AN EFFECTIVE DEFENSE CUM PREVENTION OF DDoS ATTACKS IN ACTIVE NETWORKS USING ATTRIBUTE TREES
|
|
- Lesley Ward
- 8 years ago
- Views:
Transcription
1 AN EFFECTIVE DEFENSE CUM PREVENTION OF DDoS ATTACKS IN ACTIVE NETWORKS USING ATTRIBUTE TREES P.Jayashree 1, Dr.K.S.Easwarakumar 2 1 Department of Information Technology, Anna University, MIT, Chennai,India 2 Department of Computer Science and Engineering, Anna University, CEG, Chennai,India pjshree@annauniv.edu ABSTRACT With the development and deployment of increasing internet services due to emerging technologies to meet the ever growing demands of the web users, the necessity to make these services available in also equally demanding. But web has become a necessary iniquity due to cyber attacks that are springing in abundance everyday. One of the most threatening attacks is the denial of service attacks originated from a single or multiple sources to make the legitimate users starve from the requested services. Many solutions have been proposed in the literature to defend against such attacks with each one having its own strength and weakness. In this paper an optimal datamining based defense cum protection mechanism, that identifies and uses the candidate packet attributes which can demark the attack packets from legitimate traffic more accurately, is devised as a complement to existing solutions and tested for its detection efficiency using ANTS, an active network test bed. Keywords: network security,denial of service attack, data mining, acive network. 1 INTRODUCTION With the advent of internet technology, the number and variety of services on the web are tremendously increasing. Free and open accessibility of these resources also give room for security attacks, imposing the need for adopting security measures for the network. One of the serious security threats from users view point is the denial of service (DoS) attacks. The damaging effect of such attacks can further be intensified through a set of attack sources distributed over a network domain leading to distributed denial of service attacks(ddos).these attacks are employed from a set of compromised hosts for consuming computational and communication resources rapidly [1]. Addressing denial of service problem is important as there has been an increase in network attacks in recent times [2].Many solutions have been proposed in the literature for defending against such attacks, each one having its own strength and weakness. As the DDoS attacks primarily aim at flooding the network, depleting the bandwidth and other resources rapidly, the same characteristics is made use of in devising the attack detection solution. In this paper a data mining based defense cum prevention mechanism is proposed based on analyzing the features of the network data packet using efficient data structures and employing present and traffic history details for the classification of legitimate and attack traffic. The solution is addressed for active network, a framework where network elements are programmable. This differs from traditional network in that all the network components are active in nature [3],[4].Like end hosts, the routers are capable of performing any customized computation on the packets flowing through them as specified by user or application. Commonly two approaches exist to bring activity to network nodes namely discrete approach and integrated approach. The discrete approach or programmable node approach allows programs to be injected into the active programmable nodes out of band (i.e) separately from the data packets. The data packets carry information for the active nodes to handle them. In integrated approach or encapsulation approach the code to be executed is integrated into every packet of data called as capsule. When the data arrives at the active node, it interprets the code and processes the data depending on code interpretation. Each active node has a built in mechanism to load the code, an execution environment to execute the code and a relatively permanent storage where the capsules would retrieve or store information. Though active network increases the flexibility and ease of deploying network applications, it also poses severe security threats. The presence of distrusted code that is executed on the network components may be malicious in nature to damage the routers. Hence dealing with security is an important issue for these type of networks. Ubiquitous Computing and Communication Journal 1
2 1.1 Contributions The proposed mechanism claims the following contributions as a part of the effective solution to DDoS attacks. A defense cum prevention solution is deployed at the source end perimeter routers and hence the network resources are saved from flooding attacks. Effective mechanism is devised to select packet attributes that act as candidates for classifying attack packets from legitimate traffic. The attributes are assigned varying weights evaluated based on their degree of contribution to detect attacks. The efficiency of attack detection for further prevention depends on the use of efficient and optimal data structures and information exchange between perimeter routers. 1.2 Paper Organization The remainder of the paper is organized as follows. Section 2 provides the preliminaries on denial of service attack and the related works in the literature. The proposed mechanism is discussed in section 3 and the design and implementation details are provided in section 4 and 5. Results of the simulation and analysis are reported in Section 6 and conclusions are drawn in section 7. 2 PRELIMINARIES Denial of service was the top source of financial loss due to cyber crime. The DoS attack on DNS server last year lasted only an hour. Since DNS information is heavily cached and had the attack lasted longer, the Internet could have experienced severe disruption. DDoS affects not only the target of the attack but legitimate users of the target's services are affected too. Observations and experiences tracking denial of service attacks over a period of time in the history serves as a base for better understanding to build novel solutions for the same. In this section a framework for classifying defense strategies for denial of service attacks is presented. Though many solutions are coming up, a sample of the most popular solutions employing variety of defense methods are overviewed here. 2.1 Related Works Identifying IP address spoofing is an important task in any attack detection and ingress filters and egress filters and hop count filtering methods are proposed in literature [5],[6],[7]. Various methods employ some form of packet marking to identify or trace down the attacks. Pushback mechanism [8],Trace back methods [9],[10],[11] and (Pi) path identification [12] are few of such methods. Few solutions employ rate limiters to control and regulate the traffic flow for attack mitigation as in [13][14]. In [15], various congestion control techniques like RED, CHOKE and pushback are used for mitigating attacks. Most of the solutions basically adopt some analytical models or algebraic approach for the solution as discussed in [16],[17],[18],[19]. The DWARD defense system is deployed at source end and autonomously detect attacks at the origin. [20].Secure Overlay Services (SOS) [21] hides victims locations to safeguard against attacks. DefCOM (Defensive overlay Cooperative Mesh) [22] proposes a distributed, cooperative network of routers that respond effectively to DDoS attacks while making some guarantees of continued service for legitimate clients. COSSACK [23] similarly forms a multicast group of defense nodes that are deployed at source and victim networks and cooperate in filtering the attack and [24] defines a defense solution for active networks. 