Transport layer DDoS attack types and mitigation methods in networks

Transport layer DDoS attack types and mitigation methods in networks

Show other versions (1)

Hajautetut palvelunestohyökkäykset ovat olleet kasvava uhka yrityksille jotka käyttävät tietoverkkoihin perustuvia elementtejä tietojärjestelmissään. Viime aikoina eivät pelkästään liikeyritykset, vaan myös poliittiset organisaatiot ovat olleet hajautettujen palvelunestohyökkäysten kohteina. Tämän t...

Full description

Bibliographic Details
Main Author: Zudin, Rodion
Other Authors: Faculty of Information Technology, Informaatioteknologian tiedekunta, Tietojenkäsittelytieteiden laitos, Department of Computer Science and Information Systems, University of Jyväskylä, Jyväskylän yliopisto
Format: Master's thesis
Language:eng
Published: 2015
Subjects:
palvelunestohyökkäys
Information Systems Science
Tietojärjestelmätiede
601
tietoturva
tietoverkot
verkkohyökkäykset
Online Access: https://jyx.jyu.fi/handle/123456789/47472
_version_ 1826225781501591552
author Zudin, Rodion
author2 Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto
author_facet Zudin, Rodion Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto Zudin, Rodion Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto
author_sort Zudin, Rodion
datasource_str_mv jyx
description Hajautetut palvelunestohyökkäykset ovat olleet kasvava uhka yrityksille jotka käyttävät tietoverkkoihin perustuvia elementtejä tietojärjestelmissään. Viime aikoina eivät pelkästään liikeyritykset, vaan myös poliittiset organisaatiot ovat olleet hajautettujen palvelunestohyökkäysten kohteina. Tämän takia on erittäin tärkeää hahmoittaa nykyinen tilanne tässä tietoturvan jatkuvasti muuttuvalla alalla. Hyökkäysmenetelmien ja vastatoimenpiteiden uusiutuessa jatkuvasti, tarve ajankohtaiselle tutkimukselle on selkeä. Viiden erilaisen hyökkäystyypin on havaittu koostavan suuremman osan hajautetuista palvelunestohyökkäyksistä vuonna 2014. Nämä olivat SYN, DNS vahvistus, NTP vahvistus, DNS hyökkäykset, sekä UDP. SYN-hyökkäysten on havaittu koostavan leijonaosan kaikista hyökkäksistä, kuin taas vahvistuksen ja multi-vektoroinnin on havaittu olevan trendeinä hyökkäysteknologioissa. Kirjallisuuskatsauksen perusteella SYN Väliintulon on havaittu olevan tehokkain vastatoimenpide TCP SYN hyökkäyksiä vastaan. Vastausvauhdin rajoittaminen (RRL) oli paras vaihtoehto tyypillisiä DNS vahvistushyökkäyksiä vastaan, mutta sen suorituskyky hyökkäyksiä vastaan jotka käyttävät vaihtelevia hakutapoja jätti toivoimisen varaa. MONLIST ja VERSION ominaisuuksien poistamisen NTP palvelimista on havaittu olevan tehokas tapa NTP vahvistus hyökkäyksien vähentämisessä, ja se onkin ehdotettu pääasialliseksi strategiaksi kyseisen tyyppisen hajautetun palvelunestohyökkäyksen kanssa kamppailemiseksi. DNS hyökkäyksiä vastaan yhdistelemällä TTL Päivitystä, TTL Uudistusta ja Pitkää TTL:ää on todettu saavuttavan parhaat lieventämistulokset. DNS vahvitushökkäysten sekä TCP SYN tulvien suorituskyky verkkopalvelinta vastaan on mitattu ja analysoitu tutkielman empiirisessä osuudessa. SYN Cookies metodin on todettu olevan tehokas keino suojautua TCP SYN palvelunestohyökkäystä vastaan, kuin taas DNS vahvistushyökkäyksen torjumiseksi ei havaittu keinoa yksinkertaisille verkkopalvelimille. Distributed Denial of Service attacks have been a growing threat to businesses and organizations utilizing information systems with network elements in their activity. With not only financial, but political entities being targeted by the DDoS attacks it is increasingly important to grasp the current situation in this vibrant field of information security. With new attack methods and countermeasures being constantly developed and implemented, the need for the contemporary research is clear. Five different attack types were found out to be the most popular DDoS attacks in the past year. These attack types were SYN, DNS Amplification, NTP Amplification, DNS and UDP flood attacks. SYN attacks were discovered to make up more than a half of all DDoS attack occurrences, while amplification and multi-vectoring could be seen as a rising trend in attack technologies. According to the result of literature overview SYN Intercept was found out to be the most efficient mitigation method against TCP SYN, Response Rate Limiting was the most effective against typical DNS Amplification attacks, however leaving to be desired in the mitigation of attacks using varying queries. Modifying NTP servers themselves by removing MONLIST and VERSION functionality was proven to be successful in mitigation of NTP Amplification attacks. As for the DNS attacks go, a combination of three technologies TTL Refresh, TTL Renewal and Long-TTL was deemed superior in mitigating the attacks on DNS servers themselves. DNS amplification and TCP SYN DoS impact on the web server was measured and analysed in the empirical part of the thesis. Activating SYN Cookies on the web server was deemed to be effective mitigation method against TCP SYN Flood. However, a mitigation technique against DNS or NTP amplification attack to be implemented on a simple small-scale web server without the involvement of ISP or CDN was not discovered.
