Important: Use custom search function to get better results from our thousands of pages

Use " " for compulsory search eg:"electronics seminar" , use -" " for filter something eg: "electronics seminar" -"/tag/" (used for exclude results from tag pages)

Tags: Detecting, malicious, packet, losses, Detecting malicious packet losses, Detecting malicious packet losses ppt, Detecting malicious packet losses pdf, uml diagrams for detecting malicious packet losses, ppt for detecting malicious packet losses, detecting malicious packet losses abstract, detecting malicious packet losses project in java, detecting malicious packet losses pdf, detecting malicious packet losses ppt,
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Detecting malicious packet losses
Post: #1


The Internet is not a safe place. Unsecured hosts can expect to be compromised within minutes of connecting to the Internet and even well-protected hosts may be crippled with denial-of-service (DoS) attacks. However, while such threats to host systems are widely understood, it is less well appreciated that the network infrastructure itself is subject to constant attack as well. Indeed, through combinations of social engineering and weak passwords, attackers have seized control over thousands of Internet routers. Even more troubling is Mike Lynnâ„¢s controversial presentation at the 2005 Black Hat Briefings, which demonstrated how Cisco routers can be compromised via simple software vulnerabilities. Once a router has been compromised in such a fashion, an attacker may interpose on the traffic stream and manipulate it maliciously to attack others selectively dropping, modifying, or rerouting packets.

Several researchers have developed distributed protocols to detect such traffic manipulations, typically by validating that traffic transmitted by one router is received unmodified by another. However, all of these

Schemes including our own struggle in interpreting the absence of traffic. While a packet that has been modified in transit represents clear evidence of tampering, a missing packet is inherently ambiguous: it may have been explicitly blocked by a compromised router or it may have been dropped benignly due to network congestion. In fact, modern routers routinely drop packets due to bursts in traffic that exceed their buffering capacities, and the widely used Transmission Control Protocol (TCP) is designed to cause such losses as part of its normal congestion control behavior. Thus, existing traffic validation systems must inevitably produce false positives for benign events and/or produce false negatives by failing to report real malicious packet dropping.
Existing System:

Network routers occupy a unique role in modern distributed systems. They are responsible for cooperatively shuttling packets amongst themselves in order to provide the illusion of a network with universal point-to-point connectivity. However, this illusion is shattered - as are implicit assumptions of availability, confidentiality, or integrity - when network routers are subverted to act in a malicious fashion. By manipulating, diverting, or dropping packets arriving at a compromised router, an attacker can trivially mount denial-of-service, surveillance, or man-in-the-middle attacks on end host systems. Consequently, Internet routers have become a choice target for would-be attackers and thousands have been subverted to these ends. In this paper, we specify this problem of detecting routers with incorrect packet forwarding behavior and we explore the design space of protocols that implement such a detector. We further present a concrete protocol that is likely inexpensive enough for practical implementation at scale. Finally, we present a prototype system, called Fatih, that implements this approach on a PC router and describe our experiences with it. We show that Fatih is able to detect and isolate a range of malicious router actions with acceptable overhead and complexity. We believe our work is an important step in being able to tolerate attacks on key network infrastructure components

Proposed System:

We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur.

Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We have tested our protocol in Emulab and have studied its effectiveness in differentiating attacks from legitimate network behavior.

Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective.
The implementation stage involves careful planning, investigation of the existing system and itâ„¢s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
1. Network Module
2. Threat Model
3. Traffic Validation
4. Random Early Detection(RED)
5. Distributed Detection
Module Description:
1. Network Module

Client-server computing or networking is a distributed application architecture that partitions tasks or workloads between service providers (servers) and service requesters, called clients. Often clients and servers operate over a computer network on separate hardware. A server machine is a high-performance host that is running one or more server programs which share its resources with clients. A client also shares any of its resources; Clients therefore initiate communication sessions with servers which await (listen to) incoming requests.
2.Threat Model:
This focuses solely on data plane attacks (control plane attacks can be addressed by other protocols with appropriate threat models, and moreover, for simplicity, we examine only attacks that involve packet dropping.
However, our approach is easily extended to address other attacks such as packet modification or reordering similar to our previous work. Finally, as in, the protocol we develop validates traffic whose source and sink routers are uncompromised. A router can be traffic faulty by maliciously dropping packets and protocol faulty by not following the rules of the detection protocol. We say that a compromised router r is traffic faulty with respect to a path segment during if contains r and, during the period of time, r maliciously drops or misroutes packets that flow through. A router can drop packets without being faulty, as long as the packets are dropped because the corresponding output interface is congested. A compromised router r can also behave in an arbitrarily malicious way in terms of executing the protocol we present, in which case we indicate r as protocol faulty. A protocol faulty router can send control messages with arbitrarily faulty information, or it can simply not send some or all of them. A faulty router is one that is traffic faulty, protocol faulty, or both.
3.Traffic Validation

The first problem we address is traffic validation what information is collected about traffic and how Consider the queue Q in a router r associated with the output interface of link. The neighbor routers feed data into Q.
The traffic information collected by router r that traversed path segment over time interval, meaning traffic into Q, or Q out, meaning traffic out of Q. At an abstract level, we represent traffic, a validation mechanism associated with Q, as a predicate it is used to determine that a router has been compromised.

