Ashok Singh Sairam

Linear and Remainder Packet Marking for fast IP traceback

Several packet marking schemes have been proposed for DoS/DDoS defence to trace back the attackers to their source. One of the major challenge in design of efficient traceback scheme is to minimize the number of packets required for successful traceback. DDoS attacks are becoming highly distributed and increasingly sophisticated. Even though the net sum of attack packets is high enough to overwhelm the resources at the victim, number of packets originating from individual sources is not so high. Hence in order for traceback scheme to be efficient in tracing in case of DDoS attacks, traceback scheme should require minimal number of packets from the attacker to perform IP Traceback. In this paper we propose a novel packet marking scheme called Linear Packet Marking (LPM) which requires number of packets which is equal to hop distance between attacker and the victim which is less than 31 [5]. We also present a randomized version of LPM called Remainder Packet Marking (RPM). Even though RPM requires a bit more number of packets for successful traceback, it is more robust to certain kind of attacks that are possible on LPM. Both the scheme uses IP ID field and TTL values for deciding which router in the path will mark the packet. Using extensive simulation we show that our algorithm performs much better than the existing packet marking schemes in term of packets required for successful traceback and in handling large scale DDoS attacks. Besides it generates no storage overhead and only a small processing overhead at the intermediate routers.

ICMP based IP traceback with negligible overhead for highly distributed reflector attack using bloom filters

Most of the schemes that mitigate DRDoS attack only provide mechanism for filtering the attack traffic. They do not provide any tool for tracing back to the attacker. The few schemes that perform IP traceback requires involvement of the reflectors which is quite difficult to obtain. They require reflectors to store huge amount of traffic logs and cooperate during the attack. Reverse iTrace is one of the only methods that help in identifying the attack source without any involvement of reflectors. However, it generates huge amount of overhead traffic and does not scale well in case of large number of reflectors. These problems have discouraged its deployment in the Internet. In this paper, we propose a system of two bloom filters known as Additive and Multiplicative Bloom Filters, which when incorporated with Reverse iTrace reduces the number of iTrace generated approximately by 100 times. It also prevents iTrace from becoming another DoS attack during the reflector attack. Our system has Attacker Identification Probability of around 95%. Moreover, it is highly scalable. Extensive mathematical analysis and experimental results obtained from traffic traces prove the effectiveness and accuracy of our work.

Professors - the new YouTube stars: education through Web 2.0 and social network

Social networking sites like Facebook, Twitter and YouTube have changed the way people live. Today we depend heavily on social networking sites for our day to day activities. This paper presents a case study where we research the effect of YouTube on education. We have studied one of YouTube’s most famous education channel called Khan Academy, founded by a MIT graduate. It has a huge collection of around 3,200 video lectures. We perform in-depth study of Khan Academy. We provide results regarding viewer-ship and popularity of these lectures by providing statistics on view count, age of videos, user comments and rating of videos. We also study viewer characteristics like age, gender and location distribution. Overall, we believe that the results presented here are crucial in understanding importance and relevance of social network for education system. The results provide valuable information to educationalists in better using the social media to facilitate quality education.

Genetic algorithm combined with support vector machine for building an intrusion detection system

In this paper, we develop an intrusion detection system (IDS) based on machine learning. We employ genetic algorithm (GA) along with Support Vector Machine (SVM) for automatically determining the appropriate set of features. The idea is then developed into a fully functional IDS. Experiments of testing the IDS on the benchmark KDD CUP 99 datasets are presented. Results show encouraging performance that opens a avenue for further research.

IP traceback in star colored networks

Network attacks and in particular denial of service (DoS) attacks have emerged as a major way to compromise the availability of servers and interrupt legitimate online services provided by servers. These attacks are among one of the hardest security problems to address because they are simple to implement but hard to prevent and difficult to trace. Tracing the attacker after an attack is crucial to institute protection measures against future attacks. Packet marking schemes have been proposed to traceback an attacker. The idea is to insert some traceback data in each packet when it passes through a router and use this information to construct the attack path. The major challenges in these schemes are to minimize the number of packets for successful traceback and to reduce the number of bits marked per packet by any router along the attack path. A general approach is to encode the 32-bit IP address of the router and store it in the 16-bit ID field of the IP packet header. However, this will result in collisions. In this work we develop a novel packet marking scheme of assigning marks (colors) where routers at a distance of two hops can reuse the colors (star coloring). Our proposed schemes assign color or mark to each router in a network such that the total number of colors used in the network is minimized. We also propose a technique to construct the attack path using these colors and mathematically show that the probability of attack paths colliding is minimal.

