Research of methods for counteracting Transport Layer attacks in information and communication networks

Abstract

The work analyzes the most common threats and defines network security objectives, as well as describes quantitative and qualitative indicators of network security, classified into five categories. The work contains an analysis of attacks targeting all seven layers of the Open Systems Interconnection (OSI) model and provides their common features and mechanisms, attack examples, and tools used to carry them out. A review and comparative characteristic of methods for countering transport layer attacks is performed, as well as an experimental study of the effectiveness of the selected methods for countering attacks using the example of the TCP PUSH ACK Flood attack. Particular attention is paid to the transport layer due to its popularity among cybercriminals who carry out distributed denial-of-service attacks using the shortcomings of the TCP and UDP protocols. After studying the theoretical information about the transport layer of the OSI model, special attention is paid to the mechanisms of the TCP protocol, in particular, the selected methods of countering attacks at the transport layer are studied, and their advantages and disadvantages are described. A conclusion is made regarding the effectiveness of the implemented methods of countering the TCP PUSH ACK Flood attack based on the average and maximum values of CPU usage, the percentage of lost packets (Packet Loss), the average and maximum response time, as well as the availability of access to the deployed web page on the victim's server. The final part of the work provides recommendations for improving server software and transport layer protocols, in particular TCP, in order to increase the effectiveness of countering distributed denial-of-service attacks, which are based on the abuse of prohibited flag combinations, IP address spoofing, and sending «Martian packets».