first_indexed 2023-03-22T09:57:05Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "H\u00e4m\u00e4l\u00e4inen, Timo", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Zudin, Rodion", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2015-10-27T14:24:53Z", "language": "", "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2015-10-27T14:24:53Z", "language": "", "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2015", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.other", "value": "oai:jykdok.linneanet.fi:1498645", "language": null, "element": "identifier", "qualifier": "other", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/47472", "language": "", "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Hajautetut palvelunestohy\u00f6kk\u00e4ykset ovat olleet kasvava uhka yrityksille jotka k\u00e4ytt\u00e4v\u00e4t tietoverkkoihin perustuvia elementtej\u00e4 tietoj\u00e4rjestelmiss\u00e4\u00e4n. Viime aikoina eiv\u00e4t pelk\u00e4st\u00e4\u00e4n liikeyritykset, vaan my\u00f6s poliittiset organisaatiot ovat olleet hajautettujen palvelunestohy\u00f6kk\u00e4ysten kohteina. T\u00e4m\u00e4n takia on eritt\u00e4in t\u00e4rke\u00e4\u00e4 hahmoittaa nykyinen tilanne t\u00e4ss\u00e4 tietoturvan jatkuvasti muuttuvalla alalla. Hy\u00f6kk\u00e4ysmenetelmien ja vastatoimenpiteiden uusiutuessa jatkuvasti, tarve ajankohtaiselle tutkimukselle on selke\u00e4.\r\n Viiden erilaisen hy\u00f6kk\u00e4ystyypin on havaittu koostavan suuremman osan hajautetuista palvelunestohy\u00f6kk\u00e4yksist\u00e4 vuonna 2014. N\u00e4m\u00e4 olivat SYN, DNS vahvistus, NTP vahvistus, DNS hy\u00f6kk\u00e4ykset, sek\u00e4 UDP. SYN-hy\u00f6kk\u00e4ysten on havaittu koostavan leijonaosan kaikista hy\u00f6kk\u00e4ksist\u00e4, kuin taas vahvistuksen ja multi-vektoroinnin on havaittu olevan trendein\u00e4 hy\u00f6kk\u00e4ysteknologioissa.\r\n Kirjallisuuskatsauksen perusteella SYN V\u00e4liintulon on havaittu olevan tehokkain vastatoimenpide TCP SYN hy\u00f6kk\u00e4yksi\u00e4 vastaan. Vastausvauhdin rajoittaminen (RRL) oli paras vaihtoehto tyypillisi\u00e4 DNS vahvistushy\u00f6kk\u00e4yksi\u00e4 vastaan, mutta sen suorituskyky hy\u00f6kk\u00e4yksi\u00e4 vastaan jotka k\u00e4ytt\u00e4v\u00e4t vaihtelevia hakutapoja j\u00e4tti toivoimisen varaa. MONLIST ja VERSION ominaisuuksien poistamisen NTP palvelimista on havaittu olevan tehokas tapa NTP vahvistus hy\u00f6kk\u00e4yksien v\u00e4hent\u00e4misess\u00e4, ja se onkin ehdotettu p\u00e4\u00e4asialliseksi strategiaksi kyseisen tyyppisen hajautetun palvelunestohy\u00f6kk\u00e4yksen kanssa kamppailemiseksi. DNS hy\u00f6kk\u00e4yksi\u00e4 vastaan yhdistelem\u00e4ll\u00e4 TTL P\u00e4ivityst\u00e4, TTL Uudistusta ja Pitk\u00e4\u00e4 TTL:\u00e4\u00e4 on todettu saavuttavan parhaat lievent\u00e4mistulokset.\r\n DNS vahvitush\u00f6kk\u00e4ysten sek\u00e4 TCP SYN tulvien suorituskyky verkkopalvelinta vastaan on mitattu ja analysoitu tutkielman empiirisess\u00e4 osuudessa. SYN Cookies metodin on todettu olevan tehokas keino suojautua TCP SYN palvelunestohy\u00f6kk\u00e4yst\u00e4 vastaan, kuin taas DNS vahvistushy\u00f6kk\u00e4yksen torjumiseksi ei havaittu keinoa yksinkertaisille verkkopalvelimille.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Distributed Denial of Service attacks have been a growing threat to businesses and organizations utilizing information systems with network elements in their activity. With not only financial, but political entities being targeted by the DDoS attacks it is increasingly important to grasp the current situation in this vibrant field of information security. With new attack methods and countermeasures being constantly developed and implemented, the need for the contemporary research is clear.\r\n Five different attack types were found out to be the most popular DDoS attacks in the past year. These attack types were SYN, DNS Amplification, NTP Amplification, DNS and UDP flood attacks. SYN attacks were discovered to make up more than a half of all DDoS attack occurrences, while amplification and multi-vectoring could be seen as a rising trend in attack technologies.