2.2 Data Mining Solutions Data mining is a powerful technology that enables retrieving relevant data from a huge volume in data ware houses. There exists many data mining tools that can predict future trends and behaviors, facilitating proactive, knowledge driven decisions in many domains. This potential and automated analysis offered by data mining along with past event analysis provides a retrospective basis for decision support systems. Extracting relevant information from a huge data base in comparable time is a promising alternative for earlier expert systems. The main objective of going for mining the data in data stores is to identify and extract some hidden or indirectly documented information which may go unnoticed otherwise and which may be necessary for generating good predictive information in expert systems and other decision making systems. The data mining techniques that are commonly adopted are using neural network, Decision trees, Near neighbor method, support vector machines and association rule induction[25]. Listed below is the collection of few recent works in attack detection using data mining techniques. Many data mining based approaches are discussed in the literature addressing the solution using statistical, classification approaches and other signal processing and pattern recognition techniques. [25],[26] discussed a IDS model using historical data analysis. Neural network based model is proposed in [27] and genetic algorithm is used to model detection system as in [28]. Different data mining techniques are discussed and analyzed in [29] and [30] has presented various intrusion detection approaches as summarized above. Few commercial and many experimental products like EMERALD, ISOA(information security office assistant), DIDS(Distributed IDS), Ubiquitous Computing and Communication Journal 2
3 Kane secure, SNORT are also available. Each of these proposals has its own merit and provides techniques that can help address the DoS problem in different angles. No method has suggested a complete solution to the attack so far. But it is vital to have a more complete attack solution for comprehensive network security. In this paper another data mining based defense strategy to complement the list of existing techniques, with its own strengths, is proposed. 3 PROPOSED STRATEGY 3.1 An Overview The proposed detection cum prevention method for DDoS attacks is based on statistical mining of the analyzed traffic data characteristic and behavior to extract and order the packet features that decide the success of the detection system. The system is designed for active network domain and hence the deployment of the defense solution supports a preventive mechanism for further attacks. Active networks allows all the network elements and hence the routers to be programmable which makes the deployment in the routers at ease. The DDoS attacks though aim at pinning down the hosts providing services to users on the network, the attack traffic depletes the network resources also at a faster rate to make the entire network stumble for its normal request and response activities. Hence it is wise to deploy the defense solution at the source end so that attack traffic can be prevented from entering the network once detected and thereafter the attack packets get dropped at the network perimeter itself. Identifying the source end routers ahead of the attack severity is a basic requirement and the first hop routers in the network are identified through a simple packet marking scheme as discussed in our previous work [31]. One of the common characteristics of DDoS attacks is the use of IP spoofing and ingress filter [5] is employed as the first level of the solution phase to take care of IP spoofing. The packet attributes are collected and mined as an array of attribute trees to extract the required the information for traffic classification. The proposed scheme defines the methodology adopted by the system for an attempt to develop an effective detection strategy. 3.2 Data Mining Approach The set of data mining tasks commonly used for any data retrieval operation are summarizing the data to pick up relevant and hidden data items, applying some association rules to convert the data into categorical set and applying some method of classification to categorize the data for future prediction. This approach naturally pay way for its suitability in network intrusion detection applications. Data mining technique, with its power to make future predictions of likely events, using the knowledge of existing data collection, is found to be an competitive alternative to many attack detection methods proposed. The attack traffic, modeled as an array of trees, each of which stores and updates the data for a promising attribute of the packets for efficient attack detection, is mined dynamically. The approach is similar to the random forest data classifier method [32],[33]. The application of random forest, a collection of unpruned regression trees to detect intrusions is proposed in [34]wherein the detection mechanism using random forest classification is deployed at home router of victim to mine the static data set. Moreover the application of random forests, collection of yes/no decision trees, was used to classify data sets corresponding to misuse detection effectively. In the proposed defense strategy, the trees are used as binary search trees populated with attribute values to aid in effective detection of attack traffic. 3.3 Defense Framework The defense system is a two phase system with a training phase and a detection phase. The boundary between the two phases is not strictly demarked though the detection phase follows training phase, as the attribute trees learn to get their characteristic features for the detection redefined periodically over their life time. This section provides an overview of the system architecture and conceptual outline of the defense strategy adopted for attack detection, the details of which are discussed in the next section. Denial of service attack traffic is modeled as a set of binary trees, each tree corresponds to an attribute of the attack traffic packet. Denial of service attacks are primarily characterized by flooding type of traffic from a single or a set of sources towards a particular destination host. The attack may be of either constant rate or varying rate flow of packets. The solution should be able to handle both types effectively. Based on the characteristics of the attack and from what is learnt from the previous works in literature, the following attributes of the traffic are expected to be more suitable for traffic classification to detect DoS and DDoS attacks namely Destination address and port, Source address, Frequency of packets per flow, Frequency variations in traffic flow, Length of the packets per flow, Type of protocol used in per flow traffic. These six attributes can well represent both the packet as well as the traffic characteristics that can be used for discriminating Dos attacks, when evaluated over different periods of time. The training phase is meant as a preprocessing phase for the attack detection. The attributes extracted from the packets of a training set of attack samples is represented using a set of trees which are populated with the data. The trees are attributed by a weight factor that defines the priority of the Ubiquitous Computing and Communication Journal 3
