Faculty of Computing and Information Technology

Indus University Karachi

Department of Computing

Final Year Project Proposal Submission Form

Section 1: (To be completed by the Students)

Program of Study: BS (Computer Science) Session: 2020

BS (CS)/ BS (SE) (Programs)

Project Title: DIGRAPH: OBSTRUCT INTRUSION ATTACK

Details of Group Members:

STUDENT
S# NAME OF STUDENT E-MAIL ADDRESS CONTACT# SIGN
ID
1 YAQZAN RAJPUT 2343-2017 [email protected] +92333-2170396

2 ABU DAWOOD ASLAM 2469-2017 [email protected] +92333-2198828

3 AHTISHAM HUSSAIN 2717-2017 [email protected] +92336-2483426

Section 2: (To be completed by the Supervisors)

Supervisor Name: Designation: Signature:

Co-Supervisor’s Name: Designation: Signature:

Internal Expert Name: Designation:

Organization: Signature:

1
 1. Abstract
When succeed at the entry points of a cloud, attackers targeting a specific asset in the
cloud will pursue further exploration to find their targets. Attack targets, are often running
on separate machines, forcing an extra step for a successful attack. The goal of this
project is to investigate the possibility of frustrating attackers by constructing a cloud
network architecture that hides the path to a target asset in the network, utilizing multiple
moving decoy virtual machines and confusing firewall configurations. A deceiving cloud
network architecture can significantly delay, providing time for system administrators to
intervene and resolve the intrusion. This project introduces the concept of misery
digraphs, which provide a theoretical foundation for creating intrusion deception in
clouds. It describes the necessary steps to convert a cloud to one that includes a misery
digraph, and evaluates the feasibility and effectiveness of using the approach with Cloud
services.

Index Terms—Network security, security management, data security, tree graphs.

2. Introduction
In common cloud network architectures, successful attacks require only a few steps. The goal
of this work is to increase the number of steps needed and make each step more difficult for the
attacker. We investigate a pure architectural solution, utilizing unique services provided by cloud
computing platforms, to mitigate remote code execution attacks. Our approach is to continuously
change the structure of the virtual network.

The elasticity provided by cloud computing platforms to distract distributed denial of service
attacks developing a rigorous graph-theoretic model for creating deception in a cloud network of
virtual machines designing a moving target strategy in the model where the true path to a target
machine is continuously moved around the network presenting algorithms for automatically
generating confusing clouds using existing cloud settings analyzing the results of a deep
simulation of an attack on a cloud with a misery digraph demonstrating the practicality of the
approach and a concrete cost analysis by creating a prototype of any virtual network containing
misery digraphs .

Misery digraphs achieve a high level of deception. Simulating an attacker, our results
demonstrate that with a reasonably fast changing misery digraph, for a network of two
machines, there is a 91% probability that the attacker cannot compromise virtual machines
connecting to the target server. [1] [2]

3. Literature Review:
Intrusion Detection System in Clustering: Due increased growth of Internet; number of
network attacks has been increased. Which emphasis needs for intrusion detection systems (IDS)
for securing network? In this process network traffic is analyzed and monitored for detecting
security flaws. In this evaluated five rule base classification algorithms namely Decision Table,
JRip, OneR, PART, and ZeroR. The essential requirement of any IDS is accuracy. [3]

2
Attacks and Intrusion Detection in Cloud Computing Using Neural Networks: Data were
recalled from the network traffic, and after the bees were released, they were used to train the
classifier and to test. Afterwards, attack was detected. Apparently, detection rate of artificial bee
colonywas higher than QPSO. An attack detection rate of 72.4% was obtained for this method
[4].

Data Mining Techniques in Intrusion Detection Systems: We identified 19 separate data

mining techniques used for intrusion detection, and our analysis encompasses rich information
for future research based on the strengths and weaknesses of these techniques. He continued
ability to detect malicious network intrusions has become an exercise in scalability, in which
data mining techniques are playing an increasingly important role. [5]

4. Problem Statement:
Equifax data breach and the 2014 Target data breach are examples of vulnerabilities that allowed
for arbitrary code execution by exploiting web servers and executing commands on them. In
these incidents, attackers did not directly query the data through vulnerable applications, for
example by using SQL injection attacks. The Equifax data breach was reported [6] to have been
a consequence of a vulnerability in Apache Struts 2.1.2 and before 2.3.34 [7], which allowed for
arbitrary code execution. In this attack, a deserialization flaw allows for unsanitized data to be
converted into Java objects. Using these vulnerabilities, the attacker aims for executing code
within the program’s context, eventually leading to executing commands on the target system.

The attacker’s ultimate goal is either to corrupt or query the target database. To gain access to a
database server, the attacker must compromise an entry point in the cloud and propagate through
the cloud. The benefit of delaying an attacker in a confusing cloud architecture is providing a
larger response time window when an intrusion is detected. An example Web Application
Hosting architecture recommended by AWS.

