Results 1 - 10
of
88
An Integrated Approach for Defending Against Distributed Denial-of-Service (DDoS) Attacks
"... Abstract—Distributed denial-of-service (DDoS) is an increasingly worrying threat to availability of Internet resources. The variety and number of both attacks and defense approaches are overwhelming. An overview of DDoS problem, Attack: Modus Operandi, Classification of DDoS attacks, Defense Princip ..."
Abstract
-
Cited by 12 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Distributed denial-of-service (DDoS) is an increasingly worrying threat to availability of Internet resources. The variety and number of both attacks and defense approaches are overwhelming. An overview of DDoS problem, Attack: Modus Operandi, Classification of DDoS attacks, Defense Principles and Challenges, and state of art research gaps are presented. Thus a better understanding of the problem, current solution space and future scope are provided. Moreover different defense approaches: Prevention, Detection and Characterization, Tracing, and Tolerance and Mitigation to tackle DDoS problem are revisited and an integrated comprehensive solution is proposed.
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
"... Attack mitigation schemes actively throttle attack traffic generated in Distributed Denial-of-Service (DDoS) attacks. This paper presents Attack Diagnosis (AD), a novel attack mitigation scheme that adopts a divide-andconquer strategy. AD combines the concepts of Pushback and packet marking, and it ..."
Abstract
-
Cited by 9 (0 self)
- Add to MetaCart
Attack mitigation schemes actively throttle attack traffic generated in Distributed Denial-of-Service (DDoS) attacks. This paper presents Attack Diagnosis (AD), a novel attack mitigation scheme that adopts a divide-andconquer strategy. AD combines the concepts of Pushback and packet marking, and its architecture is in line with the ideal DDoS attack countermeasure paradigm—attack detection is performed near the victim host and packet filtering is executed close to the attack sources. AD is a reactive defense mechanism that is activated by a victim host after an attack is detected. By instructing its upstream routers to mark packets deterministically, the victim can trace back one attack source and command an AD-enabled router close to the source to filter the attack packets. This process isolates one attacker and throttles it, which is repeated until the attack is mitigated. We also propose an extension to AD called Parallel Attack Diagnosis (PAD) that is capable of throttling traffic coming from a large number of attackers simultaneously. AD and PAD are analyzed and evaluated using the Skitter Internet map, Lumeta’s Internet map, and the 6-degree complete tree topology model. Both schemes are shown to be robust against IP spoofing and to incur low false positive ratios.
Performance analysis of TCP/AQM under denial-of-service attacks
- in Proc. 13th IEEE Int. Symp. Modeling, Anal., Simul. Comput. Telecommun. Syst
"... The interaction between TCP and various Active Queue Management (AQM) algorithms has been extensively ana-lyzed for the last few years. However, the analysis usually assumed that routers and TCP flows are not under any net-work attacks. In this paper, we investigate how the perfor-mance of TCP flows ..."
Abstract
-
Cited by 9 (2 self)
- Add to MetaCart
(Show Context)
The interaction between TCP and various Active Queue Management (AQM) algorithms has been extensively ana-lyzed for the last few years. However, the analysis usually assumed that routers and TCP flows are not under any net-work attacks. In this paper, we investigate how the perfor-mance of TCP flows is affected by denial-of-service (DoS) attacks under the Drop Tail and various AQM schemes. In particular, we consider two types of DoS attacks—the tra-ditional flooding-based DoS (FDDoS) attacks and the re-cently proposed Pulsing DoS (PDoS) attacks. Both analyt-ical and simulation results support that the PDoS attacks are more effective than the FDDoS attacks under the same average attack rate. Moreover, the Drop Tail surprisingly outperforms the RED-like AQMs when the router is un-der a PDoS attack, whereas the RED-like AQMs perform better under a severe FDDoS attack. On the other hand, the Adaptive Virtual Queue algorithm can retain a higher TCP throughput during PDoS attacks as compared with the RED-like AQMs. 1
Detecting denial of service attacks using emergent self-organizing maps
- In Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology
, 2005
"... Abstract- Denial of Service attacks constitute one of the greatest problem in network security. Monitoring traffic is one of the main techniques used in order to find out the existence of possible outliers in the traffic patterns. In this paper, we propose an approach that detects Denial of Service ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
Abstract- Denial of Service attacks constitute one of the greatest problem in network security. Monitoring traffic is one of the main techniques used in order to find out the existence of possible outliers in the traffic patterns. In this paper, we propose an approach that detects Denial of Service attacks using Emergent Self-Organizing Maps. The approach is based on classifying “normal ” traffic against “abnormal ” traffic in the sense of Denial of Service attacks. The approach permits the automatic classification of events that are contained in logs and visualization of network traffic. Extensive simulations show the effectiveness of this approach compared to previously proposed approaches regarding false alarms and detection probabilities.
DDoS detection and traceback with decision tree and grey relational analysis
- Int. J. Ad Hoc Ubiquit. Comput
, 2011
"... grey relational analysis ..."
