Research Distributed Attacks in Computer Networks

This paper deals with the questions of computer network, attacks, threats, network attacks, “Denial of Service”, DoS – attacks, DDoS – attacks, DRDoS – attacks, mathematical model. The article presents an approach to detection of the distributed network attacks to refusal in service, the offered method increases efficiency of use of the calculated resource of a computer network at the big distributed network attacks to “Denial of Service”. The paper proposes a mathematical model of compromised node and the number of all possible routes that can have an admission to access points, have done a comparative characteristics of attacks DoS / DDoS / DRDoS in computer network.

Because the principle of open networks and access to them are specific features of their structure and processes of operation, such as openness, protection, characterized by significant heterogeneity.At present, special attention focuses on new areas of development and improvement of data networks.Among them should provide wireless (mobile) networks.Such networks provide the user with unique opportunities for fast access to remote network resources, including the global network Internet, limiting his mobility, not linking to the wired communication lines.
With the development and complication of the tools, techniques and processes of information processing increases dependence of modern society on the degree of security used his information technology.
Computer network providing every opportunity for exchanging data between the client and server, but now widely distributed attack denial of service clients, the determination of distributed attacks in the network is particularly acute.The most common types of such attacks are DoS / DDoS / DRDoS attacks, which deny certain users of computer network services (Stone R., 2000).
"Denial of Service" or "DoS attack" are one of types of network attacks, are intended "to flood" target networks or cars with a large number of a useless traffic, so that overload the attacked machine.The main essence of DoS of attack to make the services working at the target car (for example, the website, the DNS server and so forth) temporarily inaccessible to alleged users.DDoS attacks are usually carried out on a web server on which there are vital services, such as bank services, electronic commerce, processing of personal information, credit cards (Denial-ofservice attack, 2015).
The most common type of Denial of Service attack involves flooding the target resource with external communication requests.This overload prevents the resource from responding to legitimate traffic, or slows its response so significantly that it is rendered effectively unavailable (Ioannidis J. and Bellovin S.M., 2002).
Resources targeted in a DoS attack can be a specific computer, a port or service on the targeted system, an entire network, a component of a given network any system component.DoS attacks may also target human-system communications (e.g.disabling an alarm or printer), or human-response systems (e.g.disabling an important technician's phone or laptop) (Dean D. et al., 2001).
DoS attacks can also target tangible system resources, such as computational resources (bandwidth, disk space, processor time); configuration information (routing information, etc.); state information (for example, unsolicited TCP session resetting).Moreover, a DoS attack can be designed to: execute malware that maxes out the processor, preventing usage; trigger errors in machine microcode or sequencing of instructions, forcing the computer into an unstable state; exploit operating system vulnerabilities to sap system resources; crash the operating system altogether (Deepthi S. et al., 2015).
DDoS -is the acronym for Distributed Denial of Service.DDoS is denial of service network resource resulting in multiple distributed (i.e.originating from different Internet access points) requests.
DDoS -attack the distributed attack like refusal in service which is one of the most widespread and dangerous network attacks.DDOS is a type of DOS attack where multiple compromised systems -which are usually infected with a Trojan -are used to target a single system causing a Denial of Service (DoS) attack.Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack (Elliott John, 2000).
DDoS attack, the incoming traffic flooding the victim originates from many different sources -potentially hundreds of thousands or more.This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
The widespread DOS option of the attack known as DDoS (Distributed Denial of Servicethe distributed refusal in service) attack, became very popular in recent years as it is very powerful and difficult to detected attacks.DoS attack takes one place of an origin, and attack of DDoS comes from several IP addresses distributed on several networks (Lee Garber, 2000).
Reflection DDoS attacks are an older style of attack, but have recently received a lot of press.For example, the March attack on anti-spammers Spamhaus, which was the largest DDoS attack that has taken place to date, (at 300Gbps), used the reflection method.It is a fairly common attack vector and extremely effective when launched by an attacker with significant resources.To better understand reflection DDoS attacks (also known as DRDoS: Distributed Reflected DoS), let's break them into their two main components: reflection and amplification (Yang Z.X. et al., 2014).
In a reflection DDoS attack (DRDoS, Distributed Reflected DoS), the attacker imitates ("spoofs") the victim's IP address and sends a request for information via UDP to servers ("reflectors") known to respond to that type of request.The servers answer the request and send ("reflect") the response to the victim's IP address.Thus, from the servers' perspective, the victim sent the original request (Wang J. and Chien A.A., 2003).
All the data from those servers adds up to significant bandwidth, enough to congest the target's Internet connectivity.With bandwidth maxed out, "normal" traffic cannot be serviced and legitimate clients can't connect.Any server open to the Internet and running UDP-based services can potentially be used as a reflector.
With the constant development of computer networks and the increasing number of users grows and the number of new types of attacks to denial of service.DoS / DDoS / DRDoS attacks are characterized by a straightforward implementation complexity and resistance, which poses new problems of researchers, who are still not yet resolved.Analysis of recent publications shows that exercise is accompanied by attacks: interception of confidential information to unauthorized use of network bandwidth and computational resources, the spread of false information, violation of network administration (Apiecionek L. et al., 2015).