Aim & Objectives:

The aim of this project is to delaying intrusion on a network for attacker frustrating the
attacking strategy. The strategy for delaying remote command inject attack is to create a
large network of decoys virtual machines to confuse the attacker and dynamically relocate
and modify the decoys to waste attacker's resources and frustrate the attacker. Increasing
attack complexity and duration starts with expending and initial connectivity digraph of an
existing virtual network into in containing misery digraph

5. Methodology:
PHASE-I Threat Model:
We assume a trusted and uncompromised cloud computing Platform, and focus on
protecting an application running on that cloud from a sophisticated and motivated adversary
who aims to gain unauthorized access to a targeted data asset within the cloud.

PHASE-II Designing a Misery Digraph:

We first define a generic misery digraph, building on our definition of a connectivity-labelled
digraph. The strategy for delaying an injection attack is a misery digraph contains the original

3
virtual network combined with additional deceiving structure. As a random function of
time, uniformly selected pairs of decoy virtual machines are replaced and switch positions within
the misery digraph.

PHASE-III Canonical Misery Digraph:

Misery digraphs can take many forms and produce strategies with various implications. Our goal
is to find designs that maximize the cost for the attacker relative to the additional cost for the
application owner. These requirements drive our strategy. A misery digraph cannot connect the
target server to more than one vertex in the entire digraph. Violating this requirement will make
the misery digraph easier to traverse.

PHASE-IV Relocating the Decoys:

The structure of misery digraphs, which provides a platform for deceiving intruders. For an
increased deception in misery digraph, two mechanisms are introduced. First, misery digraphs
change in time, moving the true path to target and resetting decoy machines using a random
process. Second, misery digraphs hide the true path to target by replicating the traffic towards it.
In the remainder of this section, we first present the relocation process for misery digraphs.

PHASE-V Hiding the path to Target

The effectiveness of misery digraphs depends on the attacker not being able to distinguish
correct guesses for the next host from incorrect ones. Decoys must be indistinguishable from
path nodes, so need to fully duplicate all the computation and communication that would be
done on the actual path.

6. Conclusion:
Misery digraphs use the cloud’s elastic and cost-effective services to deceive and frustrate
attackers. A graph theoretic model that includes multiple redundant paths towards a cloud
target was proposed and implemented in Cloud. The idea of using redundancy to distract
attackers does not intend to completely eliminate an attack, but to force enough delay on an
aggressive attack to give system administrators time to intercede in the attack. Thus the delay
and confusion and obscurity mechanisms provide the architectural support for a cloud to
defend itself until rescue arrives.
7. Future Direction:
An overall target defense strategy would require an effective intrusion detection mechanism
that can collaborate with the misery digraphs and a mechanism to prevent an intrusion from
reaching the target. Future extensions of this work might enable the misery digraphs
themselves to act as detectors of intrusion, e.g., using the redundant paths as sensors to warn
an outside monitor of possible attacks. For instance, malicious SSH connections to the
redundant machines could trigger such an alarm. Detecting intrusions using misery digraphs
will be addressed in future work.

4
REFERENCES
[1] A. S. U. R. B. a. J. C. .A. Brzeczko, "Active deception model for securing cloud infrastructure,,"
IEEE Conf. Comput. Commun. Workshops (INFOCOM WKSHPS), pp. 535-540, (April 2017).
[2] S. P. a. D. H. A. Chowdhary, "SDN based scalable MTD solution in cloud network," ACM
Workshop Moving Target Defense (MTD), New York, NY, pp. 27-36, 2016.
[3] M. W. A. P. Kailas Elekar, "IEEE," 10 JAN 2015. [Online]. Available:
https://ieeexplore.ieee.org/document/7087051.
[4] G. A. A. S. S. Shalki, "An Intrusion Detection System for Detecting Denial-of-Service Attack in
Cloud Using Artificial Bee Colony,," Proceedings of the International Congress on Information and
Communication Technology, vol. 438, 2016.
[5] M. i. Fadi salo, "Data Mining Techniques in Intrusion Detection Systems," IEEE Explore, vol. 6, p.
56046, 2018.
[6] T. A. S. P. M. Committee, "Apache Struts Statement on Equifax Security Breach," 2017. [Online].
Available: blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax.
[7] National vulerability Database, "Document CVE-2017-9805," 2017. [Online]. Available:
nvd.nist.gov/vuln/detail/CVE-2017-9805.

5
Section 3: (For office use only)
Forwarded by: Submission Date:

FYP Project HEAD:

Name Signature / Date Comments

Approved / Rejected by:

1. Head of Department

Name Signature / Date Comments

2. Dean FCIT

Name Signature / Date Comments

Project Number: Date of Approval / Rejection:

Comments (if any):