2 dos attacks a denial of service dos attack is an

This preview shows page 5 - 6 out of 6 pages.

2. DoS Attacks A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Such types of attacks are generally stealth attacks which are not generally detected using the IDS rules. Therefore in such cases based on the kind of attack that occurs and it’s specific network activity patterns, custom rules needs to be created and added to our Rules repository. To prevent such types of attack, we can use the Wireshark plugin in the OpenDayLight Controller and thus based upon the traffic analyses create a generic rule, which will block such types of IPs at the switch level that tries to make a Dos attack attempt. 4.2 Scenario 2# The respective IoT devices which need to be secured are connected to the Internet via Cellular networks. Providing secure communications among M2M devices over cellular networks is an emerging research area, with different approaches being adopted. On one hand, efforts aim to secure the device itself and, on the other hand, network/provider-based architectures that benefit from the existing authentication methods of a cellular telecom operator are being proposed. The basic process flow and the solution proposed for Scenario #1 remains the same in this segment too. Though there will be slight modifications in the architecture. A normal Radio Access Network (RAN) architecture for IP packets is shown below Figure 5. Radio Access Network Architecture Below is a brief description of each of the components shown in the above architecture [13]. i. The Home Subscriber Server (HSS) component has been carried forward from UMTS and GSM and is a central database that contains information about all the network operator's subscribers. ii. The Packet Data Network (PDN) Gateway (P-GW)communicates with the outside world using SGi interface. Each packet data network is identified by an access point name (APN). The PDN gateway has the same role as the GPRS support node (GGSN) and the serving GPRS support node (SGSN) with UMTS and GSM. iii. The serving gateway (S-GW) acts as a router, and forwards data between the base station and the PDN gateway. iv. The mobility management entity (MME) controls the high-level operation of the mobile by means of signaling messages and Home Subscriber Server (HSS). v. The Policy Control and Charging Rules Function (PCRF) is a component responsible for policy control decision-making, as well as for controlling the flow-based charging functionalities in 2016 2nd International Conference on Next Generation Computing Technologies (NGCT-2016) Dehradun, India 14-16 October 2016881
the Policy Control Enforcement Function (PCEF), which resides in the P-GW4.2.1 Proposed Radio Access Network (RAN) Architecture IoT Gateway Controller is now attached to the S-GW or the serving gateway so as to monitor all the traffic that passes through that network device. Figure 6. Modified Radio Access Network (RAN) Architecture to incorporate our Proposed Solution In the case of any kind of kind of malicious packet or threat detection, the controller will modify the respective flow tables and will thus block that data packet to get routed to the P-GWor the Packet Data Network.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture