosmic Ffp 1 1 P.C. Senthil Mahesh and 2Paul Rodrigues Department of CSE, Dhaanish Ahmed College of Engineering, Anna University, Chennai, India 2 DMI College of Engineering, Chennai, Tamil Nadu, India Abstract: The aim of this paper is to enhance the security in distributed denial-of-service (DDoS) attacks. A coordinated DDoS attack is often performed on a massive scale, affecting the availability of network resources. Millions of dollars are lost because of the DDoS attack, which is a type of security breach. The DDoS attack is a major threat and hence new techniques that can combat this rising menace are investigated by researchers. In this work, we propose a new technique called energy points to minimize the adverse effects of DDoS attacks. Keywords: COSMIC Full Functional Point, Denial-of-Service (DoS) attacks, energy points. 1. INTRODUCTION The emergence of new energy sustainable computing paradigms has attracted the attention of researchers and industrial experts alike. Stein and Stewart define a distributed DDoS attack as an attack which utilizes many computers to initiate a coordinated DoS attack against a single machine or multiple machines [1]. The effects of DoS attacks can be drastically increased by harnessing the resources of unsuspecting computers that are employed as attack platforms. A DDoS attacker is more intelligent than a DoS attacker. The DDoS security report states that 65% of banks in the USA were affected by DDoS attacks in 2012 (www.smart-payments.info). Stephen and Ruby have categorized DDoS attacks as follows [2]: 1. Volume-based attacks 2. Protocol attacks 3. Application layer attacks and 4. Energy-oriented attacks. DDoS attacks generally take advantage of the complex architecture of the Internet. The following facts are exploited by attackers: 1. Internet security is dependent. No matter how secure a victim’s system may be, whether or not this system will be a DDoS victim depends on the rest of the global Internet [3, 4]. 2. Internet host resources are limited. Each and every Internet system has limited resources that can be exhausted by many users. 3. Many resources against a few victims: The success of the attack is increased if the resources of the attackers are larger than the resources of the victims. 4. The trainers or the masters These are the hosts with specific programs running on them and are used to control multiple agents. 1.1 Distributed Denial-of-Service Strategy A DDoS attack includes many steps. The steps in initiating a DDoS attack [5] are as follows: Selection of agents Compromise Communication and Attack. Selection of agents: The attacker first selects agents that can make an attack. Some machines are selected by the attacker as agents depending on the vulnerabilities. Attackers victimize these machines, and powerful attacks can be generated. Attackers can easily identify these machines using advanced tools. Australian Society for Commerce Industry & Engineering www.scie.org.au 14 Australian Journal of Engineering Research SCIE Journals Compromise: The attacker utilizes the vulnerabilities of the machines as well as security loopholes, and plants the attack code in the machines. The attacker also takes the essential steps to safeguard the planted code from being identified and deactivated. Automated self-propagating tools such as the Ramen worm [6] and Code Red [7] are often used to compromise machines. It is very difficult for the owners of the agent system as well as users to recognize that they have become a part of a DDoS attack. Communication: The attacker communicates with many handlers to recognize which agents are running, when to schedule attacks, or when to upgrade the agents. Attackers and handlers use various standard protocols such as the ICMP, TCP and UDP for communication. Agents can communicate with a single handler or multiple handlers based on the configuration of the attack network. Attack: The attacker begins the attack. The victim, duration of the attack, type, length, TTL and port number can all be adjusted by the attacker. If there is disparity in the properties of attack packets, it is beneficial to the attacker, as it makes the detection of attacks difficult. 