Separation of Lanthanides/ Lanthanides and Actinides
Embedded
1. Embedded Intrusion Detection and
Authority Management System
Abindas PK, Parthasarthi R
Department of Electronics and Communication,
Park College of Engineering and Technology,
Kaniyur, Coimbatore-641659
abindas1991@gmail.com
psarthy.100@gmail.com
Abstract individuals face double threat from inside and outside
[1]. Many domestic enterprises call for internet
Embedded systems are becoming a main solution to security device and software. The device at home and
many specific tasks because of this high stability, abroad can not be used in the establishment of
minimal power consumption, portability and internet security extensively because their high price,
numerous useful. Nowadays, many new applications complex operation, depending on operating system
are developed using embedded system. This paper and low independence. With the development of
presents the possible usage, design and embedded technology the processing ability of
implementation on embedded Linux platform system embedded chip is more and more strong and the cost
for Intrusion Detection (Smurf Attack Detect). By is more and more low. Embedded operating system
applying these methods the embedded system is able has been used in many fields such as industrial
to identify Smurf attack and analyze ICMP traffic. In control and amusement games [2]. If we adopt
order to monitor network transmission effectively embedded technology in internet security products
and safely and detect suspicious behavior in the the cost will be decreased greatly and real-time
network, the intrusion detection software was processing ability will be improved greatly.
solidified in embedded hardware development board Embedded system is a system that is designed to
The system adopted real-time linux operating system serve specific tasks. Almost all embedded systems
used in the field of industrial widely, achieved real- come in compact size, so users are able to use them
time detection and prevention to hacking attack as additional parts to other devices or to construct
including port scans, buffer overflow attacks specific applications with them. Embedded systems
backdoor attack, DOS attacks, and other information- have many advantages like high efficiency, long life
gathering network ,and so on, reduced development usage, and economical energy consumption.
costs, increased data processing speed. It is Embedded systems have become ubiquitous as can be
significant that network security product develop on found in many new devices and systems such as
embedded Linux has a very high market potential. cellular phones, PDAs and wireless networks.
Keywords― Embedded System, Computer II. Smurf Attack
security, DDoS Attack, Smurf Attack, Intrusion Smurf Attack is a type of well known DdoS attack
Detection; Authority Management, Cyber Security where an attacker exploits packets unprotected
computers on Internet to direct a flood of ICMP
I. Introduction echoreply messages towards the victim computer.
Primarily Smurf Attack exploits the ICMP messages
With the development Internet has been an that are among the most commonly used diagnostics
indispensable tool in people’s life and work. Internet tools frequently used to troubleshoot problems in a
has brought out many conveniences and efficiency network [3]. A computer system that receives an
but the security threaten that brought by internet and ICMP echo request message is to respond by sending
local area network bothered human all the time. The an ICMP echo reply message back to the sender. The
information that transmitted in traditional internet packet format used by the ICMP echo request and
was proclaimed in writing therefore user’s accounts, echo reply shown in Fig. 1 By the value of the type
passwords and business secrets can be filched by field the ICMP echo request and echo reply messages
others easily. Most of enterprises and institution, are identified. The echo request has the TYPE filed
value = 8 where as the echo reply has the TYPE field
2. value = 0. The OPTIONAL DATA field holds data
that are returned to the sender by the receiver of the
ping messages. The IDENTIFIRE and the
SEQUENCE NUMBER fields are used to match the
request and reply messages.
0 7 8 15
16
31
TYPE CODE (0) CHECKSUM
IDENTIFIER SEQUENCE NUMBER
OPTIONAL DATA
Figure 2. Smurf Attack Diagram
-----------------------------------
The above diagram shows a structure of Smurf
Figure 1 ICMP Echo Request/Reply Message Format Attack. The attacker sends a stream ICMP echo
packets to the router at 128kbps. The attacker
Both ICMP echo request and ICMP echo reply modifies the packets by changing the source IP
messages are used in Smurf Attack. A perpetrator address to be that of the victim’s computer so replies
sends a large amount of ICMP echo (ping) traffic to to the echo packets will be sent to the address. The
the IP broadcast addresses, all of it having a spoofed destination address of the packets is a broadcast
source address of a victim. If the routing device address of the so-called bounce site.
