International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012. 357. Cookies Based Intrusion Attacks and Detection Techniques Over. Drdos Attack.
IJMAN Journal homepage: www.ifrsa.org
Cookies Based Intrusion Attacks and Detection Techniques Over Drdos Attack Sonika Bhadana1, A.K. Vatsa1 1 shobhit University, Meerut, Up, India ABSTRACT Network introduces security problems, threats, risks and other types of attacks like internal and external attack. DoS is the most debilitating attack in the Internet and yet it still remains an open research topic. Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. In Networks the communication takes place between two hosts using three way handshake protocol and the problem is that any intruder can takes place in the middle and spoofs the IP address through which it can intrudes the cookie and modify the content of it. Therefore it must be a technique for detecting these kinds of attacks over DRDOS. In this paper we are discussing about Cookies based intrusion attacks and detection techniques over DRDOS attack.Therefore, in this paper we have proposed the architecture and mechanism for Cookies based intrusion attacks and detection techniques over DRDOS attack using three way handshake protol,ipspoofing DOS, reflectors, distance vector routing protocol. Keywords:DDOS, DRDOS, Cookie Poisioning, Distance Vector Routing Protocol, Session Management 1.
INTRODUCTION
A denial of service (DoS) attack is defined as an explicit attempt by a malicious user to consume the resources of a server or a network, thereby preventing legitimate users from availing the services provided by the system. The most common DoS attacks typically involve flooding with a huge volume of traffic and consuming network resources such as bandwidth, buffer space at the routers, CPU time and recovery cycles of the target server. Some of the common DoS attacks are SYN flooding, DNS-based flooding, ICMP directed
broadcast, Ping flood attack. Based on the number of attacking machines deployed to implement the attack, DoS attacks are classified into two broad categories: (i) a single intruder consumes all the available bandwidth by generating a large number of packets operating from a single machine, or (ii) the distributed case where multiple attackers coordinate together to produce the same effect from several machines on the network. The latter is referred to as DDoS attack and owing to its distributed nature, it is very difficult to detect. Since TCP was created in order to provide reliable communications and was not designed with security in mind, there are fundamental weaknesses in the protocol that can be used as attack vectors for DDoS[3]. Normally when a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this: The client requests a connection by sending a SYN (synchronize) message to the server. The server acknowledges this request by sending SYN-ACK back to the client. The client responds with an ACK, and the connection is established. MACIPHeader TCPHeader Data Syn Header no Figure-1: Synchronize message frame format IN flood attack exploits a vulnerability of the TCP three-way handshake, namely, that a server needs to allocate a large data structure for any incoming SYN packet regardless of its authenticity. During SYN flood attacks, the attacker sends SYN packets with source IP addresses that do not exist or not in use[25]. During the three-way handshake, when the server puts the request information into the memory stack, it will wait for the confirmation from the client that sends the request. While the request is waiting to be confirmed, it will remain in the memory stack. Since the source IP addresses used in SYN flood attacks may be spurious, the server will not receive confirmation packets for
International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012
357
S Bhadana, A.K. Vatsa| Cookies Based Intrusion Attacks and Detection Techniques Over Drdos Attack requests created by the SYN flood attack. Each halfopen connection will remain on the memory stack until it times out. This causes the memory stack getting full. Hence, no request, including legitimate requests, can be processed[25]. IP Source 10.0.0.24
CLIENT
In computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.