METHOD
To build a system to protect computer networks identified the main types of threats and their impact on network security.On the basis of the classification of known attacks denial of service developed a formal mathematical model of linear species.In this model is used the method of weight factors.The constructed formalized mathematical models of probability of information DoS / DDoS / DRDoS -threats, that define the matrix activity network by which the attack is uniquely determined (Özçelik I. and Brooks R.R., 2014).
Using the method of weighting coefficients developed a mathematical model of communication of client and server for the differentiation of attacks in computer networks containing probability compromised node number of paths from the access points to the destination.The comparative characteristics of the implementation of Denial of Service client -server system, allows us to distinguish what type of attacks carried out its initiator (Baba T. and Matsuda S., 2002).
In this paper we investigate the traffic and the analysis of its volume, which depends on the type of exposure to attacks DoS / DDoS / DRDoS.Describes the characteristics of computer network attacks during a Denial of Service using a large number of compromised nodes, reflecting the growth of generating traffic and significant work client -server system (Szczerba E.V. and Volkov D.A., 2013).

1.
Based on the classification of information threats specific to attacks such as DoS / DDoS / DRDoS is suggested formal model of a linear type of attack to differentiate on the basis of weighting factors.With these parameters and coefficients can define the main types of threats in computer networks to effectively design information protection system based on information threats.

2.
Are developed matrixes of network activity, with which you can draw conclusions about the implementation of the attack.The analysis of the offered models showed that all types of attacks influence operation of computer networks.With increase in It is shown that to distinguish an attack it is advisable to take advantage of the proposed method, which examines the way the attack and its passage through the compromised node.4.
To determine the type of attack, implemented formulated a mathematical model of communication of client and server that contains the probability of compromised node number of paths from the access points to the destination.Conducted model experiment showed that an increase in the number of paths from the client to the server network activity is low, making it difficult to implement the attack (Aleksander M.A. et al., 2012). 5.
Is offered the method probable markings of packets for tracing of attacks to a failure in service in which process of recovery of the message happens in two stages for achievement of high reliability of message passing.6.
Are illuminated feasibility of determination of the parameters regulating the volume of the packets transferred on each communication link separately and total amount of packets.Results of computer simulation showed that in time attack promptly increases traffic volume in channels of a network , most of the traffic uses the attack type of DoS / DDoS / DRDoS (Karpinski N. and Shangytbayeva G., 2015).7.
Is proved that for the reinforced intensity of attack and increase in a factor of uncertainty the initiator of attacks uses counterfeit packets of other nodes.Therefore it is expedient to carry out the analysis of value of a factor of uncertainty for a resource of computer networks by means of the received ratio.8.
To track the source of the attack method developed probabilistic packet marking, in which the recovery process messages in two stages to achieve high reliability of messaging each word (Szczerba E.V. and Szczerba M.V., 2012).To solve this problem it is advisable to use the classification of information threats and DoS / DDoS / DRDoS attacks and mathematical models of the level of impact indicators to work a computer network.This will allow the use of indicators and of coefficients and to establish the degree of influence.
Based on the classification of information threats, prompted a formal mathematical model that is used to determine the influence of each parameter on the threat (Deepthi S. et al., 2015).
Having analyzed classification of DoS / DDoS / DRDoS of attacks, it is possible to offer the formalized mathematical model which allows to define a level of influence of indexes of attacks on computer networks: P IT =  i (P Konf , P Chel , P Dost ), P DoS =  i (P Smurf , P Fraggle , P SYNFlood , P DNS ), P DDoS =  i (P Trinoo , P TFN / TFN2K , P Stacheldraht ), ... By these indexes and coefficients it is possible to define the main types of threats and their influence of the security level of computer networks allowing to design effectively systems of information security taking into account information threats (Savage S. et al., 2000).
To solve the task should use the classification of information threats, DoS / DDoS / DRDoS attacks and formalized models (2) measure the impact on job performance computer network.
These mathematical model defining the matrix network activity, according to which make conclusions about the realization of attack: These weight factors can be determined by the experimental method.That is, to design architecture of the networks provided in a figure 1 and to set intensity of different type of attacks to a network (Bhatia S. et al., 2014).
Thus, having taken total quantity of attacks for 100%, it is possible to define, how many processes will belong to each type of attacks.Then the coefficients will be calculated according to the following equation: % 100 , % 100 , % 100 Similarly also are defined all remaining indexes.
The research has shown that all types of attacks evenly affecting computer network.With increasing probability kinds of attacks the probability of information threats and DoS / DDoS / DRDoS attack increases directly proportional.The denial of service attack has the greatest impact on network performance.But to discern what kind of attack is practically implemented, these models do not allow (Hautio J. and Weckstrom T., 1999).
To determine the types of attack that is implemented, form the mathematical model of communication and customer service, which includes the likelihood compromise node and the number of ways to whatever they access points.
a, b, c, d, e, f, g -model of communication; i -types of attacks DoS / DDoS / DRDoS; k -number of possible paths from AP to T.
Here are the results of numerical experiment with the model ( 5) in graphic form (Figure 1).
In the illustration:  -weighting coefficient, k -the number of paths from the access points to the destination AP to T, n -number of nodes,   n i i AP P 1 -the total number of probably compromised access points.The research have shown that as the number of ways to whatever they can from client to server network activity is low, so the practical realization of attack is difficult to determine.For small values k, the active of network is growing rapidly, the attack is determined unambiguously.Level of the compromised nodes has a little impact on network activity in general, since these units do not determine the process routing (Hussain A. et al., 2003).
To distinguish between that attacks was realized, we use Table 1 which analyzed the way to and through compromised node.
It should be noted that the attacks and DNS TAN/TF2K implemented on a specific path, because in a computer network they are easy to detect by analyzing traffic.Traffic activity increases significantly in the implementation of such attacks.In other cases it is difficult to determine the type of threat (Yang Z.X. et al., 2014).