TOAR: transmission-aware opportunistic ad hoc routing protocol

Opportunistic routing (OR) protocols for ad hoc networks basically consist of selecting a few forwarders between the source and destination and prioritizing their transmission. The performance of OR protocols depends on how these two steps are performed. The aim was to reduce the number of transmissions to deliver packets to the destination. In this paper, we first present a mathematical model to compute the total number of packets including duplicate packets generated by OR protocols. We use the model to analyse well-known OR protocols and understand the reason behind their increase in number of transmissions. Next, we propose an OR scheme transmission-aware opportunistic ad hoc routing (TOAR) protocol, which attempts to minimize retransmissions. Our proposed OR protocol uses tree structures to select forwarders and prioritize them. The use of tree structures helps in identifying primary forwarders which carry packets farthest to the destination during each transmission round. TOAR also helps in choosing secondary forwarders which will transmit packets missed out by the forwarder. The optimized selection of forwarders results in significant reduction in retransmissions, a smaller forwarder list set, and improvement in goodput.

PBFS: A technique to select forwarders in Opportunistic Routing

Opportunistic Routing (OR) is a class of routing protocol that exploits the broadcast nature of wireless network to improve routing efficiency. The primary step in OR is to select a group of nodes as forwarders and prioritize them. The current approach of selecting the forwarders is through simulation which does not always give the best results, select forwarders on diverse paths and can be compute intensive for large networks. In this paper we formulate the problem using OR algebra. We propose a forwarder selection scheme primary-brook forwarder selection (PBFS) that computes the forwarder list such that a particular network objective is maximized. The main criteria while selecting the forwarders is to ensure that adjacent forwarders can listen to each other. Analytical as well as empirical results show that our scheme requires less number of retransmission as compared to some of the popular OR protocols.

Increasing Accuracy and Reliability of IP Traceback for DDoS Attack Using Completion Condition

Probabilistic Packet Marking (PPM) is one of the most promising schemes for performing IP Traceback. PPM reconstructs the attack graph in order to trace back to the attackers. Finding the Completion Condition Number (i.e. precise number of packets required to complete the traceback) is very important. Without a proper completion-condition, we might reconstruct a wrong attack-graph and attackers can evade detection. One presently being used works only for a single attacker based DoS attack and has an accuracy of just around 70%. We propose a new Completion Condition Number which has an accuracy of 95% and it works even for the multiple attacker based DDoS attacks. We confirm the results using detailed theoretical analysis and extensive simulation work. To the best of our knowledge, we are the first to apply the concept of Completion Condition Number to increase the reliability of IP Traceback for the DDoS attacks.

Coloring networks for attacker identification and response

Network-based attacks such as denial-of-service attacks are usually performed by spoofing the source IP address. Packet marking techniques are used to trace such attackers as close as possible to their source. A packet mark consists of some traceback information pertaining to a router being embedded in the IP packet header. In this work, we use the concept of star coloring to assign reusable colors marks to routers but at the same time limits false positives and false negatives. The proposed scheme minimizes the bit space required for marking in the IP header. We introduce the concept of path identifier, to identify an attack path. The path identifiers are used to provide an elegant solution to collect attack packets in the midst of a distributed denial-of-service attack and then traceback. Although identifying the attacker is crucial to institute protection measures against future attacks, it cannot mitigate the effects of an ongoing attack. We establish the use of path identifiers, to filter packets during an ongoing attack. We present a validation of the proposed techniques in an emulated environment using real attack traffic. Copyright

Audio steganography using LSB encoding technique with increased capacity and bit error rate optimization

Staganography is the art and science of secret hiding. The secret message or plain text may be hidden in one various ways. The methods of cryptography render the message unintelligible to the outsider by various transformations of the text whereas the methods of steganography conceal the existence of the message. To conceal a secret message we need a wrapper or container as a host file. Different wrappers or host files or cover medium are used to hide the secret message e.g. image, audio, video, text. The work in this paper aims at enhancing the provision of audio steganography by introducing one LSB (Least Significant Bit) coding technique. We design a high bit rate LSB audio watermarking method that reduces embedding distortion of the host audio with increased capacity of secret text. By using standard and proposed algorithm, watermark bits are embedded into higher LSB layer, resulting in increased robustness against noise addition, which is limited by perceptual transparency.