IP destination 192.168.0.8
SERVER
INTERNET 192.168.0.8
10.0.0.24 IP Source 192.168.0.8
IP destination 10.0.0.24
Figure-1: Valid Source IP address IP Source 10.0.0.24
CLIENT
IP destination 192.168.0.8
192..168.0.5
INTERNET
CLIENT
SERVER 192.168.0.8
Ip Source 192.168.0.8
IP destination 10.0.0.24
10.0.0.24
Figure-2: Spoofed Source IP address Bandwidth DoS is perhaps the simplest and most you visit a website. On later visits, this data is then traditional DoS attack. The basic idea is pointing a large returned to that website. Cookies allow us to recognize number of clients to a certain resource you automatically whenever you visit our site so that we simultaneously.Since the requests arrive from different can personalize your experience and provide you with hosts, they are distributed uniformly across the Internet better service. But if any intruder attacks on your cookie and the requests congest the ingress link to the victim‟s and modify the content of your cookie during the network[3]. Because of the congestion, packets are communication process, this phenomenon is known as dropped and connections are either very slow or Cookie-Poisioning. impossible to maintain In Networks the communication takes place between A Smurf attack takes the Reflector attack even further. two hosts using three way handshake protocol and the The Smurf attack is a way of generating significant problem is that any intruder can takes place in the computer network traffic on a victim network. This is a middle and spoofs the IP address through which it can type of denial-of-service attack that floods a system via intrudes the cookie and modify the content of it. spoofed broadcast ping messages[34]. A smurf attack is Therefore it must be a technique for detecting these an exploitation of the Internet Protocol (IP) broadcast kinds of attacks over DRDOS. In this paper we are addressing to create a denial of service[33]. Cookies are discussing about Cookies based intrusion attacks and short pieces of data that are sent to your computer when detection techniques over DRDOS attack.
International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012
358
S Bhadana, A.K. Vatsa| Cookies Based Intrusion Attacks and Detection Techniques Over Drdos Attack This paper is organized in various sections. Section 1 consists of introduction to the paper and problem identification with respect to further work discussed in the coming sections. Section 2 discuss the background with respect to the various terms and process behind the overall working of the DDOS attack with reference to the research work already undertaken by various authors. In section 3 we discuss the mechanism using a block diagram and then implement it as an algorithm to evolve a solution to the mentioned issue. Finally in section 4 and section 5 the conclusion is presented along with the references used in the paper. 2.
BACKGROUND
Cookies are supposed to be sent back to the server unchanged, but attackers can modify the value of a cookie before sending them back to the server .Most websites use cookies as the only identifiers for user sessions, because other methods of identifying web users have limitations and vulnerabilities. If a website uses cookies as session identifiers, attackers can impersonate users‟ requests by stealing a full set of victims‟ cookies. From the web server's point of view, a request from an attacker has the same authentication as the victim‟s requests; thus the request is performed on behalf of the victim‟s session. Listed here are various scenarios of cookie theft and user session hijacking (even without stealing user cookies) which work with websites which rely solely on HTTP cookies for user identification. Network Eavesdropping A cookie can be stolen by another computer that is allowed reading from the network Traffic on a network can be intercepted and read by computers on the network other than the sender and receiver (particularly over unencrypted open Wi-Fi). This traffic includes cookies sent on ordinary unencrypted HTTP sessions. Where network traffic is not encrypted, attackers can therefore read the communications of other users on the network, including HTTP cookies as well as the entire contents of the conversations. An attacker could use intercepted cookies to impersonate a user and perform a malicious task, such as transferring money out of the victim‟s bank account. This issue can be resolved by securing the communication between the user's computer and the server by employing Transport Layer Security (HTTPS protocol) to encrypt the connection. A server can specify the Secure flag while setting a cookie, which will cause the browser to send the cookie only over an encrypted channel, such as an SSL connection. If an attacker was able to insert a piece of script to a page on www.example.com, and a victim‟s browser was able to execute the script, the script could simply carry out the attack. This attack would use the victim‟s browser to send HTTP requests to servers directly;
therefore, the victim‟s browser would submit all relevant cookies, including HttpOnly cookies, as well as Secure cookies if the script request is on HTTPS. For example, on MySpace, Samy posted a short message “Samy is my hero” on his profile, with a hidden script to send Samy a “friend request” and then post the same message on the victim‟s profile. A user reading Samy‟s profile would send Samy a “friend request” and post the same message on this person‟s profile. Then, the third person reading the second person‟s profile would do the same. Pretty soon, this Samy worm became one of the fastest spreading worms of all time. 3.