CONCLUSION
Research have shown that the formal mathematical model of probability information of threats and DoS / DDoS / DRDoS attacks based on the linear form of the method of weighting coefficients do not allow to discern what kind of attack is practically implemented in a computer network, because with increasing probabilities of attack types increases directly proportional probability information of threats and attacks DoS / DDoS / DRDoS.
Dependence of probability weights compromised access points and ways of whatever they have shown that for small values k active network is growing rapidly and clearly defined attack.When increasing the number of ways to whatever they can from the client to the server, practical realization of attack is difficult to determine because of the low activity of the network.Level nodes of compromise have a little impact on network activity in general, since these units do not determine the process routing.
On the basis of the presented technique developed the architecture and constructed program realization of system of detection of DoS / DDoS / DRDoS attacks.The developed technique allows to obtain an adequate assessment of the frequency of losses in the network applications if the queuing network is in the stationary mode.At emergence DoS / DDoS / DRDoS attacks knots of networks of mass service leave the stationary mode for some time then set the stationary mode with other parameters.For the period of transition between the modes the technique is inapplicable.As transition time between the modes depends on topology of a network and parameters of knots, the assessment of efficiency of the developed of technique and its comparative analysis with other approaches represents a separate task.

Fig. 1 . 1 -
Fig. 1.Dependence of probability weights compromised access points, and number of whatever routs: weighting coefficient, k -the number of paths from the access points to the destination AP to T, n -number of nodes,   n


(1) P DRDoS = μ i (P Smurf , P Fraggle , P DNS , P SNMP ), Where,  i,  i ,  i , μ i -weighting coefficients of influence of indexes of DoS, DDoS, DRDoS of attacks, where,The weighting factors determine the contribution of the main types of attacks, DoS / DDoS / DRDoS computer networks and allow these attacks to take into account in the design and operation of information security systems.
DoS -quantity of indexes of attacks of a type of DoS to a network of type a), n a DDoS -quantity of indexes of attacks of a type of DDoS to a network of type a), n a DRDoS -quantity of indexes of attacks of a type of DRDoS to a network of type a).

Table 1 .
Comparative characteristics of attacks DoS / DDoS / DRDoS, computer network (Bu T. et al., 2004)ieties of attacks the probability of information threats like DoS / DDoS / DRDoS increases in direct ratio.However, to discern exactly what a particular attack is practically implemented, these models do not allow(Bu T. et al., 2004)3.