\r\n According to the result of literature overview SYN Intercept was found out to be the most efficient mitigation method against TCP SYN, Response Rate Limiting was the most effective against typical DNS Amplification attacks, however leaving to be desired in the mitigation of attacks using varying queries. Modifying NTP servers themselves by removing MONLIST and VERSION functionality was proven to be successful in mitigation of NTP Amplification attacks. As for the DNS attacks go, a combination of three technologies TTL Refresh, TTL Renewal and Long-TTL was deemed superior in mitigating the attacks on DNS servers themselves.\r\n DNS amplification and TCP SYN DoS impact on the web server was measured and analysed in the empirical part of the thesis. Activating SYN Cookies on the web server was deemed to be effective mitigation method against TCP SYN Flood. However, a mitigation technique against DNS or NTP amplification attack to be implemented on a simple small-scale web server without the involvement of ISP or CDN was not discovered.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted using Plone Publishing form by Rodion Zudin (rozudin) on 2015-10-27 14:24:52.850636. Form: Pro gradu -lomake (https://kirjasto.jyu.fi/julkaisut/julkaisulomakkeet/pro-gradu-lomake). JyX data: [jyx_publishing-allowed (fi) =True]", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2015-10-27T14:24:53Z\r\nNo. of bitstreams: 2\r\nURN:NBN:fi:jyu-201510273515.pdf: 1546636 bytes, checksum: 28eb873d5cdc73de790248c27f73dc82 (MD5)\r\nlicense.html: 4823 bytes, checksum: 0802da79adefb022a66521b84559dcb8 (MD5)", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2015-10-27T14:24:53Z (GMT). No. of bitstreams: 2\r\nURN:NBN:fi:jyu-201510273515.pdf: 1546636 bytes, checksum: 28eb873d5cdc73de790248c27f73dc82 (MD5)\r\nlicense.html: 4823 bytes, checksum: 0802da79adefb022a66521b84559dcb8 (MD5)\r\n Previous issue date: 2015", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "1 verkkoaineisto (70 sivua)", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "palvelunestohy\u00f6kk\u00e4ys", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Transport layer DDoS attack types and mitigation methods in networks", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201510273515", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Tietojenk\u00e4sittelytieteiden laitos", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Department of Computer Science and Information Systems", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.date.updated", "value": "2015-10-27T14:24:54Z", "language": "", "element": "date", "qualifier": "updated", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": "fi", "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoverkot", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_47472
language eng
last_indexed 2025-02-18T10:54:13Z
main_date 2015-01-01T00:00:00Z
main_date_str 2015
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/706c6d82-139a-41f5-a1ee-dcaffcb1aee7\/download","text":"URN:NBN:fi:jyu-201510273515.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2015
record_format qdc
source_str_mv jyx
spellingShingle Zudin, Rodion Transport layer DDoS attack types and mitigation methods in networks palvelunestohyökkäys Information Systems Science Tietojärjestelmätiede 601 tietoturva tietoverkot verkkohyökkäykset
title Transport layer DDoS attack types and mitigation methods in networks
title_full Transport layer DDoS attack types and mitigation methods in networks
title_fullStr Transport layer DDoS attack types and mitigation methods in networks Transport layer DDoS attack types and mitigation methods in networks
title_full_unstemmed Transport layer DDoS attack types and mitigation methods in networks Transport layer DDoS attack types and mitigation methods in networks
title_short Transport layer DDoS attack types and mitigation methods in networks
title_sort transport layer ddos attack types and mitigation methods in networks
title_txtP Transport layer DDoS attack types and mitigation methods in networks
topic palvelunestohyökkäys Information Systems Science Tietojärjestelmätiede 601 tietoturva tietoverkot verkkohyökkäykset
topic_facet 601 Information Systems Science Tietojärjestelmätiede palvelunestohyökkäys tietoturva tietoverkot verkkohyökkäykset
url https://jyx.jyu.fi/handle/123456789/47472 http://www.urn.fi/URN:NBN:fi:jyu-201510273515
work_keys_str_mv AT zudinrodion transportlayerddosattacktypesandmitigationmethodsinnetworks

Similar Items