PROPOSED WORK
Section 3.1 and section 3.2 discuss about the architecture and mechanism of the proposed work. 3.1. Architecture of Cookies based intrusion attacks and detection technique over DRDOS attack The detailed description and working principles discussed as follows. Client: Client (web browser)sends the web page request to the server. Server: Server receives the request from client either with cookie(if request is not first time in same sesion) or without cookie(if request is generated first time).Thereafter sende the response to client with cookie in both cases. Intruder: Intruder intrudes in the network by evesdropping and attacks by IPSpoofing on networks,which can be reflected in networks. Session ID: Every cookie has its own sessionId , which defines the user uniquely and is defined by web page application developer. Domain Name: Every cookie has its own, DomainName which defines the scope of the cookie for a particular domain. Domain Path: Every cookie has its own, DomainPath, which defines the scope of the cookie for a particular domainPath. Zombies: When a host has been infected by stealthymalware that opens remote root access, it is said to bea zombie, since the attacker can, at any time activate thehost and perform instructions on it. The attacker needsto be careful not to create a noticeable load, since theuser might have the computer checked and the malware removed Reflectors: A Reflector Attack allows a single host with limited processing power and bandwidth to force a legitimate
International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012
359
S Bhadana, A.K. Vatsa| Cookies Based Intrusion Attacks and Detection Techniques Over Drdos Attack intermediary. The reflector attack is more a method than an attack itself, as it requires a protocol that generates a reply when specific packets are sent to it. The attacker generates a packet that seems to have come from the victim and addresses it to a multicast address in a network. This packet is specifically crafted to induce a response from the intermediary to the victim. Timer: Every TCP connection sets its time to establish a connection in three way handshake protocol. Cookie Max Age:
Every cookie has its own predefined maximum age to be active. Hop count: Hop count is the process of counting the number of hopes traversed from client to server and server to client during the communication from client to server and server to client. Current Response Time: It is the time(TCP) on which the response is generated by server.
International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012
360
S Bhadana, A.K. Vatsa| Cookies Based Intrusion Attacks and Detection Techniques Over Drdos Attack 3.2.
Mechanism of Cookies based intrusion attacks and detection techniques The proposed mechanism is discussed in phases as follows. Phase-I: Cookie based DRDOS attacks: CookieBasedIntrusion( ) { Step i: The client requests a connection by sending a synchronize message frame format to the server.This synchronize message frame format contains the information about IP address, InitialSequenceNumber , port no of client. Step ii: The server acknowledges this request by sending Synshronize-ACK frame format back to the client. Step iii: The client responds with an Acknowledge, and the connection is established within a timer set by network administrator. Step iv: Thereafter , web browser sends a request to web server for loading a web pageStep v: If this request is sending at first time then this request is sending alone to web server i.e (without attaching cookie with request ) and the response was sent attached with cookie by the server and this cookie is stored on client site for further request. Otherwise ,the request was supposed to be sent with cookie information like(Session ID,Domain Name and Path, CookieMaxAge in Name-Value pair,SecureFlag) which was stored on client site(send by server with last session ). Step vi: The server sends the response to the client request attached with cookie information,but in the middle of the connection the intruser steals the cookie by spoofing the IP address (IP spoofing DOS attack) of requested client(from synchronize request packet). Step vii: Therefore, the cookie is recieved by intruser and stored on intruser site and he can do the modification in cookie content like in session ID which uniquely identifies the session user and changes the value of session ID, which is never exist in network or session and then sends this modified cookie to legitimate client. Step viii: For further communication,if the client requests for the same web page in same session the server will never recognize this falsified session ID and results as distributed denial of service. Step ix: After spoofing the IP address of client(victim) by intrder-If it sends the spoofed request to reflectors (Routers, Web
Step x:
Step xi:
Server) that seems to have come from victim (legitimate client) . This request is specifically crafted to induce a response from intermediary(reflectorsserver) to the victim(client),when each host in the reflecting network recieves the request on its multicast interface, its follows the protocol‟s specification and generates a reply directed to the source of request,which is in the case is victim(client). With a single request and a single machine the intruder has managed to perform an amplification of the size of the reflecting network. When the response flood reaches the victim, the traffic generates on the communication path and the victim‟s bandwidth is depleted, and cookieMaxAge is expired during this session and DomainNameandPath are also modified because of the reflectors.
