Network Attacks

  • Ali A. Ghorbani
  • Wei Lu
  • Mahbod Tavallaee
Part of the Advances in Information Security book series (ADIS, volume 47)


Network attacks are defined as a set of malicious activities to disrupt, deny, degrade or destroy information and service resident in computer networks. A network attack is executed through the data stream on networks and aims to compromise the Integrity , Confidentiality or Availability of computer network systems. Network attacks can vary from annoying email directed at an individual to intrusion attacks on sensitive data, computer information systems and critical network infrastruca system to collect information, Internet worms , unauthorized usage of a system, denial-of-service by abusing a feature of a system, or exploiting a bug in software to modify system data. Some general approaches that attackers can use to gain access to a system or limit the availability of that system include Social Engineering, Masthe social engineering is an attack method for misleading a victim by aggressive persuasion or using other interpersonal skills to obtain authentication information or access to a system, e.g. email Phishing and email Trojan horses; a masquerading is a type of attack where the attacker pretends to be an authorized user of a system e.g. bypassing the authentication mechanism through the use of stolen logon IDs and passwords; the implementation vulnerability is a software bug in trusted programs flows, race conditions, and mishandled of temporary files; the abuse of functionality stands for a malicious activity that an attacker perform to push a system to failure opening hundreds of telnet connections to other computers. We discussed in this chapter all these network attacks in detail.


