Detecting malicious packet losses
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
computer science topics
Active In SP

Posts: 610
Joined: Jun 2010
01-07-2010, 04:07 PM


The Internet is not a safe place. Unsecured hosts can expect to be compromised within minutes of connecting to the Internet and even well-protected hosts may be crippled with denial-of-service (DoS) attacks. However, while such threats to host systems are widely understood, it is less well appreciated that the network infrastructure itself is subject to constant attack as well. Indeed, through combinations of social engineering and weak passwords, attackers have seized control over thousands of Internet routers. Even more troubling is Mike Lynnâ„¢s controversial presentation at the 2005 Black Hat Briefings, which demonstrated how Cisco routers can be compromised via simple software vulnerabilities. Once a router has been compromised in such a fashion, an attacker may interpose on the traffic stream and manipulate it maliciously to attack others selectively dropping, modifying, or rerouting packets.

Several researchers have developed distributed protocols to detect such traffic manipulations, typically by validating that traffic transmitted by one router is received unmodified by another. However, all of these

Schemes including our own struggle in interpreting the absence of traffic. While a packet that has been modified in transit represents clear evidence of tampering, a missing packet is inherently ambiguous: it may have been explicitly blocked by a compromised router or it may have been dropped benignly due to network congestion. In fact, modern routers routinely drop packets due to bursts in traffic that exceed their buffering capacities, and the widely used Transmission Control Protocol (TCP) is designed to cause such losses as part of its normal congestion control behavior. Thus, existing traffic validation systems must inevitably produce false positives for benign events and/or produce false negatives by failing to report real malicious packet dropping.
Existing System:

Network routers occupy a unique role in modern distributed systems. They are responsible for cooperatively shuttling packets amongst themselves in order to provide the illusion of a network with universal point-to-point connectivity. However, this illusion is shattered - as are implicit assumptions of availability, confidentiality, or integrity - when network routers are subverted to act in a malicious fashion. By manipulating, diverting, or dropping packets arriving at a compromised router, an attacker can trivially mount denial-of-service, surveillance, or man-in-the-middle attacks on end host systems. Consequently, Internet routers have become a choice target for would-be attackers and thousands have been subverted to these ends. In this paper, we specify this problem of detecting routers with incorrect packet forwarding behavior and we explore the design space of protocols that implement such a detector. We further present a concrete protocol that is likely inexpensive enough for practical implementation at scale. Finally, we present a prototype system, called Fatih, that implements this approach on a PC router and describe our experiences with it. We show that Fatih is able to detect and isolate a range of malicious router actions with acceptable overhead and complexity. We believe our work is an important step in being able to tolerate attacks on key network infrastructure components

Proposed System:

We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur.

Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We have tested our protocol in Emulab and have studied its effectiveness in differentiating attacks from legitimate network behavior.

Implementation is the stage of the project and implimentation when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective.
The implementation stage involves careful planning, investigation of the existing system and itâ„¢s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
1. Network Module
2. Threat Model
3. Traffic Validation
4. Random Early Detection(RED)
5. Distributed Detection
Module Description:
1. Network Module

Client-server computing or networking is a distributed application architecture that partitions tasks or workloads between service providers (servers) and service requesters, called clients. Often clients and servers operate over a computer network on separate hardware. A server machine is a high-performance host that is running one or more server programs which share its resources with clients. A client also shares any of its resources; Clients therefore initiate communication sessions with servers which await (listen to) incoming requests.
2.Threat Model:
This focuses solely on data plane attacks (control plane attacks can be addressed by other protocols with appropriate threat models, and moreover, for simplicity, we examine only attacks that involve packet dropping.
However, our approach is easily extended to address other attacks such as packet modification or reordering similar to our previous work. Finally, as in, the protocol we develop validates traffic whose source and sink routers are uncompromised. A router can be traffic faulty by maliciously dropping packets and protocol faulty by not following the rules of the detection protocol. We say that a compromised router r is traffic faulty with respect to a path segment during if contains r and, during the period of time, r maliciously drops or misroutes packets that flow through. A router can drop packets without being faulty, as long as the packets are dropped because the corresponding output interface is congested. A compromised router r can also behave in an arbitrarily malicious way in terms of executing the protocol we present, in which case we indicate r as protocol faulty. A protocol faulty router can send control messages with arbitrarily faulty information, or it can simply not send some or all of them. A faulty router is one that is traffic faulty, protocol faulty, or both.
3.Traffic Validation

The first problem we address is traffic validation what information is collected about traffic and how Consider the queue Q in a router r associated with the output interface of link. The neighbor routers feed data into Q.
The traffic information collected by router r that traversed path segment over time interval, meaning traffic into Q, or Q out, meaning traffic out of Q. At an abstract level, we represent traffic, a validation mechanism associated with Q, as a predicate it is used to determine that a router has been compromised.

4.Random Early Detection(RED)

RED monitors the average queue size, based on an exponential weighted moving average: where is the actual queue size and w is the weight for a
Low- pass filter. RED uses three more parameters: min, minimum threshold; Max, maximum threshold; and maximum probability.