} ACHEADER
IPHEADER
TCPHEADER
DATA
Figure-1: Synchronize packet frame format TCPConnectionEstablishment( ) { Connection Establishment( ){ Synchronize- Request( ); //client sends the request to server for connection establishment Synchronize-Acknowledge ( ); //Server sends the Synchronize-Acknowledge to the client Acknowledge( ) ; //Client sends the acknowledge to the server.} Browser Request( ){ // Web browser sends the request for web page to the web server { if(request==initial) { Browser sends the request alone without any cookie } Else{it sends the request with cookie stored with last session. }} ServerResponse( ) //Server sends the response to the client with cookie { server response==response+cookie IPSpoofing DDOS ( ) {\*In the communication way intruser spoofed the IP address of legitimate client BY network evesdropping.*/ CookieStealing ( ) {
International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012
361
S Bhadana, A.K. Vatsa| Cookies Based Intrusion Attacks and Detection Techniques Over Drdos Attack \*Therefore, the response attached with cookie is recieved by intruser(on spoofed address)*/ CookieContentModification( ) { SessionID( ) {sessionId==user unique identifier in alphanumeric format /*Intruser modifies the content of cookie like session ID(falsified ID,which is never exist in network) and sends this response with modified cookie to the legitimate user.*/ CookieSessionIDDos() { Within same TCP connection timer, when legitimate user will request to the server for same page in same session ,server will not recognize this unique user and responds as DOS. }} }}}} Bandwidth DDOS ( ) // This attack is based on the fact that networks are provisioned for a certain bandwidth based on their average traffic and not their peak traffic. { IPSpoofing ( ); DRDOS ( ) {//Intruser controls traffic directs the zombies at the victim //zombies send spoofed request to reflector Src->victim or client Dest->reflector or server //reflector send streams of non spoofed but unsolicited traffic to victim Src->reflector or server Dest->victim or client SmurfDRDOS()// Takes the reflector attack even further. { TrafficGeneration ( ) { if (bandwidth average traffic cookie max age){ latency==(response time-cookie max age) else { if(response time==cookie max age) { response is recieved within cookie max age period,no latency. }} } { //Traffic generates on communication path due to the large no of responses from reflectors to the victim }
CookieMaxAge( ) { //we know that the every session cookie has its own predefined max age time by web application developer to be expired. Cookie max age= =predefined by web application develepor //Reponse could not be send to the victim due to the heavy traffic on path and CookieMax-Age is expired resulted as DRDOS } DomainName&Path() { Domain name and path==predefined by web application developer }}} Connection Establishment( ) { Synchronize- Request( ) { Client sends a TCP SYNchronize packet to the server Server receives Client‟s SYN } Synchronize-Acknowledge ( ) { Server sends a SYNchronize-ACKnowledgement to client Client receives server SYN-ACK } Acknowledge( ) { Client sends ACKnowledge Server receives ACKnowledge TCP socket connection is ESTABLISHED. }} PHASE-2 Detection Mechanism For Domain Name and Path Intrusion By using Distance Vector Routing protocol in computer networking we can count the hops required for routing the request/response between client and server. Step-i. For detecting the cookie DomainNameandPath intrusion attack over DRDOS attack,we can add the new attribute in cookie data structure named Hope Count,which will be continuously updated by updating the number of hops traversed in the communication path between client and server. Step-ii If the number of hops traversed from client to server(for sending request) will not be equal to the number of hops traversed from server to client(for sending response) within the same session period, the cookie domain path is not valid,otherwise the cookie domain path is valid.obviously,if the cookie domain path is changed, it can be short or long than the previous traversed path If it is long than the cookie Max age time will be expired.
International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012
362
S Bhadana, A.K. Vatsa| Cookies Based Intrusion Attacks and Detection Techniques Over Drdos Attack
If it is short the response will be received before the expected time by the client,therefore it can be dropped. Because the intrusion is due to reflectors,it can also affect the domain name by sending the request to the domain which is out of scope of the valid domain name Step.iii If server response current time is not greater than the TCP connection time stamp and cookie max age time and hope count for recieving is not greater than the hope count for sending this response, then the session id is valid. DomainNameandPathIntrusionDetection() { CookieAttributes( )// every cookie has its own predefined attributes. { Cookieattributes= =SessionId,DomainNameand Path,Cookie MaxAge,Secureflag { ModifiedCookieattributes( ) CookieAttributes= = sessionId,DomainNameand Path,Cookie MaxAge,Secireflag,HopeCount } } HopeCount() {hopecount= =number of traversed hopes between client and server during a session Hopecount==hopecount+1 If(hopecount at client site = =Hopecount at server site){ The domain path is valid. Else { If(hopecount at client site!=||>||,(connectiontimest amp&&CookieMaxAge time)&&(DomainPath==valid)) { The SessionId is valid Else {
The SessionId is not valid. } } CurrentResponseTime=time at which the client received the response Connectiontimestamp=TCP connection time stamp CookieMaxAge=cookie expire time defined by web application developer . }} 4.