(Show Context)
Data Mining Techniques for (Network) Intrusion Detection Systems
"... In Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. Intrusion detection does not, in general, include prevention of intrusions. In this paper, we are mostly focused on data mining techni ..."
Abstract
-
Cited by 5 (0 self)
- Add to MetaCart
In Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. Intrusion detection does not, in general, include prevention of intrusions. In this paper, we are mostly focused on data mining techniques that are being used for such purposes. We debate on the advantages and disadvantages of these techniques. Finally we present a new idea on how data mining can aid IDSs.
Enhancing DDoS flood attack detection via intelligent fuzzy logic
, 2010
"... Distributed denial-of-service (DDoS) flood attack remains great threats to the Internet. This kind of attack consumes a large amount of network bandwidth or occupies network equipment resources by flooding them with packets from the machines distributed all over the world. To ensure the network usab ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
Distributed denial-of-service (DDoS) flood attack remains great threats to the Internet. This kind of attack consumes a large amount of network bandwidth or occupies network equipment resources by flooding them with packets from the machines distributed all over the world. To ensure the network usability and reliability, real-time and accurate detection of these attacks is critical. To date, various approaches have been proposed to detect these attacks, but with limited success when they are used in the real world. This paper presents a method that can real-time identify the occurrence of the DDoS flood attack and determine its intensity using the fuzzy logic. The proposed process consists of two stages: (i) statistical analysis of the network traffic time series using discrete wavelet transform (DWT) and Schwarz information criterion (SIC) to find out the change point of Hurst parameter resulting from DDoS flood attack, and then (ii) adaptively decide the intensity of the DDoS flood attack by using the intelligent fuzzy logic technology to analyze the Hurst parameter and its changing rate. The test results by NS2-based simulation with various network traffic characteristics and attacks intensities demonstrate that the proposed method can detect the DDoS flood attack timely, effectively and intelligently. Povzetek: Opisan je postopek za prepoznavo spletnega napada DDoS s pomočjo mehke logike. 1
Provider-Based Deterministic Packet Marking against Distributed DoS Attacks
- In SSN
, 2005
"... One of the most serious security threats in the Internet are Distributed Denial of Service (DDoS) attacks, due to the significant service disruption they can create and the difficulty to prevent them. In this paper, we propose new deterministic packet marking models in order to characterize DDoS att ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
One of the most serious security threats in the Internet are Distributed Denial of Service (DDoS) attacks, due to the significant service disruption they can create and the difficulty to prevent them. In this paper, we propose new deterministic packet marking models in order to characterize DDoS attack streams. Such common characterization can be used to make filtering near the victim more effective. In this direction we propose a rate control scheme that protects destination domains by limiting the amount of traffic during an attack, while leaving a large percentage of legitimate traffic unaffected. The above features enable providers to offer enhanced security protection against such attacks as a value-added service to their customers, hence offer positive incentives for them to deploy the proposed models. We evaluate the proposed marking models using a snapshot of the actual Internet topology, in terms of how well they differentiate attack traffic from legitimate traffic in cases of full and partial deployment. 1.
Data fusion algorithms for network anomaly detection: classification and evaluation
"... In this paper, the problem of discovering anomalies in a large-scale network based on the data fusion of heterogeneous monitors is considered. We present a classification of anomaly detection algorithms based on data fusion, and motivated by this classification, the operational principles and charac ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
In this paper, the problem of discovering anomalies in a large-scale network based on the data fusion of heterogeneous monitors is considered. We present a classification of anomaly detection algorithms based on data fusion, and motivated by this classification, the operational principles and characteristics of two different representative approaches, one based on the Demster-Shafer Theory of Evidence and one based on Principal Component Analysis, are described. The detection effectiveness of these strategies are evaluated and compared under different attack scenarios, based on both real data and simulations. Our study and corresponding numerical results revealed that in principle the conditions under which they operate efficiently are complementary, and therefore could be used effectively in an integrated way to detect a wider range of attacks.. 1.
DDoS Incidents and their Impact: A Review
, 2008
"... Abstract: The phenomenal growth and success of Internet has changed the way traditional essential services such as banking, transportation, medicine, education and defence are operated. Now they are being progressively replaced by cheaper and more efficient Internet-based applications. In present er ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Abstract: The phenomenal growth and success of Internet has changed the way traditional essential services such as banking, transportation, medicine, education and defence are operated. Now they are being progressively replaced by cheaper and more efficient Internet-based applications. In present era, the world is highly dependent on the Internet and it is considered as main infrastructure of the global information society. Therefore, the availability of Internet is very critical for the socio-economic growth of the society. However, the inherent vulnerabilities of the Internet architecture provide opportunities for a lot of attacks on its infrastructure and services. Distributed denial-of-service attack is one such kind of attack, which poses an immense threat to the availability of the Internet. One of the biggest challenges before researchers is to find details of these attacks because to avoid defamation most of the commercial sites do not even reveal that they were attacked. In this paper, an overview of distributed denial-of-service problem and Inherent vulnerabilities in the Internet architecture are provided. Real distributed denial-of-service incidents with their financial impact are critically analyzed and finally need for a comprehensive distributed denial-of-service solution is highlighted.