4 attribute s contribution in detecting the attack. During the detection phase the packets from the actual network traffic are evaluated and assigned a Training Phase attack traffic packets Packet Elicitor attributes attribute trees Attribute Tree Populator Tree Attributer attribute trees attack packets real traffic packets Traffic Classifier Detection phase normal packets Figure 1. System architecture score point based on degree of relevance to attack characteristics possessed by them. This information is fed back to the set of attribute trees that are used for classifying the traffic. This positive feed back aids in fine tuning the classifier to more correctly classify the traffic. The packets that score above a predefined threshold value are stamped as attack packets and get dropped at the router and thereby prevented from entering the network. The detection mechanism outlined here is depicted in the fig SYSTEM DESIGN DETAILS 4.1 Attribute Tree construction After identifying the necessary attributes of the packet, called the deciding set (S A ), which can more clearly distinguish the legitimate packets from the attack packets, as the conformity of each property towards its legitimacy decision is not the same, the packet elicitor extracts the deciding set of attributes from the incoming packets. The deciding set is selected such that when some attributes fail to detect the packet correctly, the others in the set should be able to do it. Hence they are not considered as independent quantities; instead, they are highly interrelated with each other such that each feature completely cooperates with the rest in deciding the legitimacy of the packets. Each element (A i ) in the deciding set S A, is represented by a binary search tree T i. The tree T i is represented as a collection of nodes N1,N2 etc corresponding to the various values taken by the attribute. Each node Nj has two fields to signify the attribute value (Vj) and the frequency (Fj). The tree is constructed dynamically as repeated insertion of nodes as and when a packet with that attribute arrives. The set of trees for the deciding set of attributes used for attack detection is represented as in Eq.(1). S A Ti Nj Ai Nj Vj, i is an, jis an, Fj integer integer (1) During the training phase the trees are initially populated with DoS attack packets of varying classes and during the detection phase the trees are dynamically updated with incoming real packet attributes when analysed to be an attack packet. The range and type of values taken by the various attributes defined by S A, is not within a defined boundary. In order to perform effective searching of the trees it is proposed to convert the actual values to an equivalent hash integer values. The field Vj of the j th node of an attribute defines the hash equivalent of the actual attribute value. Pearson hashing [35] is simple and less likely to have collisions. Given an input (C), consisting of any number of bytes, it produces as output, a single byte (h) that is strongly dependent on every byte of the input. Its implementation requires only few Ubiquitous Computing and Communication Journal 4
5 instructions, and a 256-byte lookup table (T) containing a permutation of the values 0 through 255 as defined below. h[0] = 0 for i in 1..n index = h[i-1] xor C[i] h[i] = T[index] end loop return h[n] The field Fj of the node Nj defines the number of the packets with the equivalent attribute value of Vj i.e. the frequency of occurrence of Vj as two packets that are perfectly similar get mapped only to a single value according to the hash function. The tree is subjected to updations only when a packet which has been detected as an attack is used to update the tree. In all other situations a mere look up is carried out to search for the presence of a particular node. Whenever a new attribute value needs to be inserted in the tree, its frequency (F) is set to 1. For each successive insertions of the same node value, its frequency(f) is incremented. This is done whenever the packet analyzed by the traffic classifier is categorized as an attack and its hashed value of the feature is the same as the value of that particular node. 4.2 Prioritizing the Attributes The various attributes selected for detecting DoS attacks need not contribute the same in detection process. Each attribute may have some characteristics to identify the legitimacy or attack relatively better for certain classes of attack than others. Then there are chances that these features can be used to classify the packets more easily and so these attributes need to be given more credence compared to others. Hence the trees representing the packet attributes are attributed by a weight factor symbolizing the priority of the attributes role in the attack detection process. The weight W i associated with the attribute A i or tree T i takes a value in the closed interval [0 1] which is the ratio to which it can classify a packet correctly. All the trees are assigned a weight value of 1 during the starting of the training period. After a period of time allowing the trees to get stabilized with training data set, the trees are updated with new weight values as computed by the algorithm. The weight values are updated periodically depending on the rate of traffic flow during detection phase. The weight values get modified based on the number of tree misses. Whenever the value extracted from the current packet for the attribute is not already a part of the tree, as a node when hashed to the tree, it is marked as tree miss. After a period of time Δt, the number of tree- misses (M i ) is calculated for each tree indicating the number of new nodes added during that period. Based on the number of new nodes inserted in a tree as well as the total number of new nodes added in the set of trees (M total ), weight value of each tree is updated as stated in Eq.(2), to fix its weightage relatively proportional to its relevance in detecting attacks. W i t t W i t ( W t M i M total) (2) i where W i t t defines the weight assigned to tree T i at time instant of t+δt and W i t is the corresponding value at time t. The functionality of tree attributer that attributes trees with weights dynamically is defined in the following pseudo code. set weight of all trees as 1 set miss-count of all trees as 0 repeat do until time t = t+δt repeat for each incoming packet read packet's attributes repeat for each attribute extract the attribute value val let hash(val) be h search tree for h if a node n found with value v=h then increment its frequency f else insert a new node with v = h,set f = 1 and increment tree miss-count end repeat end repeat end do record the miss-count of all trees and sum up as miss-counts if change in previous miss-count then update its weight value to weight_new weight_new = weight_old - (weight_old * misscount / miss-counts) end repeat 4.3 Optimal Search Tree Given n nodes, it is possible to construct 2n C n /(n+1) different valid binary search trees. One of the objective of the attack detector is to detect attacks as early and as fast as possible thereby attack traffic can be prevented from entering the network even. For finding the legitimacy of the packets, tree searching is associated and needs to be efficient. If the attribute value of attack packets represented by a node in the corresponding tree is near the root level, then during attack the tree searching to hash such values in the trees become easy and fast. Moreover as the input is very random, there is a probability that the tree becomes imbalanced in height which may lead to longer searches. Without loss of generality, it can be assumed that the searches made in the trees are proportional to the frequency values in each node. Ubiquitous Computing and Communication Journal 2
6 However, when there is a severe attack, most of the packets are attack packets and in which case, it is needed to minimize the tree search to the maximum extent possible. When the traffic is normal, Heaviness = 51 Heaviness = 42 Figure 2: Attribute tree and its equivalent optimized tree performing a search throughout its height though takes longer time, will add only a very small delay. So restructuring of the tree helps in achieving the search efficiency. It is required that there should be an optimal rearrangement such that the heaviness H is minimized. For a tree T i with node Nj having frequency Fj and depth Dj, the heaviness H i is defined as in Eq.