This project considers the problem of detecting malicious packet losses in a computer network. This project is concerned with a simple yet effective attack in which movement of packet in a network is being tampered with.
For example, When a packet (data) is sent across in a computer from a particular point e.g node A(source address) and its supposed to be taking to node D(destination address) but unfortunately, the packet was dropped along the way at node C to be precise and was unable to get to its proper destination so as to deliver its packet. This means the packet has been maliciously dropped
But it is quiet abnormal to attribute every packet loss to a malicious action because normal network congestion can as well cause packet loss. In other words,computer network tend to drop packet when the load of data's being processed (sending of files from one computer to the other in a computer network) exceeds their buffering capacities and this is where the function of the RED Algorithm comes in helping to remove the over ambiguity(overload) of traffic congestion in a network so that the network can be free of traffic congestion and once the overload from traffic congestion is removed, subsequent packet losses can be attributed to malicious actions
WHAT TO DO
Using java programming language create a program or software that can perform the following:
- Discover over congested network which often occur through sending of large amount of file from one computer to another.
- Record any packet loss involved which could be due to ambiguity from network congestion.
- Ability to prevent over congestion of traffic in the network using RED Algorithm and while subsequent packet loss could be tagged as a malicious packet losses
Specify the movement of packet in a network from one point to another
show the source address from where the packet is coming from and the destination address where the packet is to be delivered but If it was dropped along the way, also specify where exactly it was dropped
The major objective of this project is:
To prevent the packet loss due to congestion
To detect the packet loss due to malicious act
Note: This project has nothing to do with how the lost packet can be restore or brought back on track, All it has to do in a nut shell is just to prevent the packet loss due to congestion which can be done with the help of the RED Algorithm, and detect every other subsequent packet loss which off course would be as a result of malicious act
We consider the problem of detecting whether a compromised router is maliciously manipulating its stream of packets. In particular, we are concerned with a simple yet effective attack in which a router selectively drops packets destined for some Victim. Unfortunately, it is quite challenging to attribute a missing packet to a malicious action because normal network congestion can produce the same effect. Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities. Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply malicious intent. However, this heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create unnecessary false positives or mask highly focused attacks.
Algorithm / Technique used:
RED monitors the average queue size, based on an exponential weighted moving average: where the actual queue size and weight for a low-pass filter. RED uses three more parameters in minimum threshold,
Maximum, Maximum threshold. Using, RED dynamically computes a dropping probability in two steps for each packet it receives. First, it computes an interim probability, Further; the RED algorithm tracks the number of packets, since the last dropped packet. The final dropping probability, p, is specified to increase slowly as increases.
Network routers occupy a unique role in modern distributed systems. They are responsible for cooperatively shuttling packets amongst themselves in order to provide the illusion of a network with universal point-to-point connectivity. However, this illusion is shattered - as are implicit assumptions of availability, confidentiality, or integrity - when network routers are subverted to act in a malicious fashion. By manipulating, diverting, or dropping packets arriving at a compromised router, an attacker can trivially mount denial-of-service, surveillance, or man-in-the-middle attacks on end host systems. Consequently, Internet routers have become a choice target for would-be attackers and thousands have been subverted to these ends. In this paper, we specify this problem of detecting routers with incorrect packet forwarding behavior and we explore the design space of protocols that implement such a detector. We further present a concrete protocol that is likely inexpensive enough for practical implementation at scale. Finally, we present a prototype system, called Fatih, that implements this approach on a PC router and describe our experiences with it. We show that Fatih is able to detect and isolate a range of malicious router actions with acceptable overhead and complexity. We believe our work is an important step in being able to tolerate attacks on key network infrastructure components
We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur.
Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We have tested our protocol in Emulab and have studied its effectiveness in differentiating attacks from legitimate network behavior.