Notification: Our email services are now fully restored after a brief, temporary outage caused by a denial-of-service (DoS) attack. If you sent an email on Dec 6 and haven't received a response, please resend your email.
CFP last date
20 December 2024
Reseach Article

ResMon: Securing Resource Consumption of Critical Infrastructure from Wanton Applications

by Emmanuel C. Ogu, Sunday A. Idowu, Jean-Paul Ainam, Ogu Chiemela
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 137 - Number 7
Year of Publication: 2016
Authors: Emmanuel C. Ogu, Sunday A. Idowu, Jean-Paul Ainam, Ogu Chiemela
10.5120/ijca2016908814

Emmanuel C. Ogu, Sunday A. Idowu, Jean-Paul Ainam, Ogu Chiemela . ResMon: Securing Resource Consumption of Critical Infrastructure from Wanton Applications. International Journal of Computer Applications. 137, 7 ( March 2016), 15-22. DOI=10.5120/ijca2016908814

@article{ 10.5120/ijca2016908814,
author = { Emmanuel C. Ogu, Sunday A. Idowu, Jean-Paul Ainam, Ogu Chiemela },
title = { ResMon: Securing Resource Consumption of Critical Infrastructure from Wanton Applications },
journal = { International Journal of Computer Applications },
issue_date = { March 2016 },
volume = { 137 },
number = { 7 },
month = { March },
year = { 2016 },
issn = { 0975-8887 },
pages = { 15-22 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume137/number7/24287-2016908814/ },
doi = { 10.5120/ijca2016908814 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:37:44.637004+05:30
%A Emmanuel C. Ogu
%A Sunday A. Idowu
%A Jean-Paul Ainam
%A Ogu Chiemela
%T ResMon: Securing Resource Consumption of Critical Infrastructure from Wanton Applications
%J International Journal of Computer Applications
%@ 0975-8887
%V 137
%N 7
%P 15-22
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Hackers have devised a recent technique of infiltrating critical infrastructure with wanton applications that gulp at the limited resources possessed by these infrastructure for meeting critical needs and deadlines. Also a reality is the fact that hackers could breach already existing and trusted applications or software on these critical infrastructure and bug them with malicious codes that plunge them into a state of wantonness; consuming limited, critical resources and making none (or insufficient) available for other, equally critical applications that depend on a fair portion of the same resources to meet their deadlines and critical requirements. This development portends the next generation of denial of service (DoS) and distributed denial of service (DDoS) attacks to critical infrastructure, where all that is required is to discover vulnerabilities in already trusted and running applications on critical infrastructure or deliver and escalate new applications on these critical infrastructure and plunge them into wantonness, consuming limited resources and resulting in a denial of service. Proposals already exist in literature that could forestall an occurrence of such attacks, but some of these have not previously been tested; one of such being that documented by [1]. This research is an experimental implementation of the theoretical model proposed in the cited article, in order to test and validate its workability and results. An experimental prototype – codenamed “ResMon” – of the model proposed is built and validated within the Ubuntu Linux operating system environment.

References
  1. Ogu, E. C., Idowu, S. A., & Adesegun, O. A. (2015). A Theoretical Model for Real-Time Resource Monitoring for Securing Computing Infrastructure against DoS and DDoS Attacks. International Journal of Advanced Research in Computer Science, 132-136.
  2. Paxson, V. (1998). Bro: a system for detecting network intruders in real-time. Proceedings of the 7th USENIX Security Symposium. 7, pp. 1-22. San Antonio, Texas, USA.: USENIX Association Berkeley, CA, USA.
  3. Mahajan, R., Bellovin, S. M., Floyd, S., Ioannidis, J., Paxson, V., & Shenker, S. (2001, February). Controlling High Bandwidth Aggregates in the Network. ACM SIGCOMM Computer Communications Review, 32(3), 62-72.
  4. Gil, T. M., & Poletto, M. (August, 2001). MULTOPS: a data-structure for bandwidth attack detection. Proceedings of the 10th USENIX Security Symposium, (pp. 23-38). Washington, D.C., USA.
  5. Yau, D. K., Lui, J. C., & Liang, F. (2002, May). Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles. Proceedings of IEEE International Workshop on Quality of Service (IWQoS), 29-41.
  6. Peng, T., Leckie, C., & Ramamohanarao, K. (2003a). Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. The University of Melbourne, Australia, Department of Electrical and Electronic Engineering. Victoria 3010, Australia: ARC Special Research Center for Ultra-Broadband Information Networks. Retrieved January 30, 2014, from http://www.cs.mu.oz.au/~tpeng/mudguard/research/detection.pdf
  7. Peng, T., Leckie, C., & Ramamohanarao, K. (August 2003b). Protection from Distributed Denial of Service Attack Using History-based IP Filtering. The University of Melbourne, Australia, Department of Electrical and Electronic Engineering. Victoria 3010, Australia: ARC Special Research Center for Ultra-Broadband Information Networks. Retrieved January 31, 2014, from http://ww2.cs.mu.oz.au/~tpeng/mudguard/research/icc2003.pdf
  8. Verkaik, P., Spatscheck, O., Van der Merwe, J., & Snoeren, A. C. (September 2006). PRIMED: Community-of-Interest-Based DDoS Mitigation. Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense (pp. 147-154). New York, NY, USA: Association for Computing Machinery.
  9. Ranjan, S., Swaminathan, R., Uysal, M., Nucci, A., & Knightly, E. (2009, February). DDoS-shield: DDoS-resilient scheduling to counter application layer attacks. IEEE/ACM Transactions on Networking (TON), 17(1), 26-39.
  10. Xie, Y., & Yu, S.-Z. (2009, February). Monitoring the application-layer DDoS attacks for popular websites. IEEE/ACM Transactions on Networking (TON), 17(1), 15-25.
  11. Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., & Shenker, S. (2010, March). DDoS defense by offense. ACM Transactions on Computer Systems (TOCS), 28(1), Article No. 3 (54 pages). doi:10.1145/1731060.1731063
  12. Das, D., Sharma, U., & Bhattacharyya, D. K. (2011). Detection of HTTP flooding attacks in multiple scenarios. Proceedings of the 2011 International Conference on Communication, Computing & Security (pp. 517-522). Rourkela, Odisha, India: Association for Computing Machinery New York, NY, USA. doi:10.1145/1947940.1948047
  13. François, J., Aib, I., & Boutaba, R. (2012, December). FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks. IEEE/ACM TRANSACTIONS ON NETWORKING, Volume 20(Issue 6), 1828-1841.
  14. Sergey, S. (2013, November). slowhttptest - Application Layer DoS Attack Simulator - Google Project Hosting. Retrieved from Google Projects: http://code.google.com/p/slowhttptest/
  15. Peng, T., Leckie, C., & Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys (CSUR): Article No. 3, 39(1). doi:10.1145/1216370.1216373
  16. Ogu, E. C., Alao, O. D., Omotunde, A. A., Ogbonna, A. C., & Izang, A. A. (2014, October). Partitioning of Resource Provisions for Cloud Computing Infrastructure against DoS and DDoS Attacks. International Journal of Advanced Research in Computer Science, 5(7).
Index Terms

Computer Science
Information Sciences

Keywords

Critical Infrastructure Computing Resources DoS DDoS.