2.ENERGY-ORIENTED DoS ATTACKS DoS attacks are becoming major concern for sites which are connected to the Internet. By affecting the server systems on the target sites, the attacker may prevent user access to e-mail relays, websites and online accounts such as banking, e-commerce etc. [6]. Energy-based DoS attacks affect computing devices and their functioning by altering the energy consumption of applications. Ricciardi et al. (8), Carl et al. (9) and Barroso (10) have focused on network-based DDoS attacks from the power consumption viewpoint. The contribution of CPU to the server power consumption ranges from 25 to 55% depending on the server type. On the other hand, memory, network interfaces [10] [11], motherboard, disks and fans consume less energy compared to the CPU as shown in Table 1. Table 1: Energy Consumption Breakdown of Low-End server Component CPU [19] Memory [20] Peak Power 80 W 36 W Disk subsystem [21] Network Interface [22] Motherboard [6] Fans [6] 12 W 2W 25 W 10 W From theTable 1, it can be readily seen that the energy consumption of disks and the Network Interface Card (NIC) are comparatively lower. The CPU and memory are the components that consume more energy. The goal of energy-oriented attacks is to increase the power consumption by making the CPU and memory of the target systems as busy as possible. In a DDoS attack, this is achieved by adding more load on the servers by initiating a large number of service requests, thereby denying many resources legitimate requests and forcing the CPUs to work at their maximum operating frequency. Another way of system energy is by overloading the machine’s hard disks with millions of read or write operations, thus forcing them to operate constantly at their maximum transfer rate or to constantly spin up and down the hard disk’s spindle engines. This kind of attack is common in the case of several computer viruses and Trojans that are able to directly run malicious codes on target nodes. These malicious agents can modify the operating system kernel or some application binary code, consuming large amounts of energy for their execution. Finally, the last component or device can be solicited based on the actual connection rate. Energy consumption-based DDoS attacks cause the following problems: Australian Society for Commerce Industry & Engineering www.scie.org.au 15 Australian Journal of Engineering Research SCIE Journals 2.1. Rise of energy costs: Increasing the power usage during DDoS attacks has direct and immediate energy expenses, resulting in very high energy bills. This is undesirable because traditional power provisioning strategies intend to keep as much computing and storage equipment as possible within a specified power budget in order to increase the utilization of the deployed data centre power capacity. More specifically, such approaches try to fill the gap between the achieved and theoretical peak power usage in order to deploy any additional equipment within the power budget [11]. The full utilization of the data centre offset by the risk is more than its maximum capacity, resulting in power outages because of the fact that the maximum drained power of a data centre may be conditioned by a physical and/or contractual limit. 2.2. Neutralisation of energy saving systems: This attack is aimed at disconnecting energy saving systems from the main energy source. If attackers recognize that energy-saving mechanisms operate in the target system, and if they obtain the details about these systems, they can devise attacks aimed at neutralising them. This is a more serious issue because the amount of additional work to be ―injected‖ into the system does not need to bring the processor or storage to full load, but is limited to the amount necessary to avoid the triggering of the energy saving mechanisms, which are, in general, threshold-based. An attacker increases the computational needs of the site and, thus, its energy consumption, above the threshold, eventually causing an economical damage or, even worse, an energy outage that results in a complete DoS. 2.3. Increase in operating temperatures: The thermal-based attack, aimed at increasing the cooling power consumption, is another potential menace that has to be taken into account. Detrimental effects of such attacks raise the CPU and memory temperatures, and increase cooling power consumption. 2.4. Exhausting the power budget: New components in data centres may exhaust the budget base lined for power consumption. The attacks may result in high energy costs, as well as complete power outages. It has been shown that the power consumption stated by manufacturers is actually an overrated value [12]. Thus it is of limited usefulness. It shows the idea that ―there will be sufficient power‖ if the nameplate values are measured when dimensioning power facilities. A sustained energy-oriented attack may make the entire data centre out of service by completely blocking the underlying electrical distribution system. These kinds of attacks may be tough to detect, unless online monitoring and data collection systems are deployed directly on the power distribution subsystems (i.e. UPS, PDU, etc.). 