oalib
Search Results: 1 - 10 of 100 matches for " "
All listed articles are free for downloading (OA Articles)
Page 1 /100
Display every page Item
Entropy Based Detection of DDOS Attacks  [PDF]
Anusha. J
International Journal of Soft Computing & Engineering , 2012,
Abstract: Distributed Denial of service (DDOS) attacks is a critical threat to the internet. Due to the memory less features of the internet routing mechanism makes difficult to trackback the source of the attacks. In this paper, I find out the source of the attack with the help of entropy variation in dynamic by calculating the packet size, which shows the variation between normal and DDOS attack traffic, which is fundamentally different from commonly used packet marking techniques. In comparison to the existing DDOS trackback methods, the proposed one posses dynamic entropy variations as per the clients behavior.
A Distributed Approach to Defend Web Service from DDoS Attacks  [PDF]
A Distributed Approach to Defend Web Service from DDoS Attacks
International Journal of Computer Science and Security , 2011,
Abstract: Most of the business applications on the Internet are dependent on web services for theirtransactions. Distributed denial of service (DDoS) attacks either degrade or completely disruptweb services by sending flood of packets and requests towards the victim web servers. An arrayof defense schemes are proposed but still defending web service from DDoS attacks is largely anunsolvable problem so far. In this paper, DDoS defense schemes are classified into centralizedand distributed and their relative advantages and disadvantages are explored. An ISP baseddistributed approach is a pragmatic solution to defend from DDoS attacks due to its autonomouscontrol, more resources, and incremental scope. Traffic cluster entropy is conceptualized fromsource address entropy and the combination is used to detect various types of DDoS attacksagainst the web service. A framework is proposed which can detect the attack, characterizeattack sources, and filter the attack packets as early as possible so as to minimize the collateraldamage
Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis  [PDF]
Tongguang Ni,Xiaoqing Gu,Hongyuan Wang,Yu Li
Journal of Control Science and Engineering , 2013, DOI: 10.1155/2013/821315
Abstract: Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively. 1. Introduction DDoS attacks have caused severe damage to servers and will cause even greater intimidation to the development of new Internet services. DDoS attacks are categorized into two classes: network-layer DDoS attacks and application-layer DDoS attacks. In network-layer DDoS attacks, attackers send a large number of bogus packets towards the victim server and normally attackers use IP spoofing. The victim server or IDS can easily distinguish legitimate packets from DDoS packets. In contrast, in application-layer DDoS attacks, attackers attack the victim server through a flood of legitimate requests. In this attack model, attackers attack the victim Web servers by HTTP GET requests and pulling large files from the victim server in overwhelming numbers. Also, attackers can run a massive number of queries through the victim’s search engine or database query to bring the server down. To circumvent detection, the attackers increasingly move away from pure bandwidth floods to stealthy DDoS attacks that masquerade as flash crowd. Flash crowd [1, 2] refers to the situation when a very large number of users simultaneously access a website, which may be due to the announcement of a new service or free software download. Because burst traffic and high volume are the common characteristics of application-layer DDoS attacks and flash crowd, it is not easy to distinguish them. Therefore, application layer DDoS attacks may be stealthier and more dangerous for the websites than the general network-layer DDoS attacks. Most well-known DDoS countermeasure [3] techniques are against network-layer DDoS attacks. Those techniques cannot handle application-layer DDoS attacks. Countering application-layer DDoS attacks becomes a great
DDoS Attack and Defense: Review of Some Traditional and Current Techniques  [PDF]
Muhammad Aamir,Mustafa Ali Zaidi
Computer Science , 2014,
Abstract: Distributed Denial of Service (DDoS) attacks exhaust victim's bandwidth or services. Traditional architecture of Internet is vulnerable to DDoS attacks and an ongoing cycle of attack & defense is observed. In this paper, different types and techniques of DDoS attacks and their countermeasures are reviewed. The significance of this paper is the coverage of many aspects of countering DDoS attacks including new research on the topic. We survey different papers describing methods of defense against DDoS attacks based on entropy variations, traffic anomaly parameters, neural networks, device level defense, botnet flux identifications and application layer DDoS defense. We also discuss some traditional methods of defense such as traceback and packet filtering techniques so that readers can identify major differences between traditional and current techniques of defense against DDoS attacks. Before the discussion on countermeasures, we mention different attack types under DDoS with traditional and advanced schemes while some information on DDoS trends in the year 2012 Quarter-1 is also provided. We identify that application layer DDoS attacks possess the ability to produce greater impact on the victim as they are driven by legitimate-like traffic making it quite difficult to identify and distinguish from legitimate requests. The need of improved defense against such attacks is therefore more demanding in research. The study conducted in this paper can be helpful for readers and researchers to recognize better techniques of defense in current times against DDoS attacks and contribute with more research on the topic in the light of future challenges identified in this paper.
