Denial of Service Countermeasures: Intelligence Development and Analysis at the Network Node Level

Abstract:

This paper presents the results of an ongoing research where denial of service, DoS, countermeasures are being studied and simulated. The philosophy behind this research is that artificial intelligence at the network node stage can recognize and avert DoS threats on a real time basis. Along this objective a firewall algorithm was designed that examines the header of each and every service requesting packet. Packet requests are classified into accounts by their destination URL, and metadata are being developed based on the volume of packet-requests destined for the same server, as this volume compares to the average such requests. Based on these two parameters – volume over unit of time and average volume over several units of time – an account’s activity is deemed insignificant, significant or critical, from the DoS viewpoint threats, and is being identified as level green, yellow or red. At the green level, packets are being propagated as expected. At the yellow level, packets are being propagated along with a flag advising the next network node of the existence of a potential threat. Finally, at the red level packets are being either delayed or possibly blocked and a warning is being sent to surrounding network nodes and to the targeted URL’s server. Although at a very small scale, the computer simulation conducted in this research demonstrated that artificial intelligence can be successfully deployed at the network node stage, and that further research refining the designed firewall algorithm is merited.