Optimal Source-Based
Filtering of Malicious Traffic
ABSTRACT:
In this paper,
we consider the problem of blocking malicious traffic on the Internet via
source-based filtering. In particular, we consider filtering via access control
lists (ACLs): These are already available at the routers today, but are a
scarce resource because they are stored in the expensive ternary content
addressable memory (TCAM). Aggregation (by filtering source prefixes instead of
individual IP addresses) helps reduce the number of filters, but comes also at
the cost of blocking legitimate traffic originating from the filtered prefixes.
We show how to optimally choose which source prefixes to filter for a variety
of realistic attack scenarios and operators’ policies. In each scenario, we
design optimal, yet computationally efficient, algorithms. Using logs from Dshield.org, we evaluate the algorithms and demonstrate
that they bring significant benefit in practice.
EXISTING SYSTEM:
Protecting a victim (host or network)
from malicious traffic is a hard problem that requires the coordination of
several complementary components, including nontechnical (e.g., business and
legal) and technical solutions (at the application and/or network level).
Filtering support from the network is a fundamental building block in this
effort. For example, an Internet service provider (ISP) may use filtering in
response to an ongoing DDoS attack to block the DDoS traffic before it reaches
its clients. Another ISP may want to proactively identify and block traffic
carrying malicious code before it reaches and compromises vulnerable hosts in
the first place. In either case, filtering is a necessary operation that must
be performed within the network.
Filtering capabilities are already
available at routers today via access control lists (ACLs). ACLs enable a
router to match a packet header against predefined rules and take predefined
actions on the matching packets [1], and they are currently used for enforcing
a variety of policies, including infrastructure protection [2]. For the purpose
of blocking malicious traffic, a filter is a simple ACL rule that denies access
to a source IP address or prefix. To keep up with the high forwarding rates of
modern routers, filtering is implemented in hardware: ACLs are typically stored
in ternary content addressable memory (TCAM), which allows for parallel access
and reduces the number of lookups per forwarded packet.
DISADVANTAGES OF EXISTING SYSTEM:
TCAM is more expensive and consumes more
space and power than conventional memory. The size and cost of TCAM puts a
limit on the number of filters, and this is not expected to change in the near
future.1 With thousands or tens of thousands of filters per path, an ISP alone
cannot hope to block the currently witnessed attacks, not to mention attacks
from multimillion-node botnets expected in the near future.
PROPOSED SYSTEM:
In this paper, we formulate a general
framework for studying source prefix filtering as a resource allocation
problem. To the best of our knowledge, optimal filter selection has not been
explored so far, as most related work on filtering has focused on protocol and
architectural aspects. Within this framework, we formulate and solve five
practical source-address filtering problems, depending on the attack scenario
and the operator’s policy and constraints. Our contributions are twofold. On
the theoretical side, filter selection optimization leads to novel variations of
the multidimensional knapsack problem.We exploit the special structure of each
problem and design optimal and computationally efficient algorithms. On the
practical side, we provide a set of cost-efficient algorithms that can be used
both by operators to block undesired traffic and by router manufacturers to
optimize the use of TCAM and eventually the cost of routers.
ADVANTAGES OF PROPOSED SYSTEM:
The proposed system can be used to
protect all network infra-structure from malicious traffic, such as scanning,
malicious code propagation, spam, and distributed denial-of-service (DDoS) attacks.
MODULES:
ü Network
Creation Module
ü Optimal
Source based filtering module
ü Filter
Selection Module
ü Evaluation
module
MODULE
DESCRIPTIONS:
Network
Creation Module
In this module we construct a network using socket
programming, as shown in our Architecture. Where the users can send data to
other nodes/network by using the options given. The user node will be listing
all the nodes which are connected to the network. The sender can able to select
the node name and then send the data.
Optimal
Source based filtering module
In this module we design Framework for optimal
filter selection
– defined various filtering problems
– designed efficient algorithms to solve them
- Lead to
significant improvements on real datasets
– Compared to non-optimized filter selection , to
generic Clustering, or to uncoordinated routers
– Because of clustering of malicious sources
Filter
Selection Module
In this module we
implement the following filter algorithms:
BLOCK-ALL
BLOCK-SOME
TIME-VARYING
BLOCK-ALL/SOME
Evaluation
module
In evaluation module, the evaluation nodes list the
details of the malicious node and the good nodes. This node is designed as such
it will be refreshed for a few seconds of period to update the information on
each and every second. This node acts as a evaluation node as since it
evaluates the nodes from malicious ones.
SYSTEM
REQUIREMENTS:
HARDWARE
REQUIREMENTS:
•
System : Pentium IV 2.4 GHz.
•
Hard
Disk : 40 GB.
•
Floppy
Drive : 1.44 Mb.
•
Monitor : 15 VGA Colour.
•
Mouse : Logitech.
•
Ram : 512 Mb.
SOFTWARE
REQUIREMENTS:
•
Operating system : - Windows XP.
•
Coding Language : VB.NET
REFERENCE:
Fabio Soldo,
Katerina Argyraki and Athina Markopoulou, “Optimal Source-Based Filtering of
Malicious Traffic”, IEEE/ACM Transactions on Networking, Vol. 20, No.20,
April 2012.