Optimal Filtering for DDoS Attacks  [PDF]
Karim El Defrawy,Athina Markopoulou,Katerina Argyraki
Computer Science , 2006,
Abstract: Distributed Denial-of-Service (DDoS) attacks are a major problem in the Internet today. In one form of a DDoS attack, a large number of compromised hosts send unwanted traffic to the victim, thus exhausting the resources of the victim and preventing it from serving its legitimate clients. One of the main mechanisms that have been proposed to deal with DDoS is filtering, which allows routers to selectively block unwanted traffic. Given the magnitude of DDoS attacks and the high cost of filters in the routers today, the successful mitigation of a DDoS attack using filtering crucially depends on the efficient allocation of filtering resources. In this paper, we consider a single router, typically the gateway of the victim, with a limited number of available filters. We study how to optimally allocate filters to attack sources, or entire domains of attack sources, so as to maximize the amount of good traffic preserved, under a constraint on the number of filters. We formulate the problem as an optimization problem and solve it optimally using dynamic programming, study the properties of the optimal allocation, experiment with a simple heuristic and evaluate our solutions for a range of realistic attack-scenarios. First, we look at a single-tier where the collateral damage is high due to the filtering at the granularity of domains. Second, we look at the two-tier problem where we have an additional constraint on the number of filters and the filtering is performed on the granularity of attackers and domains.
An Adaptive Approach for Defending against DDoS Attacks
Muhai Li,Ming Li
Mathematical Problems in Engineering , 2010, DOI: 10.1155/2010/570940
Abstract: In various network attacks, the Distributed Denial-of-Service (DDoS) attack is a severe threat. In order to deal with this kind of attack in time, it is necessary to establish a special type of defense system to change strategy dynamically against attacks. In this paper, we introduce an adaptive approach, which is used for defending against DDoS attacks, based on normal traffic analysis. The approach can check DDoS attacks and adaptively adjust its configurations according to the network condition and attack severity. In order to insure the common users to visit the victim server that is being attacked, we provide a nonlinear traffic control formula for the system. Our simulation test indicates that the nonlinear control approach can prevent the malicious attack packets effectively while making legitimate traffic flows arrive at the victim.
Novel Mechanism to Defend DDoS Attacks Caused by Spam  [PDF]
Dhinaharan Nagamalai,Cynthia Dhinakaran,Jae-Kwang Lee
Computer Science , 2010,
Abstract: Corporate mail services are designed to perform better than public mail services. Fast mail delivery, large size file transfer as an attachments, high level spam and virus protection, commercial advertisement free environment are some of the advantages worth to mention. But these mail services are frequent target of hackers and spammers. Distributed Denial of service attacks are becoming more common and sophisticated. The researchers have proposed various solutions to the DDOS attacks. Can we stop these kinds of attacks with available technology? These days the DDoS attack through spam has increased and disturbed the mail services of various organizations. Spam penetrates through all the filters to establish DDoS attacks, which causes serious problems to users and the data. In this paper we propose a novel approach to defend DDoS attack caused by spam mails. This approach is a combination of fine tuning of source filters, content filters, strictly implementing mail policies,educating user, network monitoring and logical solutions to the ongoing attack. We have conducted several experiments in corporate mail services; the results show that this approach is highly effective to prevent DDoS attack caused by spam. The novel defense mechanism reduced 60% of the incoming spam traffic and repelled many DDoS attacks caused by spam.