Using, RED dynamically computes a dropping probability in two steps for each packet it receives. First, it computes an interim probability further; the RED algorithm tracks the number of packets, since the last dropped packet. The final dropping probability, p, is specified to increase slowly as increases

5.Distributed Detection

Since the behavior of the queue is deterministic, the traffic validation mechanisms detect traffic faulty routers whenever the actual behavior of the queue deviates from the predicted behavior. However, a faulty router can also be protocol faulty. It can behave arbitrarily with respect to the protocol,
by dropping or altering the control messages .We mask the effect of protocol faulty routers using distributed detection.
Given TV, we need to distribute the necessary traffic information among the routers and implement a distributed detection protocol. Every outbound interface queue Q in the network is monitored by the neighboring routers and validated by a router rd such that Q is associated with the link.
Hardware Requirements:

¢ System : Pentium IV 2.4 GHz.
¢ Hard Disk : 40 GB.
¢ Floppy Drive : 1.44 Mb.
¢ Monitor : 15 VGA Colour.
¢ Mouse : Logitech.
¢ Ram : 256 Mb.
Software Requirements:

¢ Operating system : - Windows XP Professional.
¢ Coding Language : - JavaTool Used : - Eclipse.

read full report
Use Search at wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Active In SP

Posts: 2
Joined: Feb 2011
17-02-2011, 07:44 PM

i need code for Detecting malicious packet losses,uml diagrams,and documentation.
pleaz some body help out.
thank you
Active In SP

Posts: 2
Joined: Dec 2010
08-03-2011, 09:34 AM

Hi friends,

can any body please send me the project and implimentation DETECTING MALICIOUS PACKET LOSSES project and implimentation in java. I have to submit the project and implimentation 10th of this month.

please send me to the following email:
seminar addict
Super Moderator

Posts: 6,592
Joined: Jul 2011
01-02-2012, 10:05 AM

to get information about the topic detecting malicious packet losses full report ppt, and related topics refer the link bellow
seminar addict
Super Moderator

Posts: 6,592
Joined: Jul 2011
07-02-2012, 01:08 PM

Detecting malicious packet losses


The problem of detecting whether a compromised router is maliciously manipulating its stream of packets. In particular, we are concerned with a simple yet effective attack in which a router selectively drops packets destined for some victim. Unfortunately, it is quite challenging to attribute a missing packet to a malicious action because normal network congestion can produce the same effect. Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities. Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply malicious intent. However, this heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create unnecessary false positives or mask highly focused attacks. We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur. Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We have tested our protocol in EMU lab and have studied its effectiveness in differentiating attacks from legitimate network behavior.
seminar ideas
Super Moderator

Posts: 10,003
Joined: Apr 2012
19-06-2012, 11:01 AM

to get information about the topic "detecting malicious packet losses doc" full report ppt and related topic refer the link bellow
seminar tips
Super Moderator

Posts: 8,857
Joined: Oct 2012
29-12-2012, 11:58 AM

to get information about the topic "detecting malicious packet losses doc" full report ppt and related topic refer the link bellow

Important Note..!

If you are not satisfied with above reply ,..Please


So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Tagged Pages: detection malicious packet loss, detecting malicious packet losses project abstract, java program to check malicious packets losses, what is the meaning of malicious packets, detecting malicious packet losses project in java forum, detecting malicious packet losses project documentation, synopsis of malicious packet loss,
Popular Searches: malicious packets, packet loss coding in matlab, objectives of detection of malicious packet losses project, proposed system of the project packet loss detection, what is technical losses, seminar reports malicious code, detecting malicious packet losses seminar ppt,

Quick Reply
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  Detecting Anomalous Insiders in Collaborative Information Systems project girl 1 777 11-11-2013, 10:22 PM
Last Post: Guest
  A Robust Image Watermarking Using Two Level DCT And Wavelet Packet Denoising PPT seminar projects maker 0 434 13-09-2013, 04:56 PM
Last Post: seminar projects maker
  Fast and Memory- Efficient Regular Expression Matching for Deep Packet PPT study tips 0 284 18-06-2013, 12:17 PM
Last Post: study tips
  Using String Matching for Deep Packet Inspection PPT study tips 0 288 18-06-2013, 12:16 PM
Last Post: study tips
  Detecting Targeted Malicious Email Report study tips 0 382 03-06-2013, 02:40 PM
Last Post: study tips
  SPAF: Stateless FSA-based Packet Filters project uploader 1 618 21-04-2013, 08:54 PM
Last Post: Guest
  Jamming Attacks Prevention in Wireless Networks Using Packet Hiding Methods seminar tips 1 849 07-03-2013, 04:12 PM
Last Post: study tips
Last Post: study tips
  Report on Packet Loss Control Using Tokens study tips 0 374 27-02-2013, 12:08 PM
Last Post: study tips
  Detecting Malicious Packet Losses details seminar tips 0 338 26-02-2013, 04:08 PM
Last Post: seminar tips