Evaluating Energy-Oriented Distributed Denial-of

Transcription

Evaluating Energy-Oriented Distributed Denial-of
Australian Journal of Engineering Research
SCIE Journals
Evaluating Energy-Oriented Distributed Denial-of-Service
Attacks by Using Energy Points and Cosmic Ffp
1
1
P.C. Senthil Mahesh and 2Paul Rodrigues
Department of CSE, Dhaanish Ahmed College of Engineering, Anna University, Chennai, India
2
DMI College of Engineering, Chennai, Tamil Nadu, India
Abstract: The aim of this paper is to enhance the security in distributed denial-of-service (DDoS)
attacks. A coordinated DDoS attack is often performed on a massive scale, affecting the availability of
network resources. Millions of dollars are lost because of the DDoS attack, which is a type of security
breach. The DDoS attack is a major threat and hence new techniques that can combat this rising
menace are investigated by researchers. In this work, we propose a new technique called energy points
to minimize the adverse effects of DDoS attacks.
Keywords: COSMIC Full Functional Point, Denial-of-Service (DoS) attacks, energy points.
1. INTRODUCTION
The emergence of new energy sustainable computing paradigms has attracted the attention of
researchers and industrial experts alike. Stein and Stewart define a distributed DDoS attack as an
attack which utilizes many computers to initiate a coordinated DoS attack against a single machine or
multiple machines [1]. The effects of DoS attacks can be drastically increased by harnessing the
resources of unsuspecting computers that are employed as attack platforms. A DDoS attacker is more
intelligent than a DoS attacker. The DDoS security report states that 65% of banks in the USA were
affected by DDoS attacks in 2012 (www.smart-payments.info). Stephen and Ruby have categorized
DDoS attacks as follows [2]:
1. Volume-based attacks
2. Protocol attacks
3. Application layer attacks and
4. Energy-oriented attacks.
DDoS attacks generally take advantage of the complex architecture of the Internet. The following facts
are exploited by attackers:
1. Internet security is dependent.
No matter how secure a victim’s system may be, whether or not this system will be a DDoS victim
depends on the rest of the global Internet [3, 4].
2. Internet host resources are limited.
Each and every Internet system has limited resources that can be exhausted by many users.
3. Many resources against a few victims:
The success of the attack is increased if the resources of the attackers are larger than the resources of
the victims.
4. The trainers or the masters
These are the hosts with specific programs running on them and are used to control multiple agents.
1.1 Distributed Denial-of-Service Strategy
A DDoS attack includes many steps. The steps in initiating a DDoS attack [5] are as follows:
 Selection of agents
 Compromise
 Communication and
 Attack.
Selection of agents:
The attacker first selects agents that can make an attack. Some machines are selected by the attacker as
agents depending on the vulnerabilities. Attackers victimize these machines, and powerful attacks can
be generated. Attackers can easily identify these machines using advanced tools.
Australian Society for Commerce Industry & Engineering
www.scie.org.au
14
Australian Journal of Engineering Research
SCIE Journals
Compromise:
The attacker utilizes the vulnerabilities of the machines as well as security loopholes, and plants the
attack code in the machines. The attacker also takes the essential steps to safeguard the planted code
from being identified and deactivated. Automated self-propagating tools such as the Ramen worm [6]
and Code Red [7] are often used to compromise machines. It is very difficult for the owners of the
agent system as well as users to recognize that they have become a part of a DDoS attack.
Communication:
The attacker communicates with many handlers to recognize which agents are running, when to
schedule attacks, or when to upgrade the agents. Attackers and handlers use various standard protocols
such as the ICMP, TCP and UDP for communication. Agents can communicate with a single handler or
multiple handlers based on the configuration of the attack network.
Attack:
The attacker begins the attack. The victim, duration of the attack, type, length, TTL and port number
can all be adjusted by the attacker. If there is disparity in the properties of attack packets, it is beneficial
to the attacker, as it makes the detection of attacks difficult.
2.ENERGY-ORIENTED DoS ATTACKS
DoS attacks are becoming major concern for sites which are connected to the Internet. By affecting the
server systems on the target sites, the attacker may prevent user access to e-mail relays, websites and
online accounts such as banking, e-commerce etc. [6]. Energy-based DoS attacks affect computing
devices and their functioning by altering the energy consumption of applications. Ricciardi et al. (8),
Carl et al. (9) and Barroso (10) have focused on network-based DDoS attacks from the power
consumption viewpoint. The contribution of CPU to the server power consumption ranges from 25 to
55% depending on the server type. On the other hand, memory, network interfaces [10] [11],
motherboard, disks and fans consume less energy compared to the CPU as shown in Table 1.
Table 1: Energy Consumption Breakdown of Low-End server
Component
CPU [19]
Memory [20]
Peak Power
80 W
36 W
Disk subsystem [21]
Network Interface [22]
Motherboard [6]
Fans [6]
12 W
2W
25 W
10 W
From theTable 1, it can be readily seen that the energy consumption of disks and the Network Interface
Card (NIC) are comparatively lower. The CPU and memory are the components that consume more
energy. The goal of energy-oriented attacks is to increase the power consumption by making the CPU
and memory of the target systems as busy as possible. In a DDoS attack, this is achieved by adding