Intrusion Detection System Border Gateway Protocol Network Attack MITM Attack Internet Worm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Common Vulnerabilities and Exposures (CVE). Available on:, February 2009.
  2. 2.
    SANS Institute, Egress filtering v 0.2. Available on:, February 2009.
  3. 3.
    Phatbot. Available on:, February 2009.
  4. 4.
  5. 5.
    Stacheldraht. Available on:, February 2009.
  6. 6.
  7. 7.
    TFN. Available on:, February 2009.
  8. 8.
  9. 9.
  10. 10.
  11. 11.
    Trinoo. Available on:, February 2009.
  12. 12.
    Cert advisory ca-2001-26 nimda worm. Available on:, May 2009.
  13. 13.
    Dynamic graphs of the nimda worm. Available on:, March 2009.
  14. 14.
    The spread of code red worm (crv2). Available on:, June 2009.
  15. 15.
    A. Akella, A. Bharambe, M. Reiter, and S. Seshan, Detecting DDoS attacks on ISP networks, Proceedings of the Workshop on Management and Processing of Data Streams, 2003.Google Scholar
  16. 16.
    R. Albert, H. Jeong, and A. Barabasi, Error and attack tolerance in complex networks, Nature 406 (2000), 387–482.CrossRefGoogle Scholar
  17. 17.
    H. Aljifri, M. Smets, and A. Pons, IP traceback using header compression, Computers & Security 22 (2003), no. 2, 136–151.CrossRefGoogle Scholar
  18. 18.
    S.M. Bellovin, M. Leech, and T. Taylor, ICMP traceback messages, (2000).Google Scholar
  19. 19.
    V. Berk, G. Bakos, and R. Morris, Designing a framework for active worm detection on global networks, Proceedings of the IEEE International Workshop on Information Assurance (Darmstadt, Germany), 2003.Google Scholar
  20. 20.
    N. Brent, G. Lee, and H. Weatherspoon, Netbait: a distributed worm detection service, Tech. Report IRB-TR-03-033, Intel Research Berkeley, September 2003.Google Scholar
  21. 21.
    L. Briesemeister, P. Lincoln, and P. Porras, Epidemic profiles and defense of scale-free networks, Proceedings of the 2003 ACM workshop on Rapid malcode, ACM New York, NY, USA, 2003, pp. 67–75.Google Scholar
  22. 22.
    H. Burch and B. Cheswick, Tracing anonymous packets to their approximate source, Proceedings of the USENIX Large Installation Systems Administration Conference (New Orleans, USA), 2000, p. 319327.Google Scholar
  23. 23.
    J. Cabrera, L. Lewis, X. Qin, W. Lee, R. Prasanth, B. Ravichandran, and R. Mehra, Proactive detection of distributed denial of service attacks using mib traffic variables - a feasibility study, Proceedings of the 7th IFIP/IEEE International Symposium on Integrated Network Management (Seattle, WA), 2001, pp. 609–622.Google Scholar
  24. 24.
    Ho-Yen Chang, S. Felix Wu, and Y. Frank Jou, Real-time protocol analysis for detecting link-state routing protocol attacks, ACM Transactions on Information and System Security (TIS-SEC) 4 (2001), no. 1, 1–36.CrossRefGoogle Scholar
  25. 25.
    CISCO, Understanding unicast reverse path forwarding, Available on:, June 2009.
  26. 26.
    D. Dean, M. Franklin, and A. Stubblefield, An algebraic approach to IP traceback, ACM Transactions on Information and System Security (TISSEC) 5 (2002), no. 2, 119–137.CrossRefGoogle Scholar
  27. 27.
    P. Ferguson and D. Senie, RFC2267: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC Editor United States (1998).Google Scholar
  28. 28.
    S. Fischer-Hbner and K. Brunnstein, Combining verified and adaptive system components towards more secure computer architectures, Proceedings of the International Workshop on Computer Architectures to Support Security and Persistence of Information (Bremen, Germany), May 1990, pp. 1–7.Google Scholar
  29. 29.
    Simson Garfinkel and Gene Spafford, Practical unix and internet security, OReilly and Associates, Sebastopol, CA, USA, 1996.Google Scholar
  30. 30.
    T. Gil and M. Poletto, Multops: A data-structure for bandwidth attack detection, Proceedings of the USENIX Security Symposium (Washington, DC), 2001, p. 2338.Google Scholar
  31. 31.
    Ajay Gupta and R. Sekar, An approach for detecting self-propagating email using anomaly detection, Proceedings of Recent Advances in Intrusion Detection (RAID) (Pittsburgh, PA, USA), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, September 2003, pp. 55–72.Google Scholar
  32. 32.
    S. Hansman and R. Hunt, A taxonomy of network and computer attacks, Computers & Security 24 (2005), no. 1, 31–43.CrossRefGoogle Scholar
  33. 33.
    X. He, C. Papadopoulos, J. Heidemann, and A. Hussain, Spectral characteristics of saturated links, Tech. report, University of Southern California, 2000.Google Scholar
  34. 34.
    A. Hussain, J. Heidemann, and C. Papadopoulos, A framework for classifying denial of service attacks, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, ACM New York, NY, USA, 2003, pp. 99–110.Google Scholar
  35. 35.
    J. Ioannidis and S. Bellovin, Implementing pushback: Router-based defense against ddos attacks, Proceedings of the Network and Distributed Systems Security Symposium (San Diego, California), 2002, pp. 79–86.Google Scholar