delivering traffic to those broadcast addresses
perform the IP broadcast to layer 2 broadcast
functions most host on that IP network will take the IV. System Architecture
ICMP echo request and reply to it with an echo reply The internet use behaviors in many small and
each, multiplying the traffic by the number of hosts medium enterprises are investigated. The result was
responding. If the broadcast domain has N number of shown as following [3]:
computers then for each echo request message sent to 1) Internet transaction is easy at contrast. Dispatch e-
the broadcast domain, N number of echo reply mail and browse net page (https, telnet and ftp).
messages are generated and sent not to the original 2) The external bandwidth is no more than 10M on
sender but to the victim’s computer (due to the general but interior internet was constructed by
spoofed source address in the ICMP echo request Ethernet whose bandwidth is more than 100M.
messages). In effect, the broadcast domain helps 3) Internet security request is visible but the hardware
amplify and direct the DDoS attack traffic towards a cost is low and it has a firewall on general.
victim computer. If more than one broadcast domains 4) It only needs one internet manager so the labor
are involved then such DDoS attack traffic can be cost is low.
amplified even further and the victim computer is Based on investigate result, a firewall cooperate
flooded with a large number of ICMP echo reply with a Lightweight IDS(Intrusion Detect System)
messages resulting in bandwidth exhaustion and also network security system scheme is bought forward
the resource exhaustion of the victim computer. aiming at small and medium enterprises network
security.
III. Smurf Attack Diagram A. System Architecture Analyse
Smurf Attack is a nasty type of DDoS attack. The Fig.3 is the system architecture. The intrusion
attacker sends a large amount of ICMP packet to a detection system locates between intranet and
broadcast address and uses a victim IP address as the internet so it can detect the intrusion from internet
source IP so the replies from all the devices that and the attacks from intranet.
respond to the broadcast address will flood the
victim. The attacker can use low-bandwidth
connection to kill high-bandwidth connections. Fig 2
shows the diagram of Smurf attack.
3. Linux 2.4.18 Kernel is a kernel version which is
widely used in the field of the foreign embedded
development. It supports more types of CPU, and its
performance is stable.
2) The Choice of Programming Language
The main factors of the choice of Programming
Language are illuminated as follows: Generality;
Degree of portability; Execution efficiency;
Maintainability. The system has been developed with
standard C++. GCC is used as compile and
connection tool.
D. Experimental Setup
Experiments to simulate attack involving real
computer systems were designed. In these
experiments, a Smurf-attack was generated in a
controlled environment. A Linux Ubuntu-based
Figure 3. System architecture of IDS computer was used as the victim computer of the
Smurf-attack. Table 1 shows the detail experimental
B. Choice of hardware plat setup information.
The core component of embedded system is the
various embedded processor. Difference of
embedded system design is very large so the choice Table 1 Desktop Experimental Setup
of processor is variable. The following main factors
must take into account when we choose the Processor Intel (R) core (TM)2 Duo
processor: 1) Processing ability 2) Technical index 3)
Power dissipation 4) Software support tool 5) Clock Frequency 2.20 GHz
Whether have inner debug tool 6) Whether the Operating System Ubuntu 2.6.20-16-generic
supplier affords evaluation board L1 I-Cache 32k
The other factors that should be considered are L1 D-Cache 32k
manufacture scale, market goal, and software L2 Cache 2048k
reliability to hardware. Main memory size 2 075772k
Development board of this embedded system is a FSB (Front side bus) 365.56
Mini embedded board and it configures with the Memory Bus 609.26
embedded processor with low power dissipation (the
power dissipation is no more than 1W), supports two
rates 500MHz and 0 433MHz, supports DDR EMS
memory, equips abundance and intact peripheral V. Result and Discussion
function, accords with the system design scheme, can Embedded detector has been implemented on Linux
improve the running speed and reliability of 2.4.18 Single Board Computer (SBC) and programmed
embedded intrusion detection system. in C. Developing as a low-end detector is to have the
benefit that the system modules are natively more secure
C. Choice of Software Environment with substantially good system performance. In
1) Choice of Operating System addition, a lot of legacy C library code can be easily
The difference of hardware will affect the ported. At first, ICMP traffic in the LAN was
choice of Operating System. The CPU of low-end monitored and analyzed to know what ICMP messages
without MMU (Memory Management Unit) should go through the entire network interface, whether there is
use the uClinux Operating System, while relative much more echo reply than echo request and also
high-end hardware could use common embedded whether the reply message arrive within the short period
Linux operating system. uClinux and common Linux of time or not. Then to know the overall picture of
have their respective advantages and disadvantages . LAN traffic information, a web based Embedded
How to choose an Operating System which suites for Network Monitor System which has been developed in
development of a project is a key problem. our lab was run for 24 hours in order to get traffic
information. Figure 4 shows the detail statistical results
Comprehensively considered, this subject adopts
Linux 2.4.18 Kernel as the bottom Operating System. about network traffic information.