(3). H i ( Fj Dj) (3) all nodes j For optimizing the tree, a parameter called tree heaviness is considered as the objective function. It The root node is defined as level 1 and successive siblings at successive levels. The optimal tree is obtained using dynamic programming approach as applied in the Maximum Chain Multiplication problem. From a given set of nodes, the most appropriate root node is chosen that serves the best. The same procedure is applied at all levels recursively to arrive at the most optimized tree. It is the most appropriate tree needed which satisfies all the constraints and is optimal. An example attribute tree with depth 4 and its equivalent optimized tree are shown in Fig.2 5 DEFENSE STRATEGY PACKET SCORE Size of a tree is defined by the number of packets that have been used to construct that tree. Numerically it is equal to the sum of the frequencies of all the nodes of the tree. Let this size factor be S i for the tree T i. Frequency of the node corresponding to the attribute value of the incoming packet is Fi. The value Fi / S i gives the contribution of that node or attribute value in that particular tree. Packet score is nothing but the weighed ratio of the number of attack packets having that value for the feature to the total number of packets that have been used to construct the tree. The decision whether to pass the packet or drop it is taken based on this packet score value. Score attributes i( W Fi i Si) / attributes i( W ) i (4) The packets scoring a high value is detected as an attack as they resemble the more frequently occurred packets structured in the attribute trees for attack traffic. Packets scoring a lower value may not be attack packets. Some delimiter value for the score is to be used to classify the packets as attack or not. This threshold value should be able to correctly classify the packets. This is determined using the sensitivity analysis by plotting the response curves of the traffic classification for various threshold values. The statistics is collected for legitimate, attack and mixed traffic. Let the attack threshold value figured out is Th a. If score > Th a, then the packet is classified as attack and is used to update the trees and then dropped at the router itself. This feedback of the attack characteristics helps in refining the detection accuracy by enabling the packets to score values that have distinct margins for attack and legitimate packets. Ubiquitous Computing and Communication Journal 3
7 The defense mechanism is deployed in active routers at the perimeter of the network. Routers get their defense structures updated periodically by way of exchange of attack knowledge from peer routers. The router updation is essential for preventing attacks at the source network. Instead of sending the whole tree structures, which is costly, the routers are designed to send the hash value of the node whenever the frequency of that node hits a particular threshold as defined. The router information exchange is part of the prevention mechanism of the system. 6 RESULTS AND ANALYSIS OF SIMULATED STUDY 6.1 Simulation Environment The proposed system is deployed in active networks where the routers are programmable. ANTS is a Java based toolkit used for constructing an active network and the solution is deployed and tested in ANTS. As ANTS has limitation in the size of topology that can be defined, a distributed version is developed, as defined in our earlier work[36], to support larger network topology for simulation. The test topology with zombies to launch DDoS attacks as shown in fig.3 is used for testing the defense system proposed that is deployed in all the intelligent routers at the network perimeter. features is identified for the six attributes considered for traffic classification by the proposed system namely Destination address and port, Source address, Frequency of packets per flow, Frequency variations in traffic flow, Length of the packets per flow, Type of protocol used in per flow traffic. Six attribute trees are used and packets over a time window of 2 plus minutes is used to analyze the output parameters. 6.2 Performance Analysis The threshold value for the packet score to discriminate the attack traffic is evaluated as depicted in fig. 4 and fig. 5. The system is tested with attack traffic and legitimate traffic separately to define the limit. As the threshold value approaches 0.32, the number of attack packets getting dropped at the router is increased. Similarly the maximum legitimate traffic passed through the routers is for the threshold value nearly 0.3. Hence the attack threshold Th a is set as 0.32 for testing. Figure 4: Flow through router for attack traffic Figure 5: Flow through router for legitimate traffic Figure 3: Test topology in active network DARPA dataset is the standard dataset in the field of intrusion detection [37],[38].KDD 99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for feature identification and is the only labeled dataset publicly available. 10% of the data set corresponds to DoS attacks. In the training data set containing 24 attack types classified into 4 broad classes, only the DoS class of records were taken as the data set for evaluation. The relevance of each feature in KDD 99 intrusion detection datasets with 41 Based on various simulation runs performed using generic, nominal and SYN-flood attacks, the false alarm rate is evaluated. The average false positive percentage is 2.65 for nominal traffic and 0 for others while the average false negative percentage is 2.5, 2.08, 3.55 for generic, nominal and SYN flood attacks. Since the solution deployed at the routers employs feed back loops to allow learning cum detection for fine tuning the detection process, it is justified that false negative rate exceed false positive as some attack packets get through the routers undetected at the initial time instances of testing time window. Ubiquitous Computing and Communication Journal 2
8 7 CONCLUSION DDoS attacks threatening the inter network services need to be detected effectively and as early as possible. In this paper, an effective detection method using packet features mined using set of trees for detection has been proposed. As the static nature of the trees prevents it from gaining knowledge as traffic pattern changes on the fly, for the new attack patterns, a dynamic updation algorithm has been employed by restructuring it into an array of optimal attribute trees. Attribute trees have been designed such that they keep track of the distinct properties of attack packets as learned from attack traffic profile to improve detection accuracy. Hence multiple trees do help in determining the legitimacy of the packets. The trees are weighed to reflect the efficiency with which it can classify the packet as attack or legitimate. To prevent the random growth of the trees, an optimization mechanism has been applied for efficient searching of the tree to improve the detection time as well as the detection efficiency. As the detection mechanism is deployed at source network, it also acts as a prevention system, though not a complete prevention system. 8 REFERENCES [1] L.Garber: Denial of service attacks rip the Inter net, IEEE Computer, vol. 33, no. 4, pp (2000). [2] D. Pappalardo and E. Messmer: Extortion Via DDoS on the Rise, Network World( 2005). ddos-extortion.html [3] D.L.Tennenhouse and D.J.Wetherall: Towards active network architecture, Computer communication review,vol.26,no.2( 1996). [4] K. L. Calvert et al.: Directions in Active Networks, IEEE Communications( 2001). [5] P. Ferguson and D. Senie: Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing, RFC 2827 (2000). [6] S.Templeton: Detecting Spoofed Packets, Seminars, UC Davis Computer Security Laboratory ( 2002). [7] Cheng Jin, Kang G. Shin, and Haining Wang: Defense Against Spoofed IP Traffic Using Hop- Count Filtering, IEEE/ACM Transactions on Networking ( 2007). [8] J. Ioannidis and S.M. Bellovin: Implementing Pushback: Router-Based Defense Against DDoS Attacks, Proceedings of Network and Distributed System Security Symposium (2002). [9] M. Adler: Trade-offs in probabilistic packet marking for IP trace back Journal of the ACM, vol. 52, no. 2, pp ( 2005). [10] A. Yaar, A. Perrig, and D. Song: FIT: Fast Internet trace back, IEEE INFOCOM, pp , (2005). [11] A. Belenky and N. Ansari: IP Trace back with Deterministic Packet Marking, IEEE communications Letters, vol. 7, no. 4, pp (2003). [12] A. Yaar, A. Perrig, and D. Song: Pi: A path identification mechanism to defend against DDoS attacks, IEEE Symposium on Security and Privacy, pp ( 2003). [13] A. Yaar, A. Perrig, and D. Song. SIFF: A Stateless Internet Flow Filter to mitigate DDoS flooding attacks, IEEE Symposium on Security and Privacy( 2004). [14] Xiaowei Yang, David Wetherall and Thomas Anderson: A DoS limiting Network Architecture SIGCOMM 05, pp: 22 26, (2005). [15] Takanori Komatsu and Akira Namatame: On the Effectiveness of Rate-Limiting Methods to Mitigate Distributed DoS (DDoS) Attacks, IEICE Transactions on Communications, E90-B(10), pp: (2007). [16] C.-K. Fung and M.C. Lee: A Denial-of-Service Resistant Public-key Authentication and Key Establishment Protocol, Proceedings of IEEE International Performance, Computing and Communications, (2002). [17] Shuyuan Jin, Daniel S. Yeung: A Covariance Analysis Model for DDoS Attack Detection, IEEE Communications ( 2004). [18] George Oikonomou, Peter Reiher, Max Robinson, and Jelena Mirkovic: A Framework for Collaborative DDoS Defense, Proceedings of the Annual Computer Security Applications Conference ( 2006) [19] Matthew Beaumont-Gay: A Comparison of SYN Flood Detection Algorithms, Proceedings of the Second International Conference on Internet Measurement and Protection ( 2007). [20] Jelena Mirkovic, Peter Reiher: D-WARD: A Ubiquitous Computing and Communication Journal 3