  36. 36.
    S. Ioannidis, A.D. Keromytis, S.M. Bellovin, and J.M. Smith, Implementing a distributed firewall, Proceedings of the 7th ACM conference on Computer and communications security, ACM New York, NY, USA, 2000, pp. 190–199.Google Scholar
  37. 37.
    Cheng Jin, Haining Wang, and Kang G. Shin, Hop-count filtering: an effective defense against spoofed ddos traffic, Proceedings of the 10th ACM conference on Computer and communication security (CCS) (Washington D.C., USA), 2003, pp. 30–41.Google Scholar
  38. 38.
    N. Joukov and T. Chiueh, Internet worms as internet-wide threats, Tech. Report RPE report, TR-143, Department of Computer Science, Stony Brook University, September 2003,
  39. 39.
    Charlie Kaufman, Radia Perlman, and Bill Sommerfeld, Dos protection for udp-based protocols, Proceedings of the 10th ACM conference on Computer and communication security (CCS) (Washington D.C., USA), 2003, pp. 2–7.Google Scholar
  40. 40.
    A.D. Keromytis, V. Misra, and D. Rubenstein, SOS: An architecture for mitigating DDoS attacks, IEEE Journal on Selected Areas in Communications 22 (2004), no. 1, 17–188.CrossRefGoogle Scholar
  41. 41.
    S.S.O. Kim, A.L.N. Reddy, and M. Vannucci, Detecting Traffic Anomalies at the Source through aggregate analysis of packet header data, Proceedings of the IEEE Computer Networking Symposium, 2004.Google Scholar
  42. 42.
    William L. Konigsford, A taxonomy of operating-system security flaws, Tech. Report UCID-17422, Lawrence Livermore Laboratory, 1976.Google Scholar
  43. 43.
    G. Koutepas, F. Stamatelopoulos, and B. Maglaris, Distributed management architecture for cooperative detection and reaction to ddos attacks, Journal of Network and Systems Management 12 (2004), no. 1, 73–94.CrossRefGoogle Scholar
  44. 44.
    Ivan Victor Krsul, Software vulnerability analysis, Ph.D. thesis, Purdue University, West Lafayette, IN, USA, 1998.Google Scholar
  45. 45.
    A. Lakhina, M. Crovella, and C. Diot, Diagnosing Network-Wide Traffic Anomalies, ACM SIGCOMM, 2004, pp. 219–230.Google Scholar
  46. 46.
    T. Liston, Welcome to my tarpit: The tactical and strategic use of LaBrea, Dshield. org White paper (2001).Google Scholar
  47. 47.
    D.L. Lough, A taxonomy of computer attacks with applications to wireless networks, Ph.D. thesis, Virginia Polytechnic Institute and State University, Blacksburg, VA, USA, 2001.Google Scholar
  48. 48.
    W. Lu and I. Traore, An unsupervised approach for detecting ddos attacks based on traffic based metrics, Proceedings of IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (Victoria, BC), 2005, pp. 462–465.Google Scholar
  49. 49.
    R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, Controlling high bandwidth aggregates in the network, ACM Computer Communication Review 32 (2002), no. 3, 62–73.CrossRefGoogle Scholar
  50. 50.
    Christey S.M. Mann, D.E., Common vulnerabilities and exposures, Tech. report, The MITRE Corporation, 1999.Google Scholar
  51. 51.
    J. Mirkovic, G. Prier, and P. Reiher, Attacking ddos at the source, Proceedings of the 10th IEEE International Conference on Network Protocols (Paris, France), 2002, pp. 312–321.Google Scholar
  52. 52.
    D. Moore, C. Shannon, G. Voelker, and S. Savage, Internet quarantine: Requirements for containing self-propagating code, Proceedings of The 22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2003), April 2003.Google Scholar
  53. 53.
    J.T. Moore, J.K. Moore, and S. Nettles, Predictable, Lightweight Management Agents, Lecture notes in computer science (2002), 111–119.Google Scholar
  54. 54.
    William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein, Using graphic turing tests to counter automated ddos attacks against web servers, Proceedings of the 10th ACM conference on Computer and communication security (CCS) (Washington D.C., USA), 2003, pp. 8–19.Google Scholar
  55. 55.
    P. Mutaf, Defending against a denial-of-service attack on tcp, Proceedings of Recent Advances in Intrusion Detection (RAID) (Purdue, IN, USA), 1999.Google Scholar
  56. 56.
    O. Nordstrom and C. Dovrolis, Beware of BGP Attacks, Communication Review 34 (2004), no. 2, 1–8.CrossRefGoogle Scholar
  57. 57.
    Vern Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks 31 (1999), no. 23–24, 2435–2463.CrossRefGoogle Scholar
  58. 58.
    T. Peng, C. Leckie, and R. Kotagiri, Defending against distributed denial of service attacks using selective pushback, Proceedings of the 9th IEEE International Conference on Telecommunications (Beijing, China), 2002.Google Scholar
  59. 59.
    ——, Detecting distributed denial of service attacks by sharing distributed beliefs, Proceedings of the 8th Australasian Conference on Information Security and Privacy (Wollongong, Australia), 2003.Google Scholar
  60. 60.