2.5. Incrementing dirty emissions: Incrementing dirty emission will raise both the energy consumption and the costs associated with increased Green House Gas (GHG) emissions. Energy-oriented attacks may also be exploited under an additional dimension: GHG emissions. Many steps have been taken by governments and industries to reduce GHG emissions [13]. The GHG emission are being exploited by attackers to increase GHG emissions. 3. FULL FUNCTIONAL POINT We performed this study based on function points to demonstrate the banking transaction process. The members of WG12 developed a new Functional Size Measurement (FSM) method. This method states that the read operation consumes less energy than the write operation, and the power consumed by entry and exit operations is negligible. One read energy point (E ) equals 13.3 μ /Kbyte, whereas one write energy point E equals 6.67 R W μ /Kbyte. The total energy points are measured in kW, using the expression w W EP = Total RE + Total WE. EP – Energy point Australian Society for Commerce Industry & Engineering www.scie.org.au 16 Australian Journal of Engineering Research SCIE Journals RE – Read energy point WE – Write energy point The monolithic application is divided into layers and components using FFP. Sizing can be performed by recognizing the data movements in each component. These data movements are shown as Read, Write, Entry and Exit in Figure 1 which also shows the relationship between the types of data movement and the functional process. FFPs and energy consumptions depend on data movements. Our case study illustrates the method of counting energy points. 4. Application Of Energy Points For more details Reference (case study). The use case shown in Fig. 1 details the four types of data movement and their relationship with the functional process and data groups in a state-of-the-art online banking transaction system that allows users access through the Internet. Functiona l Process Entry Exit Read Write Persistent storage Figure. 1: Data movement types and their relationship with the functional process. The requirements have been reorganized in the following sequence: Log in Maintain account holder information (by the bank) Provide the account number Provide the transaction password Provide the transfer account number View balance details Log out. Here, we present the details of the login and the fund transfer steps. Login: This use case describes how a user logs into the online banking system. Flow of events: The actor (account holder) types his/her name and password in the login form. Basic flow login: The system authenticates the actor’s password and logs him/her into the system. The system displays the Main Form for the transaction and the use case ends. Alternative flows: Invalid name/password: If the password is invalid, then an error message is displayed by the system. The actor can type another name or password or choose to cancel the operation. Table 2: Functional User requirement. ID Descriptio n of Process Triggering event Description of subprocess Australian Society for Commerce Industry & Engineering www.scie.org.au 17 Australian Journal of Engineering Research SCIE Journals 1.2 Login by User using ID and Password Enter Id and password Read ID and Password User data Display messages Messages Transfer Account Number Enter Account Number. Amount to be transferred Enter the amount to be transferred. Bank, Branch and IFS code Enter/Select Bank, Branch and IFS code. Transaction Password Enter transaction password or one time Password. Amount reduced from the account and credited to another account Select view balance Write operation performed. Amount deducted from the user account and credited to another account selected by the user. View balance. Login 1.3 Transfer Details 1.4 View Balance Table 3: Data Movement. Data Group Data Movement Type Cfsu (Cosmic functional size Unit) Attribute System Entry E 1 0 User Data Read R 8 8 Write operation Write W 2 2 EP R=8 × 13.3 = 106.4 μ W /Kbyte W = 2 × 6.67 = 13.34 μ /Kbyte Message Exit X 1 0 W 3 S.N o Project Module Table 4: Energy Points for a Project Banking Transaction Read Write Total Energy Energy Energy points points Points μ /k byte μ /k W W 1 Login 26.6 byte 6.67 