9 Source End Defense against Flooding Denial of Service Attacks, IEEE transactions on Dependable and Secure computing, Vol. 2, No. 3, pp (2005). [21] Keromytis, A.D. Misra, V. Rubenstein, D.: SOS: an architecture for mitigating DDoS attacks, IEEE Journal on Selected Areas in Communications, Volume: 22, Issue: 1,pp: (2004) [22] Papadopoulos, C.; Lindell, R.; Mehringer, J.; Hussain, A.; Govindan, R.:COSSACK: coordinated suppression of simultaneous attacks, DARPA Information Survivability Conference and Exposition Proceedings, Volume 1, Issue, pp: 2-13 (2003) [23] Robinson, M. Mirkovic, J. Michel, S. Schnaider, M. Reiher, P.:DefCOM: defensive cooperative overlay mesh, DARPA Information Survivability Conference and Exposition Proceedings, Volume: 2,pp: , vol.2 (2003) [24] G. Kim, T. Bogovic, and D. Chee: Active Edge-Tagging (ACT): An Intruder Identification & Isolation Scheme in Active Networks, proceedings of 6th IEEE Symposium on Computers and Communications (2001). [25] D. E. Denning: An intrusion detection model, IEEE Transactions on Software Engineering, vol. 13,no. 2, pp ( 1987). [26] W. Lee, S. J. Stolfo, and K. Mok: A data mining framework for building intrusion detection model, IEEE Symposium on Security and Privacy, pp (1999). active networks, Proc. of International conference on Information security, pp: (2005) [31] Kumar: Classification and Detection of Computer Intrusions, Doctoral Dissertation, Purdue University(1995) [32].Breiman: Random Forests, Machine Learning, 45(1):5 32( 2001) [33] Frederick Livingston: Implementation of Breiman s Random Forest Machine Learning Algorithm, ECE591Q Machine Learning Journal Paper ( 2005). [34] Jiong Zhang and Mohammad Zulkernine: Network Intrusion Detection using Random Forests, Queen s University ( 2006). [35] Peter K. Pearson :Fast Hashing of Variable- Length Text Strings., Communications of the ACM 33(6), 677 (1990). [36] P.Jayashree, K.S.Easwarakumar, Ramya.P Chandrasekar.M, and Vijay.M: Design of a Distributed Active Network Toolkit, proc. of International Conference on Contemporary Computing, (2008) [37] R. Lippmann, J. W. Haines, D. J. Fried, J. Korba,and K. Das: The 1999 DARPA offline intrusion detection evaluation, Computer Networks, vol. 34, pp (2000). [38]S. D. Moitra and S. L. Konda: An empirical investigation of network attacks on computer systems, Computers and Security, vol. 23, no. 1, pp ,(2004). [27] R. Lippmann and R. K. Cunningham: Improving intrusion detection performance using keyword selection and neural networks, Computer Networks, vol.34, pp ( 2000). [28] D. E. Goldberg: Genetic Algorithms in Search, Optimization and Machine Learning, Addison- Wesley (1989). [29] D. Zhu, G. Premkumar, X. Zhang, and C.-H. Chu: Data mining for intrusion detection: A comparison of alternative methods, Decision Sciences, vol. 32, no. 4, pp ( 2001). [30] T. Verwoerd and R. Hunt: Intrusion detection techniques and approaches, Computer Communications, vol. 25, no. 15, pp (2002). [31] P.Jayashree, K.S.Easwarakumar: An alternative approach to DDoS attack defense in Ubiquitous Computing and Communication Journal 4
10 . Ubiquitous Computing and Communication Journal 5
An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh
More informationA Novel Packet Marketing Method in DDoS Attack Detection
SCI-PUBLICATIONS Author Manuscript American Journal of Applied Sciences 4 (10): 741-745, 2007 ISSN 1546-9239 2007 Science Publications A Novel Packet Marketing Method in DDoS Attack Detection 1 Changhyun
More informationDefending DDoS Attacks Using Traffic Differentiation and Distributed Deployment
Defending DDoS Attacks Using Traffic Differentiation and Distributed Deployment Rohan Patil, Aditya Kumat, Karan Bulbule, Maitreya Natu Student author, College of Engineering, Pune, India Tata Research
More informationTackling Congestion to Address Distributed Denial of Service: A Push-Forward Mechanism
Tackling Congestion to Address Distributed Denial of Service: A Push-Forward Mechanism Srinivasan Krishnamoorthy and Partha Dasgupta Computer Science and Engineering Department Arizona State University
More informationFlexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks
Flexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks Prashil S. Waghmare PG student, Sinhgad College of Engineering, Vadgaon, Pune University, Maharashtra, India. prashil.waghmare14@gmail.com
More informationA TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ICTACT JOURNAL ON COMMUNICATION TECHNOLOGY, JUNE 2010, ISSUE: 02 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS S.Seetha 1 and P.Raviraj 2 Department of
More informationDual Mechanism to Detect DDOS Attack Priyanka Dembla, Chander Diwaker 2 1 Research Scholar, 2 Assistant Professor
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Journal of Engineering, Business and Enterprise
More informationAn Efficient Filter for Denial-of-Service Bandwidth Attacks
An Efficient Filter for Denial-of-Service Bandwidth Attacks Samuel Abdelsayed, David Glimsholt, Christopher Leckie, Simon Ryan and Samer Shami Department of Electrical and Electronic Engineering ARC Special
More informationA Hybrid Approach for Detecting, Preventing, and Traceback DDoS Attacks
A Hybrid Approach for Detecting, Preventing, and Traceback DDoS Attacks ALI E. EL-DESOKY 1, MARWA F. AREAD 2, MAGDY M. FADEL 3 Department of Computer Engineering University of El-Mansoura El-Gomhoria St.,
More informationEntropy-Based Collaborative Detection of DDoS Attacks on Community Networks
Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks Krishnamoorthy.D 1, Dr.S.Thirunirai Senthil, Ph.D 2 1 PG student of M.Tech Computer Science and Engineering, PRIST University,
More informationHow To Protect Your Network From A Ddos Attack On A Network With Pip (Ipo) And Pipi (Ipnet) From A Network Attack On An Ip Address Or Ip Address (Ipa) On A Router Or Ipa
Defenses against Distributed Denial of Service Attacks Adrian Perrig, Dawn Song, Avi Yaar CMU Internet Threat: DDoS Attacks Denial of Service (DoS) attack: consumption (exhaustion) of resources to deny
More informationProvider-Based Deterministic Packet Marking against Distributed DoS Attacks
Provider-Based Deterministic Packet Marking against Distributed DoS Attacks Vasilios A. Siris and Ilias Stavrakis Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH)
More informationAttack Diagnosis: Throttling Distributed Denialof-Service Attacks Close to the Attack Sources
Attack Diagnosis: Throttling Distributed Denialof-Service Attacks Close to the Attack Sources Ruiliang Chen and Jung-Min Park Bradley Department of Electrical and Computer Engineering Virginia Polytechnic
More informationPacket-Marking Scheme for DDoS Attack Prevention
Abstract Packet-Marking Scheme for DDoS Attack Prevention K. Stefanidis and D. N. Serpanos {stefanid, serpanos}@ee.upatras.gr Electrical and Computer Engineering Department University of Patras Patras,
More informationDesign and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System
Design and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System Ho-Seok Kang and Sung-Ryul Kim Konkuk University Seoul, Republic of Korea hsriver@gmail.com and kimsr@konkuk.ac.kr
More information2. Design. 2.1 Secure Overlay Services (SOS) IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.
IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.7, July 2007 167 Design and Development of Proactive Models for Mitigating Denial-of-Service and Distributed Denial-of-Service
More informationKeywords Attack model, DDoS, Host Scan, Port Scan
Volume 4, Issue 6, June 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com DDOS Detection
More informationEfficient Detection of Ddos Attacks by Entropy Variation
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727 Volume 7, Issue 1 (Nov-Dec. 2012), PP 13-18 Efficient Detection of Ddos Attacks by Entropy Variation 1 V.Sus hma R eddy,
More informationInternational Journal of Emerging Technologies in Computational and Applied Sciences (IJETCAS) www.iasir.net
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Journal of Emerging Technologies in Computational
More informationHow To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme
Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi
More informationFiltering Based Techniques for DDOS Mitigation
Filtering Based Techniques for DDOS Mitigation Comp290: Network Intrusion Detection Manoj Ampalam DDOS Attacks: Target CPU / Bandwidth Attacker signals slaves to launch an attack on a specific target address
More informationA Novel Distributed Denial of Service (DDoS) Attacks Discriminating Detection in Flash Crowds
International Journal of Research Studies in Science, Engineering and Technology Volume 1, Issue 9, December 2014, PP 139-143 ISSN 2349-4751 (Print) & ISSN 2349-476X (Online) A Novel Distributed Denial
More informationHow To Mark A Packet With A Probability Of 1/D
TTL based Packet Marking for IP Traceback Vamsi Paruchuri, Aran Durresi and Sriram Chellappan* Abstract Distributed Denial of Service Attacks continue to pose maor threats to the Internet. In order to
More informationAnalysis of IP Spoofed DDoS Attack by Cryptography
www..org 13 Analysis of IP Spoofed DDoS Attack by Cryptography Dalip Kumar Research Scholar, Deptt. of Computer Science Engineering, Institute of Engineering and Technology, Alwar, India. Abstract Today,
More informationInternet Protocol trace back System for Tracing Sources of DDoS Attacks and DDoS Detection in Neural Network Packet Marking
Internet Protocol trace back System for Tracing Sources of DDoS Attacks and DDoS Detection in Neural Network Packet Marking 1 T. Ravi Kumar, 2 T Padmaja, 3 P. Samba Siva Raju 1,3 Sri Venkateswara Institute
More informationDETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED METRICS
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED METRICS S. Renuka Devi and P. Yogesh Department of Information Science and Technology, College of Engg. Guindy, Anna University,
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationSurvey on DDoS Attack Detection and Prevention in Cloud
Survey on DDoS Detection and Prevention in Cloud Patel Ankita Fenil Khatiwala Computer Department, Uka Tarsadia University, Bardoli, Surat, Gujrat Abstract: Cloud is becoming a dominant computing platform
More informationDr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu. DDoS and IP Traceback. Overview
DDoS and IP Traceback Dr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu Louisiana State University DDoS and IP Traceback - 1 Overview Distributed Denial of Service
More informationA HYBRID APPROACH TO COUNTER APPLICATION LAYER DDOS ATTACKS
A HYBRID APPROACH TO COUNTER APPLICATION LAYER DDOS ATTACKS S. Renuka Devi and P. Yogesh Department of Information Science and Technology, College of Engg.Guindy, AnnaUniversity, Chennai.India. renusaravanan@yahoo.co.in,
More informationDDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR
Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,
More informationDepth-in-Defense Approach against DDoS
6th WSEAS International Conference on Information Security and Privacy, Tenerife, Spain, December 14-16, 2007 102 Depth-in-Defense Approach against DDoS Rabia Sirhindi, Asma Basharat and Ahmad Raza Cheema
More informationKeywords - Intrusion Detection System, Intrusion Prevention System, Artificial Neural Network, Multi Layer Perceptron, SYN_FLOOD, PING_FLOOD, JPCap
Intelligent Monitoring System A network based IDS SONALI M. TIDKE, Dept. of Computer Science and Engineering, Shreeyash College of Engineering and Technology, Aurangabad (MS), India Abstract Network security
More informationBandwidth based Distributed Denial of Service Attack Detection using Artificial Immune System
Bandwidth based Distributed Denial of Service Attack Detection using Artificial Immune System 1 M.Yasodha, 2 S. Umarani 1 PG Scholar, Department of Information Technology, Maharaja Engineering College,
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationNEW TECHNIQUES FOR THE DETECTION AND TRACKING OF THE DDOS ATTACKS
NEW TECHNIQUES FOR THE DETECTION AND TRACKING OF THE DDOS ATTACKS Iustin PRIESCU, PhD Titu Maiorescu University, Bucharest Sebastian NICOLAESCU, PhD Verizon Business, New York, USA Rodica NEAGU, MBA Outpost24,
More informationOptimizing DDOS Attacks Using LCIA
Optimizing DDOS Attacks Using LCIA Supriya Sawwashere 1, Sanjeev Shrivastava 2, Ashutosh Lanjewar 3, D.S.Bhilare 4 1,3 Guru Nanak Institute of Engineering and Technology, Nagpur, India 2.4 DAVV, Indore,
More informationA Novel Technique for Detecting DDoS Attacks at Its Early Stage
A Novel Technique for Detecting DDo Attacks at Its Early tage Bin Xiao 1, Wei Chen 1,2, and Yanxiang He 2 1 Department of Computing, The Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong {csbxiao,
More informationApplication of Netflow logs in Analysis and Detection of DDoS Attacks
International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 8, Number 1 (2016), pp. 1-8 International Research Publication House http://www.irphouse.com Application of Netflow logs in
More informationDDoS Attack Traceback
DDoS Attack Traceback and Beyond Yongjin Kim Outline Existing DDoS attack traceback (or commonly called IP traceback) schemes * Probabilistic packet marking Logging-based scheme ICMP-based scheme Tweaking
More informationA SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS
Journal homepage: www.mjret.in ISSN:2348-6953 A SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS P.V.Sawant 1, M.P.Sable 2, P.V.Kore 3, S.R.Bhosale 4 Department
More informationMitigating Denial-of-Service and Distributed Denial-of-Service Attacks Using Server Hopping Model Using Distributed Firewall