CONCLUSION
The discussion of types of DoS attacks currently available. DoS attacks are of varying sophistication and may have devastating consequences on the victims. For DataPlane DoS, it is looked at Bandwidth, TCP for this attack. It is also provided Reflector and Smurf as methods for performing the DoS. In this paper, there is introduced a cookie based intrusion attack over DRDoS attack using Smurf,IPSpoof Method through network evesdroping. This is concluded by emphasizing that the only way to eliminate cookies over DRDoS in an efficient and effective manner is by adding the attribute within cookie data structure . we can detect Cookies based intrusion attacks and detection technique over DROS attack by adopting a hop count approach using distance vector routing protocol. 5.
FUTURE SCOPE
The proposed architecture and mechanism for Cookies based intrusion attacks and detection techniques over DRDOS attack is effective, efficient and secure one but a performance evaluation can be performed to verify that the Distance vector Routing Protocol and TCP connection timer (using cookieMaxAge and current response time)is a efficient method to detect cookies based intrusion attack over DRDOS attack. Also the mechanisms of this solution can be evaluated to additional protection against the following depletion threats (which exist when domain path and name of cookie is changed)like traffic generation on network due to reflectors. REFERENCES [1]
[2]
Sen Jaydip, March 2011: „A Robust Mechanism For Defending Distributed Denial Of Service Attacks On Web Servers‟,International Journal of Network Security & Its Applications (IJNSA) Vol.3, No.2, Upadhyay Vimal, 2 July 2011: ‘Detecting And Preventing Ip Spoofed Attack By Hashed Encryption‟, International Journal of Enterprise Computing and BusinessSystems ISSN (Online) : 2230-8849 http://www.ijecbs.com Vol. 1
International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012
363
S Bhadana, A.K. Vatsa| Cookies Based Intrusion Attacks and Detection Techniques Over Drdos Attack [3]
Bernitsas Marinos, „DoS and DDoS Detection, Defense and Deterrence‟
[4]
Bhati. Gopal Mr, Kr Ashish. Chakraverti Mr., Ram. Dhanna Mr, 2008 :‟Detecting and Preventing IP Spoofed Attack by Cryptography‟, Proceedings of 2nd National Conference on Challenges & Opportunities in Information Technology . Garber,L ,2000:‟. Denial-of-service attacks rip the Internet’ IEEE Computer 33 ,vol no. 4, 12– 17. Handley M., Paxson,V. and . Kreibich C, 2001:‟Network intrusion detection: Evasion, traffic normalization,and end-to-end protocol semantics‟, Proceedingsof the 10th conference on USENIX Security Symposium-Volume 10, pp. 9–9. Ioannidis J. and. Bellovin M S., 2002:‟Implementing pushback: Router-based defense against DDoS attacks‟, Proceedings of Network and Distributed System Security Symposium, vol. 2 Lemon J. al et., 2002:‟Resisting SYN flood DoS attacks with a SYN cache‟, Proceedings of the BSDCon, , pp. 89–97.10. McHugh J. 2001:‟ Intrusion and intrusion detection,International Journal of Information Security 1‟ vol, no. 1, 14–35. Chen1 Tianwei, ¨unter Sch¨afer1 G Fan2 , Changpeng, Adams Stefan 3, „AdamWolisz Michel Sortais3,‟Denial of Service Protection for Optimized and QoS-aware Handover Based on Localized Cookies „Ebady Manna Mehdi and Amphawan Angela , January 2012:‟REVIEW OF SYN-FLOODING ATTACK DETECTION MECHANISM „International Journal of Distributed and Parallel Systems (IJDPS) Vol.3, No.1, Kristol David. „HTTP Cookies: Standards, privacy, and politics‟. ACM Transactions on Internet Technology, vol1(2), Limwiwatkul and Rungsawang A. ‟2004:, „Distributed denial of service detection using TCP/IP header and traffic measurement analysis,‟ in lntanational Syinposium on Communications and Information Technologes ( ISCIT 2004 ), vol. 1., pp. 605-610 . Wang H, et al., „Detecting SYN flooding attacks‟ IEEE, vol. 3, pp. 1530 - 1539, 2002. Chen. L C., 2008:‟Detecting distributed denialof-service attack traffic by statistical test,‟ in