2 Transfer Details 79.8 13.34 93.14 3 View Balance Log out 39.9 - 39.9 - 13.34 13.34 4 33.27 Australian Society for Commerce Industry & Engineering www.scie.org.au 18 Australian Journal of Engineering Research SCIE Journals ENERGY POINT Total Energy Point for a Project PROJECT MODULE Fig 2: Total Energy Points for an online banking transaction. Assume that the user ID and password are of size 10 bytes each and that there are 100 user records (user ids and passwords). The total read energy points are calculated as 1cfsu = (10 × 100 + 10 × 100). E = Attribute × Total Kbyte/E = (10 × 100 + 10 × 100) / 1000 = 2 E as per the definition one read R R R operation consumes 13.3 μ /k byte. Therefore Total energy point equals 8 × 13.3 = 106.4 μ /k byte. W W Table 4 shows the read energy point, write energy point and total energy point for each module in the banking transaction. Figure 2 shows the total energy points used for an online banking transaction. In the same way, the write energy points need to be calculated and Ep continuously monitored to check for deviations in energy consumption patterns. If any major deviation is observed, energy consumptionbased attacks can be suspected and appropriate remedial measures for this deviation can be taken. 5. CONCLUSION The energy point method is useful for monitoring the change in the energy consumed by software applications. DDoS attacks that consume energy can be identified and prevented by using the energy point concept. This approach results in reduced Co emission, which is the goal of green computing. 2 6. REFERENCES [1] Stein, L. D. and Stewart, J. N. (2002). The world-wide web security FAQ, version 3.1.2. http://www.w3.org/Security/Faq. Cold Spring Harbor, NY. [2] Stephen, S. and L. Ruby, 2003. Taxonomies of Distributed Denial of Service Networks, Attacks, Tools and Countermeasures. Retrieved from: http:// www.ee.princeton.edu/~rblee/DDoS%20Survey%20Paper_v7final.doc. [3] Houle, K. J. and Weaver, G. M. (2001) Trends in denial of service attack technology. Technical Report v1.0. CERT and CERT coordination center, Carnegie Mellon University, Pittsburgh, PA. [4] Wong, T. Y., Law, K. T., Lui, J. C. S., and Wong, M. H. (2006) An efficient distributed algorithm to identify and traceback DDoS traffic. Comp. J., 49, 418–442. [5] Monowar H. Bhuyan, H. J. Kashyap, D. K. Bhattacharyya and J. K. Kalita. Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions. The Computer Journal, 2012. [6] M. McDowell, ―Understanding Denial-of-Service Attacks‖, National Cyber Alert System, Cyber Security Tip ST04- 015.2004, 2004. [7] P.C. Senthil Mahesh and Paul Rodrigues,‖ Evaluating Energy based DDOS Attacks using Cosmic FFP and Energy Points‖, Research Journal of Applied Sciences, Engineering and Technology 7(13): Australian Society for Commerce Industry & Engineering www.scie.org.au 19 Australian Journal of Engineering Research SCIE Journals 2711-2713, 2014 ISSN: 2040-7459; e-ISSN: 2040-7467. [8] Palmieri, F., S.Ricciardi and U. Fiore, 2011. Evaluating network based Dos attacks under the energy consumption perspective. Proceeding of the International Conference on Broadband and Wireless Computing, Communication and Applications, pp 374–379. [9] Carl, G., G. Kesidis, R.R. Brooks and S. Rai, 2006. Denial-of-Service attack-detection techniques. IEEE Internet Comput., 10(1): 82-89. [10] L.A. Barroso, U. Hölzle, ―The Case for Energy-Proportional Computing", IEEE Computer, vol. 40, pp. 33-37, 2007. [11] X. Fan, X-D. Weber, L.A. Barroso, ―Power provisioning for a warehouse- sized computer‖, in Proc. 34th annual international symposium on computer architecture (ISCA ’07), pp 13–23, 2007. [12] J. Mitchell-Jackson, J. G. Koomey, B. Nordman, and M. Blazek, ―Data center power requirements: measurements from silicon valley‖, Energy ISSN 0360-5442, 837–850, 2003. [13] B. St Arnaud, ―ICT and Global Warming: Opportunities for Innovation and Economic Growth‖, http://docs.google.com/Doc?id=dgbgjrct_2767dxpbdvcf. Australian Society for Commerce Industry & Engineering www.scie.org.au 20
Similar documents
DDoS Protection
Denial-of-service (DoS) attacks are happening now and have evolved into complex security challenges for organizations large and small. Although DoS attacks are not a new phenomenon, the methods and resources available to conduct and mask such attacks have dramatically evolved to include distributed (DDoS) and, more recently, distributed reflector (DRDoS) attacks—attacks that simply cannot be addressed by traditional on-premise solutions.
More information