more load on the servers by initiating a large number of service requests, thereby denying many
resources legitimate requests and forcing the CPUs to work at their maximum operating frequency.
Another way of system energy is by overloading the machine’s hard disks with millions of read or
write operations, thus forcing them to operate constantly at their maximum transfer rate or to constantly
spin up and down the hard disk’s spindle engines. This kind of attack is common in the case of several
computer viruses and Trojans that are able to directly run malicious codes on target nodes. These
malicious agents can modify the operating system kernel or some application binary code, consuming
large amounts of energy for their execution. Finally, the last component or device can be solicited
based on the actual connection rate.
Energy consumption-based DDoS attacks cause the following problems:
Australian Society for Commerce Industry & Engineering
www.scie.org.au
15
Australian Journal of Engineering Research
SCIE Journals
2.1. Rise of energy costs:
Increasing the power usage during DDoS attacks has direct and immediate energy expenses, resulting
in very high energy bills. This is undesirable because traditional power provisioning strategies intend to
keep as much computing and storage equipment as possible within a specified power budget in order to
increase the utilization of the deployed data centre power capacity. More specifically, such approaches
try to fill the gap between the achieved and theoretical peak power usage in order to deploy any
additional equipment within the power budget [11]. The full utilization of the data centre offset by the
risk is more than its maximum capacity, resulting in power outages because of the fact that the
maximum drained power of a data centre may be conditioned by a physical and/or contractual limit.
2.2. Neutralisation of energy saving systems:
This attack is aimed at disconnecting energy saving systems from the main energy source. If attackers
recognize that energy-saving mechanisms operate in the target system, and if they obtain the details
about these systems, they can devise attacks aimed at neutralising them. This is a more serious issue
because the amount of additional work to be ―injected‖ into the system does not need to bring the
processor or storage to full load, but is limited to the amount necessary to avoid the triggering of the
energy saving mechanisms, which are, in general, threshold-based. An attacker increases the
computational needs of the site and, thus, its energy consumption, above the threshold, eventually
causing an economical damage or, even worse, an energy outage that results in a complete DoS.
2.3. Increase in operating temperatures:
The thermal-based attack, aimed at increasing the cooling power consumption, is another potential
menace that has to be taken into account. Detrimental effects of such attacks raise the CPU and
memory temperatures, and increase cooling power consumption.
2.4. Exhausting the power budget:
New components in data centres may exhaust the budget base lined for power consumption. The
attacks may result in high energy costs, as well as complete power outages. It has been shown that the
power consumption stated by manufacturers is actually an overrated value [12]. Thus it is of limited
usefulness. It shows the idea that ―there will be sufficient power‖ if the nameplate values are measured
when dimensioning power facilities. A sustained energy-oriented attack may make the entire data
centre out of service by completely blocking the underlying electrical distribution system. These kinds
of attacks may be tough to detect, unless online monitoring and data collection systems are deployed
directly on the power distribution subsystems (i.e. UPS, PDU, etc.).
2.5. Incrementing dirty emissions:
Incrementing dirty emission will raise both the energy consumption and the costs associated with
increased Green House Gas (GHG) emissions. Energy-oriented attacks may also be exploited under an
additional dimension: GHG emissions. Many steps have been taken by governments and industries to
reduce GHG emissions [13]. The GHG emission are being exploited by attackers to increase GHG
emissions.
3. FULL FUNCTIONAL POINT
We performed this study based on function points to demonstrate the banking transaction process. The
members of WG12 developed a new Functional Size Measurement (FSM) method. This method states
that the read operation consumes less energy than the write operation, and the power consumed by
entry and exit operations is negligible.
One read energy point (E ) equals 13.3 μ /Kbyte, whereas one write energy point E equals 6.67
R
W
μ /Kbyte. The total energy points are measured in kW, using the expression
w
W
EP = Total RE + Total WE.
EP – Energy point
Australian Society for Commerce Industry & Engineering
www.scie.org.au
16
Australian Journal of Engineering Research
SCIE Journals
RE – Read energy point
WE – Write energy point
The monolithic application is divided into layers and components using FFP. Sizing can be performed
by recognizing the data movements in each component. These data movements are shown as Read,
Write, Entry and Exit in Figure 1 which also shows the relationship between the types of data
movement and the functional process. FFPs and energy consumptions depend on data movements. Our
case study illustrates the method of counting energy points.
4. Application Of Energy Points
For more details Reference (case study). The use case shown in Fig. 1 details the four types of data
movement and their relationship with the functional process and data groups in a state-of-the-art online
banking transaction system that allows users access through the Internet.
Functiona
l Process
Entry
Exit
Read
Write
Persistent
storage
Figure. 1: Data movement types and their relationship with the functional process.
The requirements have been reorganized in the following sequence:







Log in
Maintain account holder information (by the bank)
Provide the account number
Provide the transaction password
Provide the transfer account number
View balance details
Log out.
Here, we present the details of the login and the fund transfer steps.
Login: This use case describes how a user logs into the online banking system.
Flow of events: The actor (account holder) types his/her name and password in the login form.
Basic flow login: The system authenticates the actor’s password and logs him/her into the system. The
system displays the Main Form for the transaction and the use case ends.
Alternative flows:
Invalid name/password: If the password is invalid, then an error message is displayed by the system.
The actor can type another name or password or choose to cancel the operation.
Table 2: Functional User requirement.
ID
Descriptio
n of
Process
Triggering event
Description of subprocess
Australian Society for Commerce Industry & Engineering
www.scie.org.au
17
Australian Journal of Engineering Research
SCIE Journals
1.2
Login by User using ID
and Password
Enter Id and password
Read ID and Password
User data
Display messages
Messages
Transfer Account Number
Enter Account Number.
Amount to be transferred
Enter the amount to be transferred.
Bank, Branch and IFS code
Enter/Select Bank, Branch and IFS code.
Transaction Password
Enter transaction password or one time Password.
Amount reduced from the
account and credited to
another account
Select view balance
Write operation performed. Amount deducted from the
user account and credited to another account selected by
the user.
View balance.
Login
1.3
Transfer
Details
1.4
View
Balance
Table 3: Data Movement.
Data Group
Data Movement
Type
Cfsu (Cosmic
functional size
Unit)
Attribute
System
Entry E
1
0
User Data
Read R
8
8
Write operation
Write W
2
2
EP
R=8 × 13.3 = 106.4 μ
W
/Kbyte
W = 2 × 6.67 = 13.34
μ /Kbyte
Message
Exit X
1
0
W
3
S.N
o
Project
Module
Table 4: Energy Points for a Project Banking Transaction
Read
Write
Total
Energy
Energy
Energy
points
points
Points
μ /k byte
μ /k
W
W
1
Login
26.6
byte
6.67
2
Transfer
Details
79.8
13.34
93.14
3
View
Balance
Log out
39.9
-
39.9
-
13.34
13.34
4
33.27
Australian Society for Commerce Industry & Engineering
www.scie.org.au
18
Australian Journal of Engineering Research
SCIE Journals
ENERGY POINT
Total Energy Point for a Project
PROJECT MODULE
Fig 2: Total Energy Points for an online banking transaction.
Assume that the user ID and password are of size 10 bytes each and that there are 100 user records
(user ids and passwords). The total read energy points are calculated as 1cfsu = (10 × 100 + 10 × 100).
E = Attribute × Total Kbyte/E = (10 × 100 + 10 × 100) / 1000 = 2 E as per the definition one read
R
R
R
operation consumes 13.3 μ /k byte. Therefore Total energy point equals 8 × 13.3 = 106.4 μ /k byte.
W
W
Table 4 shows the read energy point, write energy point and total energy point for each module in the
banking transaction. Figure 2 shows the total energy points used for an online banking transaction. In
the same way, the write energy points need to be calculated and Ep continuously monitored to check
for deviations in energy consumption patterns. If any major deviation is observed, energy consumptionbased attacks can be suspected and appropriate remedial measures for this deviation can be taken.