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12] [13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22] [23] [24] [25]
Third International Conference on Communications and Networking, China, , pp. 1253-1257. -Lin Zong, , H. Guang-Min, & Y. Dan, 2008,‟Global abnormal correlation analysis for DDoS attack detection,‟ in IEEE Symposium on Computers and Communications( ISCC), Marrakech, pp. 310 315. Chin-Ling C., 2009:„ A New Detection Method for Distributed Denial-of-Service Attack Traffic basedon Statistical Test,‟ Journal of Universal Computer Science, vol. 15, pp. 488-503., Fang-Yie L., &, P Chia-Chi., 2009, :‟Detecting DoS and DDoS Attacks using Chi-Square,‟in Fifth International Conference on Information Assurance and Security (IAS), Xian, pp. 255 258. Vatsa A K , „Secure Mobility Management against DDoS Attacks in IP Addressing Scheme‟, int j.Advanced Networking and Applications Volume:0 3 issue:04 pages(2011). Penenberg Adam, Slate Monsters Cookie., November 7, 2005. „Cookies are not software. They can't be programmed, can't carry viruses, and can't unleash malware to go wilding through your hard drive.‟ „SYN_flood-wikipedia the free encyclopedia‟, SYN_flood.htm.. "Schneier on Security: Firesheep". 27 October, 2010. http://www.schneier.com/blog/archives/2010/10/ firesheep.html. Retrieved 29 May, 2011. „Cookiepoisoning(definition,examples,vedioaand prevention)‟, cookie_poisoning.htm„Vulnerability case studycookie tapering’Cookie_Tampering.htm “ TCP/IP Security‟, TCP IP Security.htm l Ramanathan, WesDes A.‟August 2002.:‟A Tool for Distributed Denial of Service Attack Detection. Thesis at Texas A&M University, Forristal,J.:FireproofingagainstDoSAttacks‟.URL :http://www.networkcomputing.com/1225/1225f3 .html, Network Computing. http://www.cert.org/advisories/CA-199801.html. „Smurf attack‟ - Wikipedia, the free encyclopedia.mht HTTP cookie - Wikipedia, the free encyclopedia.mht „Distance-vector routing protocol‟ - Wikipedia, the free encyclopedia.mht.
Author Profile
International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012
364
S Bhadana, A.K. Vatsa| Cookies Based Intrusion Attacks and Detection Techniques Over Drdos Attack Sonika Bhadana is pursuing M-Tech (Computer Engineering) from Shobhit University . She obtained her B-Tech(C.S.E.) from Uttar Pradesh Technical University, Lucknow(U.P.).She worked as Lecturer in department of Computer Science and Engineering at CERT, Meerut,U.P.,INDIA. She has been member of several academic and administrative bodies. During her teaching she has been coordinated Technical fest at Institute Level. She has attended several seminars, workshops and conferences at Institute levels. . Her area of research is Network Security. Avimanyou Kumar Vatsa is working as Assistant Professor and Coordinator - CSE at Shobhit University, Meerut, (U.P.), INDIA. He obtained his M-Tech (Computer Engineering) with Hons. from Shobhit University and B-Tech(I.T.) from V.B.S. Purvanchal University, Jaunpur (U.P.). He has worked as software engineer in software industry. He has been in teaching from more than one decade. During this short period of time, he has been supervised several dissertation of M.Tech. students. He is on the editorial board and reviewers of several international and national journals in networks and security field. He has been member of several academic and administrative bodies. During his teaching he has been coordinated many Technical fests and National Conferences at Institute and University Level. He has attended several seminars, workshops and conferences at various levels. His many papers are published in various national, international journals and conferences. His area of research includes MANET (Mobile Ad-Hoc network), Network Security, Congestion Control and VOIP-SIP (Voice over IP).
International Journal of Mobile & Adhoc Network|Vol2|issue 3|August 2012
365