Mitigating Denial-of-Service and Distributed Denial-of-Service Attacks Using Server Hopping Model Using Distributed Firewall Prajyoti P.Sabale 1, Anjali B.Raut 2 1 Department of Computer Science &Information
More informationDETECTING AND PREVENTING IP SPOOFED ATTACK BY HASHED ENCRYPTION
DETECTING AND PREVENTING IP SPOOFED ATTACK BY HASHED ENCRYPTION Vimal Upadhyay (A.P St Margaret Engineering College Neemrana ), Rajeev kumar (Pursuing M-Tech Arya College) ABSTRACT Network introduces security
More informationProceedings of the UGC Sponsored National Conference on Advanced Networking and Applications, 27 th March 2015
A New Approach to Detect, Filter And Trace the DDoS Attack S.Gomathi, M.Phil Research scholar, Department of Computer Science, Government Arts College, Udumalpet-642126. E-mail id: gomathipriya1988@gmail.com
More informationA Brief Discussion of Network Denial of Service Attacks. by Eben Schaeffer 0040014 SE 4C03 Winter 2004 Last Revised: Thursday, March 31
A Brief Discussion of Network Denial of Service Attacks by Eben Schaeffer 0040014 SE 4C03 Winter 2004 Last Revised: Thursday, March 31 Introduction There has been a recent dramatic increase in the number
More informationQueuing Algorithms Performance against Buffer Size and Attack Intensities
Global Journal of Business Management and Information Technology. Volume 1, Number 2 (2011), pp. 141-157 Research India Publications http://www.ripublication.com Queuing Algorithms Performance against
More informationPreventing Resource Exhaustion Attacks in Ad Hoc Networks
Preventing Resource Exhaustion Attacks in Ad Hoc Networks Masao Tanabe and Masaki Aida NTT Information Sharing Platform Laboratories, NTT Corporation, 3-9-11, Midori-cho, Musashino-shi, Tokyo 180-8585
More informationComparing Two Models of Distributed Denial of Service (DDoS) Defences
Comparing Two Models of Distributed Denial of Service (DDoS) Defences Siriwat Karndacharuk Computer Science Department The University of Auckland Email: skar018@ec.auckland.ac.nz Abstract A Controller-Agent
More informationA Distributed Approach to Defend Web Service from DDoS Attacks
A Distributed Approach to Defend Web Service from DDoS Attacks Monika Sachdeva Assistant Proff./Department of Computer Science & Engineering SBS College of Engineering & Technology, Ferozepur, Punjab,
More informationGame-based Analysis of Denial-of- Service Prevention Protocols. Ajay Mahimkar Class Project: CS 395T
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T Overview Introduction to DDoS Attacks Current DDoS Defense Strategies Client Puzzle Protocols for DoS
More informationPort Hopping for Resilient Networks
Port Hopping for Resilient Networks Henry C.J. Lee, Vrizlynn L.L. Thing Institute for Infocomm Research Singapore Email: {hlee, vriz}@i2r.a-star.edu.sg Abstract With the pervasiveness of the Internet,
More informationTowards Autonomic DDoS Mitigation using Software Defined Networking
Towards Autonomic DDoS Mitigation using Software Defined Networking Authors: Rishikesh Sahay, Gregory Blanc, Zonghua Zhang, Hervé Debar NDSS Workshop on Security of Emerging Networking Technologies (SENT
More informationOnline Identification of Multi-Attribute High-Volume Traffic Aggregates Through Sampling
Online Identification of Multi-Attribute High-Volume Traffic Aggregates Through Sampling Yong Tang Shigang Chen Department of Computer & Information Science & Engineering University of Florida, Gainesville,
More information2015 IJMR Volume 1 Issue 1 ISSN: 2454-1524
DDoS Attacks Detection and Traceback by Using Relative Entropy Mr. Alap Kumar Vegda 1* and Mr. Narayan Sahu 2 1 Research Scholar, Cyber Security, Department of Computer Science Engineering 2 Assistant
More informationA novel approach to detecting DDoS attacks at an early stage
J Supercomput (2006) 36:235 248 DOI 10.1007/s11227-006-8295-0 A novel approach to detecting DDoS attacks at an early stage Bin Xiao Wei Chen Yanxiang He C Science + Business Media, LLC 2006 Abstract Distributed
More informationAnalysis of Automated Model against DDoS Attacks
Analysis of Automated Model against DDoS Attacks Udaya Kiran Tupakula Vijay Varadharajan Information and Networked Systems Security Research Division of Information and Communication Sciences Macquarie
More informationSurvey on DDoS Attack in Cloud Environment
Available online at www.ijiere.com International Journal of Innovative and Emerging Research in Engineering e-issn: 2394-3343 p-issn: 2394-5494 Survey on DDoS in Cloud Environment Kirtesh Agrawal and Nikita
More informationBio-inspired mechanisms for efficient and adaptive network security
Bio-inspired mechanisms for efficient and adaptive network security Falko Dressler Computer Networks and Communication Systems University of Erlangen-Nuremberg, Germany dressler@informatik.uni-erlangen.de
More informationEffectiveness of close-loop congestion controls for DDoS attacks
Effectiveness of close-loop congestion controls for DDoS attacks Takanori Komatsu and Akira Namatame Mathematics and Computer Science, National Defence Academy of Japan Hashirimizu 1-10-20Yokosuka-shi,
More informationAn IP Trace back System to Find the Real Source of Attacks
An IP Trace back System to Find the Real Source of Attacks A.Parvathi and G.L.N.JayaPradha M.Tech Student,Narasaraopeta Engg College, Narasaraopeta,Guntur(Dt),A.P. Asso.Prof & HOD,Dept of I.T,,Narasaraopeta
More informationVulnerability Analysis of Hash Tables to Sophisticated DDoS Attacks
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 12 (2014), pp. 1167-1173 International Research Publications House http://www. irphouse.com Vulnerability
More informationAdaptive Distributed Traffic Control Service for DDoS Attack Mitigation
Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation Bernhard Plattner, ETH ZürichZ Joint work with Matthias Bossardt and Thomas Dübendorfer TIK ETH Zürich UK ProgNet Workshop, 1st December
More information2-7 The Mathematics Models and an Actual Proof Experiment for IP Traceback System
2-7 The Mathematics Models and an Actual Proof Experiment for IP Traceback System SUZUKI Ayako, OHMORI Keisuke, MATSUSHIMA Ryu, KAWABATA Mariko, OHMURO Manabu, KAI Toshifumi, and NISHIYAMA Shigeru IP traceback
More informationA Senior Design Project on Network Security