5. CONCLUSION
The energy point method is useful for monitoring the change in the energy consumed by software
applications. DDoS attacks that consume energy can be identified and prevented by using the energy
point concept. This approach results in reduced Co emission, which is the goal of green computing.
2
6. REFERENCES
[1] Stein, L. D. and Stewart, J. N. (2002). The world-wide web security FAQ, version 3.1.2.
http://www.w3.org/Security/Faq. Cold Spring Harbor, NY.
[2] Stephen, S. and L. Ruby, 2003.
Taxonomies of Distributed Denial of Service Networks, Attacks, Tools and Countermeasures.
Retrieved from: http://
www.ee.princeton.edu/~rblee/DDoS%20Survey%20Paper_v7final.doc.
[3] Houle, K. J. and Weaver, G. M. (2001) Trends in denial of service attack technology. Technical
Report v1.0. CERT and CERT coordination center, Carnegie Mellon University, Pittsburgh, PA.
[4] Wong, T. Y., Law, K. T., Lui, J. C. S., and Wong, M. H. (2006) An efficient distributed algorithm to
identify and traceback DDoS traffic. Comp. J., 49, 418–442.
[5] Monowar H. Bhuyan, H. J. Kashyap, D. K. Bhattacharyya and J. K. Kalita. Detecting Distributed
Denial of Service Attacks: Methods, Tools and Future Directions. The Computer Journal, 2012.
[6] M. McDowell, ―Understanding Denial-of-Service Attacks‖, National Cyber Alert System, Cyber
Security Tip ST04- 015.2004, 2004.
[7] P.C. Senthil Mahesh and Paul Rodrigues,‖ Evaluating Energy based DDOS Attacks using Cosmic
FFP and Energy Points‖, Research Journal of Applied Sciences, Engineering and Technology 7(13):
Australian Society for Commerce Industry & Engineering
www.scie.org.au
19
Australian Journal of Engineering Research
SCIE Journals
2711-2713, 2014 ISSN: 2040-7459; e-ISSN: 2040-7467.
[8] Palmieri, F., S.Ricciardi and U. Fiore, 2011. Evaluating network based Dos attacks under the energy
consumption perspective. Proceeding of the International Conference on Broadband and Wireless
Computing, Communication and Applications, pp 374–379.
[9] Carl, G., G. Kesidis, R.R. Brooks and S. Rai, 2006. Denial-of-Service attack-detection techniques.
IEEE Internet Comput., 10(1): 82-89.
[10] L.A. Barroso, U. Hölzle, ―The Case for Energy-Proportional Computing", IEEE Computer, vol.
40, pp. 33-37, 2007.
[11] X. Fan, X-D. Weber, L.A. Barroso, ―Power provisioning for a warehouse- sized computer‖, in
Proc. 34th annual international symposium on computer architecture (ISCA ’07), pp 13–23, 2007.
[12] J. Mitchell-Jackson, J. G. Koomey, B. Nordman, and M. Blazek, ―Data center power requirements:
measurements from silicon valley‖, Energy ISSN 0360-5442, 837–850, 2003.
[13] B. St Arnaud, ―ICT and Global Warming: Opportunities for Innovation and Economic Growth‖,
http://docs.google.com/Doc?id=dgbgjrct_2767dxpbdvcf.
Australian Society for Commerce Industry & Engineering
www.scie.org.au
20

Similar documents

DDoS Protection

DDoS Protection Denial-of-service (DoS) attacks are happening now and have evolved into complex security challenges for organizations large and small. Although DoS attacks are not a new phenomenon, the methods and resources available to conduct and mask such attacks have dramatically evolved to include distributed (DDoS) and, more recently, distributed reflector (DRDoS) attacks—attacks that simply cannot be addressed by traditional on-premise solutions.

More information