4.Random Early Detection(RED)

RED monitors the average queue size, based on an exponential weighted moving average: where is the actual queue size and w is the weight for a
Low- pass filter. RED uses three more parameters: min, minimum threshold; Max, maximum threshold; and maximum probability.

Using, RED dynamically computes a dropping probability in two steps for each packet it receives. First, it computes an interim probability further; the RED algorithm tracks the number of packets, since the last dropped packet. The final dropping probability, p, is specified to increase slowly as increases

5.Distributed Detection

Since the behavior of the queue is deterministic, the traffic validation mechanisms detect traffic faulty routers whenever the actual behavior of the queue deviates from the predicted behavior. However, a faulty router can also be protocol faulty. It can behave arbitrarily with respect to the protocol,
by dropping or altering the control messages .We mask the effect of protocol faulty routers using distributed detection.
Given TV, we need to distribute the necessary traffic information among the routers and implement a distributed detection protocol. Every outbound interface queue Q in the network is monitored by the neighboring routers and validated by a router rd such that Q is associated with the link.
Hardware Requirements:

¢ System : Pentium IV 2.4 GHz.
¢ Hard Disk : 40 GB.
¢ Floppy Drive : 1.44 Mb.
¢ Monitor : 15 VGA Colour.
¢ Mouse : Logitech.
¢ Ram : 256 Mb.
Software Requirements:

¢ Operating system : - Windows XP Professional.
¢ Coding Language : - JavaTool Used : - Eclipse.

read full report
Post: #2
i need code for Detecting malicious packet losses,uml diagrams,and documentation.
pleaz some body help out.
thank you
Post: #3
Hi friends,

can any body please send me the project DETECTING MALICIOUS PACKET LOSSES project in java. I have to submit the project 10th of this month.

please send me to the following email: kskanths[at]
Post: #4
to get information about the topic detecting malicious packet losses full report ppt, and related topics refer the link bellow
Post: #5
Detecting malicious packet losses


The problem of detecting whether a compromised router is maliciously manipulating its stream of packets. In particular, we are concerned with a simple yet effective attack in which a router selectively drops packets destined for some victim. Unfortunately, it is quite challenging to attribute a missing packet to a malicious action because normal network congestion can produce the same effect. Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities. Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply malicious intent. However, this heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create unnecessary false positives or mask highly focused attacks. We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur. Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We have tested our protocol in EMU lab and have studied its effectiveness in differentiating attacks from legitimate network behavior.
Post: #6
to get information about the topic "detecting malicious packet losses doc" full report ppt and related topic refer the link bellow
Post: #7
to get information about the topic "detecting malicious packet losses doc" full report ppt and related topic refer the link bellow

Marked Categories : malicious router, malicious pocket losses, proposed system of the project packet loss detection, uml diagrams for detecting malicious packet losses, code for detecting malicious data packets in java, tcp ip pdf, detecting malicious packet losses code in java, malicious packet losses, project report on compromised router detection with code, detection of malicious packet losses, detection of malicious packet loss project, malicious packets, detecting malicious packet losses ppt, detection of malicious packet losses ppt, existing system of detection of malicious packet loss, ppts on detection of malicious packet loss, detecting malicious packet losses project,

Quick Reply
Type your reply to this message here.

Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  ip traceback packet marking ns2 source code in c Guest 1 228 14-10-2017 01:16 PM
Last Post: jaseela123
  ppt of street light that glows on detecting vehicle movement Guest 1 626 12-10-2017 09:10 AM
Last Post: jaseela123
  16 types of losses in tpm ppt Guest 1 340 06-10-2017 11:54 AM
Last Post: jaseela123
  ppt metal detecting circuit Guest 1 149 05-10-2017 02:54 PM
Last Post: jaseela123
  i want ns2 coding to identifying malicious node using some method in wsn Guest 1 205 03-10-2017 11:17 AM
Last Post: jaseela123
Lightbulb ppt on street light that glows on detecting vehicle movement Guest 1 136 30-09-2017 02:07 PM
Last Post: jaseela123
  Detecting False Data in Wireless Sensor Network using Efficient Becan Scheme seminar tips 1 2,292 20-09-2017 01:03 PM
Last Post: jaseela123
  matlab coding for detecting copy move forgery Guest 1 0 13-09-2017 09:35 AM
Last Post: jaseela123
  street lights that glow on detecting vehicle movement procedure Guest 1 196 11-09-2017 04:04 PM
Last Post: jaseela123
  S0LAR AUTOMATIC RAILWAY TRACK CRACK DETECTING VEHICLE ppt seminar projects maker 1 280 06-09-2017 02:24 PM
Last Post: jaseela123
This Page May Contain What is Detecting malicious packet losses And Latest Information/News About Detecting malicious packet losses,If Not ...Use Search to get more info about Detecting malicious packet losses Or Ask Here