Bound Maxima as a Traffic Feature under DDOS Flood Attacks
Jie Xue,Ming Li,Wei Zhao,Sheng-Yong Chen
Mathematical Problems in Engineering , 2012, DOI: 10.1155/2012/419319
Abstract: This paper gives a novel traffic feature for identifying abnormal variation of traffic under DDOS flood attacks. It is the histogram of the maxima of the bounded traffic rate on an interval-by-interval basis. We use it to experiment on the traffic data provided by MIT Lincoln Laboratory under Defense Advanced Research Projects Agency (DARPA) in 1999. The experimental results profitably enhance the evidences that traffic rate under DDOS attacks is statistically higher than that of normal traffic considerably. They show that the pattern of the histogram of the maxima of bounded rate of attack-contained traffic greatly differs from that of attack-free traffic. Besides, the present traffic feature is simple in mathematics and easy to use in practice.
ANALYSIS OF DDoS ATTACKS IN DISTRIBUTED PEER TO PEER NETWORKS
Vooka Pavan Kumar
Journal of Global Research in Computer Science , 2011,
Abstract: The term ‘peer-to-peer’ generally describes a class of systems that employ distributed resources to perform a specific function in a decentralized manner. Distributed P2P networks are widely used for file sharing and in such a scenario, a Distributed P2P network could be easily exploited by an attacker to establish a DDoS attack against any arbitrary host on the internet. Distributed denials of service (DDoS) attacks are very hard to detect and regarded as a major threat to the Internet. Though a number of techniques have been proposed to defeat DDoS attacks in Distributed P2P networks, it is still very hard to respond to flooding- based DDoS attacks due to a large number of attacking machines and the use of source- address spoofing. An efficient framework has been designed to detect and defend against DDoS attacks in Distributed Peer-to-Peer networks. It defends against attacks by considering the distance between the source ends and the victim end and also the Time-to-Live (TTL) value in IP header. The proposed system has three major components: DDoS detection, agent-based trace back, and traffic control. The agent based mechanism is used to keep track of all the node details (e.g. bandwidth, node capacity, etc). The proposed system can be evaluated on a network simulation platform called NS2. The results demonstrate that the detection techniques are capable of detecting DDoS attacks accurately, and the defence mechanism can efficiently control attack traffic in order to maintain the quality of service for legitimate traffic. Also, the framework shows better performance in defeating the DDoS attacks in Distributed P2P networks compared to the other existing techniques. Keywords: Distributed Peer-to-Peer Networks, Distributed Denial of Service Attack, Time-to-Live, Internet Protocol
ANALYSIS OF DDoS ATTACKS IN DISTRIBUTED PEER TO PEER NETWORKS
Vooka Pavan Kumar
Journal of Global Research in Computer Science , 2011,
Abstract: The term ‘peer-to-peer’ generally describes a class of systems that employ distributed resources to perform a specific function in a decentralized manner. Distributed P2P networks are widely used for file sharing and in such a scenario, a Distributed P2P network could be easily exploited by an attacker to establish a DDoS attack against any arbitrary host on the internet. Distributed denials of service (DDoS) attacks are very hard to detect and regarded as a major threat to the Internet. Though a number of techniques have been proposed to defeat DDoS attacks in Distributed P2P networks, it is still very hard to respond to flooding- based DDoS attacks due to a large number of attacking machines and the use of source- address spoofing. An efficient framework has been designed to detect and defend against DDoS attacks in Distributed Peer-to-Peer networks. It defends against attacks by considering the distance between the source ends and the victim end and also the Time-to-Live (TTL) value in IP header. The proposed system has three major components: DDoS detection, agent-based trace back, and traffic control. The agent based mechanism is used to keep track of all the node details (e.g. bandwidth, node capacity, etc). The proposed system can be evaluated on a network simulation platform called NS2. The results demonstrate that the detection techniques are capable of detecting DDoS attacks accurately, and the defence mechanism can efficiently control attack traffic in order to maintain the quality of service for legitimate traffic. Also, the framework shows better performance in defeating the DDoS attacks in Distributed P2P networks compared to the other existing techniques. Keywords- Distributed Peer-to-Peer Networks, Distributed Denial of Service Attack, Time-to-Live, Internet Protocol
Page 1 /100
Display every page Item


Home
Copyright © 2008-2017 Open Access Library. All rights reserved.