4. VI. Conclusion
This paper presents Embedded Detector for Smurf
Attack Detection integrated into Low-end embedded
Linux platform Single Board Computer (SBC). Based
on testing performed, the developed detector is found
to be performing at par with Ubuntu Linux Desktop
which runs same application. Thus we can conclude
that low-end embedded Linux platform which
integrates open source TCP/IP network protocol is
suitable for IPV4 application. Apart from that the
inherited features of portability, low power, and low
constant small size would make such product
competitive. The system adopts real time linux
operating system widely used in the industrial control
field. It can offer real-time monitoring for network
Figure 4. Traffic Information transmission. Once detect the attack come from
inside and outside, it can accurately display its data
It is well known that the Smurf Attack comes from target and sources, alarm to the manager in time and
ICMP protocol (echo request and echo reply). The response real-time, cut off the connection of the
Embedded Detector can be used to scan all the classes attack, and ensure the normal operation and safety of
of IP addresses (A, B, C). The new systems successfully the network. The system has powerful function and
detect Smurf attack from switch monitor port. For the simple operation interface. It can be widely used in
experimental test, Smurf Attack from the same gateway financial, education, government agency, military
segment by Linux Based desktop computer was
and middle-small enterprises and institutions.
deployed. At the end, the system will send all the
detected information into a file. Thus, the new
Embedded Detector system is considered to be a References
security scanner [1] Zhaoyuehua, Jiangjun, Caiguixian. The Design
and Implementation of Intrusion Detection in
Table 2 New system scan information embedded system Application of Electronic
Type of IP Detect Information Time Technique, vol.32, pp:62-64, May 2006.
Network [2] Jiaxiaojian, Yurong, Meishuiliang. The Design
Class A 10.172.1.255 169 32 min and Implementation of Intrusion Detection
Class B 10.172.1.255 301 46 min recovery system based on network processor.
Class C 10.172.1.255 397 57 min Application of Electronic Technique, vol.32,
pp.39-42, September 2006.
[3] J. Xu and W. Lee, “Sustaining Availability of Web
Table 3 Desktop-based scan information Services under Distributed Denial of Service
Type of IP Detect Information Time Attacks,” IEEE Transactions on computers, Vol.
Network 52, Feb 2003
Class A 10.172.1.255 169 32 min [4] J. Turley. The Essential Guide to semiconductors.
Class B 10.172.1.255 301 46 min Prentice hall, 2003, Professional technical
Class C 10.172.1.255 397 57 min Reference, Upper Saddle River, NJ 07458,
www.phptr.com
[5] Lee Gerber, “Denial of Service Attacks Rip the
Internet,” IEEE Computer, April 2000
Table 2 and 3 shows the detail attack detection
results. Table 2 shows low-end Embedded Detector [6] “Smurf IP Denial-of-Service Attacks,” CERT®
results and the new system are capable to detect Advisory CA-1998-01, March 2000.
malicious activities. The new system is compared http://www.cert.org/advisories/CA-1998-01.html
with desktop pc and detect time was considered. [7] D. Tennenhouse. ” Embedding the Internet:
Because of low speed Embedded System can not run Proactive Computing,” Comm. Of the ACM, May,
fast but can detect attacks as like high speed desktop. 2000
The performance of the new system is evaluated by [8] Siliva Farraposo, Laurent Gallon, Philippe
comparing the CPU status and memory usage before Owezarski, “Network Security and DoS Attacks,”
and during execution of the program. Feb – 2005