    ——, Detecting reflector attacks by sharing beliefs, Proceedings of the IEEE 2003 Global Communications Conference (Globecom 2003), Communications Security Symposium (San Francisco, California, USA), 2003.Google Scholar
  61. 61.
    ——, Protection from distributed denial of service attack using history-based ip filtering, Proceedings of the IEEE International Conference on Communications (ICC) (Anchorage, Alaska, USA), 2003, pp. 482–486.Google Scholar
  62. 62.
    ——, Proactively detecting ddos attack using source ip address monitoring, Proceedings of the Networking 2004 (Athens,Greece), 2004.Google Scholar
  63. 63.
    Martin Roesch, Snort-lightweight intrusion detection for networks, Proceedings of LISA'99: 13th USENIX Systems Administration Conference (Seattle, Washington), 1999, pp. 229–238.Google Scholar
  64. 64.
    D. Schnackengerg, H. Holliday, R. Smith, K. Djahandari, and D. Sterne, Cooperative intrusion traceback and response architecture (citra), Proceedings of The DARPA Information Survivability Conference and Exposition II, DISCEX'01 (Anaheim, CA, USA), vol. 1, 2001, pp. 56–68.Google Scholar
  65. 65.
    Clay Shields, What do we mean by network denial of service, Proceedings of the 2002 IEEE Workshop on Information Assurance and Security (West Point, N.Y.), 2002.Google Scholar
  66. 66.
    C. Siaterlis, B. Maglaris, and P. Roris, A novel approach for a distributed denial of service detection engine, Proceedings of HP Open View University Association Workshop (HPOVUA) (Purdue, IN, USA), 2003.Google Scholar
  67. 67.
    Christos Siaterlis and Basil Maglaris, Towards multisensor data fusion for dos detection, Proceedings of the 2004 ACM symposium on Applied computing (Nicosia, Cyprus), 2004, pp. 439–446.Google Scholar
  68. 68.
    A.C. Snoeren, Hash-based IP traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, ACM New York, NY, USA, 2001, pp. 3–14.Google Scholar
  69. 69.
    D. Song and A. Perrig, Advanced and authenticated marking schemes for ip traceback, Proceedings IEEE Infocomm (Anchorage, Alaska), 2001.Google Scholar
  70. 70.
    E. Spafford, The internet worm: crisis and aftermath, Communications of the ACM 32 (1989), no. 6, 678–687.CrossRefGoogle Scholar
  71. 71.
    S. Staniford, Containment of scanning worms in enterprise networks, Journal of Computer Security 85 (2004), 99.Google Scholar
  72. 72.
    S. Staniford, V. Paxson, and N. Weaver, How to Own the internet in your spare time, Proceedings of the 11th USENIX Security Symposium (Washington, DC), 2002.Google Scholar
  73. 73.
    A. Stavrou, D.L. Cook, W.G. Morein, A.D. Keromytis, V. Misra, and D. Rubenstein, WebSOS: an overlay-based system for protecting web servers from denial of service attacks, Computer Networks 48 (2005), no. 5, 781–807.CrossRefGoogle Scholar
  74. 74.
    Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley Holliday, and Travis Reid, Autonomic response to distributed denial of service attacks, Proceedings of Recent Advances in Intrusion Detection (RAID), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, 2001, pp. 134–149.Google Scholar
  75. 75.
    T. Toth and C. Kruegel, Connection-history based anomaly detection, Proceedings of IEEE Workshop on Information Assurance and Security (West Point, NY), 2002.Google Scholar
  76. 76.
    U.K. Tupakula and V. Varadharajan, A controller agent model to counteract dos attacks in multiple domains, Proceedings of the IFIP/IEEE Eighth International Symposium on Integrated Network Management, 2003, pp. 113–116.Google Scholar
  77. 77.
    Marcus Tylutki and Karl Levitt, Mitigating distributed denial of service attacks using a proportional-integral-derivative controller, Proceedings of Recent Advances in Intrusion Detection (RAID) (Pittsburgh, PA, USA), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, 2003, pp. 1–16.Google Scholar
  78. 78.
    H. Wang, D. Zhang, and K.G. Shin, Detecting SYN flooding attacks, Proceedings of the Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), vol. 3, 2002.Google Scholar
  79. 79.
    X. Wang and D.S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays, Proceedings of the 10th ACM conference on Computer and communications security, ACM New York, NY, USA, 2003, pp. 20–29.Google Scholar
  80. 80.
    M. M. Williamson, Resilient infrastructure for network security, Proceedings of the ACSAC workshop on Application of Engineering Principles to System Security Design (Bostom, MA, USA), 2002.Google Scholar
  81. 81.
    Cliff Changchun Zou, Lixin Gao, Weibo Gong, and Don Towsley, Monitoring and early warning for internet worms, Proceedings of the 10th ACM conference on Computer and communication security (Washington D.C., USA), ACM Press, October 2003, pp. 190–199.Google Scholar

Copyright information

© Springer-Verlag US 2010

Authors and Affiliations

  1. 1.University of New BrunswickFrederictonCanada

Personalised recommendations