A Senior Design Project on Network Security by Yu Cai and Howard Qi Michigan Technological University 1400 Townsend Dr. Houghton, Michigan 49931 cai@mtu.edu Abstract Distributed denial-of-service (DDoS)
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationDoS: Attack and Defense
DoS: Attack and Defense Vincent Tai Sayantan Sengupta COEN 233 Term Project Prof. M. Wang 1 Table of Contents 1. Introduction 4 1.1. Objective 1.2. Problem 1.3. Relation to the class 1.4. Other approaches
More informationKEITH LEHNERT AND ERIC FRIEDRICH
MACHINE LEARNING CLASSIFICATION OF MALICIOUS NETWORK TRAFFIC KEITH LEHNERT AND ERIC FRIEDRICH 1. Introduction 1.1. Intrusion Detection Systems. In our society, information systems are everywhere. They
More informationA Stateless Traceback Technique for Identifying the Origin of Attacks from a Single Packet
A Stateless Traceback Technique for Identifying the Origin of Attacks from a Single Packet Marcelo D. D. Moreira, Rafael P. Laufer, Natalia C. Fernandes, and Otto Carlos M. B. Duarte Universidade Federal
More informationAn Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation
An Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation Shanofer. S Master of Engineering, Department of Computer Science and Engineering, Veerammal Engineering College,
More informationAnalysis of Methods Organization of the Modelling of Protection of Systems Client-Server
Available online at www.globalilluminators.org GlobalIlluminators Full Paper Proceeding MI-BEST-2015, Vol. 1, 63-67 FULL PAPER PROCEEDING Multidisciplinary Studies ISBN: 978-969-9948-10-7 MI-BEST 2015
More informationAdaptive Discriminating Detection for DDoS Attacks from Flash Crowds Using Flow. Feedback
Adaptive Discriminating Detection for DDoS Attacks from Flash Crowds Using Flow Correlation Coeff icient with Collective Feedback N.V.Poorrnima 1, K.ChandraPrabha 2, B.G.Geetha 3 Department of Computer
More informationDDoS Attack and Defense: Review of Some Traditional and Current Techniques
1 DDoS Attack and Defense: Review of Some Traditional and Current Techniques Muhammad Aamir and Mustafa Ali Zaidi SZABIST, Karachi, Pakistan Abstract Distributed Denial of Service (DDoS) attacks exhaust
More informationEvaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation
Evaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation R. K. Cunningham, R. P. Lippmann, D. J. Fried, S. L. Garfinkel, I. Graf, K. R. Kendall,
More informationDDoS Vulnerability Analysis of Bittorrent Protocol
DDoS Vulnerability Analysis of Bittorrent Protocol Ka Cheung Sia kcsia@cs.ucla.edu Abstract Bittorrent (BT) traffic had been reported to contribute to 3% of the Internet traffic nowadays and the number
More informationPrevention, Detection and Mitigation of DDoS Attacks. Randall Lewis MS Cybersecurity
Prevention, Detection and Mitigation of DDoS Attacks Randall Lewis MS Cybersecurity DDoS or Distributed Denial-of-Service Attacks happens when an attacker sends a number of packets to a target machine.
More informationHow To Defend Against A Distributed Denial Of Service Attack (Ddos)
International Journal of Science and Modern Engineering (IJISME) Survey on DDoS Attacks and its Detection & Defence Approaches Nisha H. Bhandari Abstract In Cloud environment, cloud servers providing requested
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationDenial of Service Attack Detection Using Multivariate Correlation Information and Support Vector Machine Classification
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Denial of Service Attack Detection Using Multivariate Correlation Information and
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationBotnet Detection Based on Degree Distributions of Node Using Data Mining Scheme
Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Chunyong Yin 1,2, Yang Lei 1, Jin Wang 1 1 School of Computer & Software, Nanjing University of Information Science &Technology,
More informationIndex Terms Denial-of-Service Attack, Intrusion Prevention System, Internet Service Provider. Fig.1.Single IPS System
Detection of DDoS Attack Using Virtual Security N.Hanusuyakrish, D.Kapil, P.Manimekala, M.Prakash Abstract Distributed Denial-of-Service attack (DDoS attack) is a machine which makes the network resource
More informationTracers Placement for IP Traceback against DDoS Attacks
Tracers Placement for IP Traceback against DDoS Attacks Chun-Hsin Wang, Chang-Wu Yu, Chiu-Kuo Liang, Kun-Min Yu, Wen Ouyang, Ching-Hsien Hsu, and Yu-Guang Chen Department of Computer Science and Information
More informationTracing the Origins of Distributed Denial of Service Attacks
Tracing the Origins of Distributed Denial of Service Attacks A.Peart Senior Lecturer amanda.peart@port.ac.uk University of Portsmouth, UK R.Raynsford. Student robert.raynsford@myport.ac.uk University of
More informationA Practical Method to Counteract Denial of Service Attacks
A Practical Method to Counteract Denial of Service Attacks Udaya Kiran Tupakula Vijay Varadharajan Information and Networked System Security Research Division of Information and Communication Sciences
More informationCooperative Defense against DDoS Attacks
Cooperative Defense against DDoS Attacks Guangsen Zhang, Manish Parashar The Applied Software Systems Laboratory Department of Electrical and Computer Engineering Rutgers University {gszhang,parashar}@caip.rutgers.edu
More informationAn Effectual Identification and Prevention OF DDOS Attacks in Web Using Divide-And-Conquer Algorithm
International Journal of Computer Networks and Communications Security VOL.1, NO.6, NOVEMBER 2013, 272 277 Available online at: www.ijcncs.org ISSN 2308-9830 C N C S An Effectual Identification and Prevention
More information2006-1607: SENIOR DESIGN PROJECT: DDOS ATTACK, DETECTION AND DEFENSE SIMULATION
2006-1607: SENIOR DESIGN PROJECT: DDOS ATTACK, DETECTION AND DEFENSE SIMULATION Yu Cai, Michigan Technological University Dr. Yu Cai is an assistant professor at School of Technology in Michigan Technological
More informationLarge-Scale IP Traceback in High-Speed Internet
2004 IEEE Symposium on Security and Privacy Large-Scale IP Traceback in High-Speed Internet Jun (Jim) Xu Networking & Telecommunications Group College of Computing Georgia Institute of Technology (Joint
More informationTRAFFIC REDIRECTION ATTACK PROTECTION SYSTEM (TRAPS)
TRAFFIC REDIRECTION ATTACK PROTECTION SYSTEM (TRAPS) Vrizlynn L. L. Thing 1,2, Henry C. J. Lee 2 and Morris Sloman 1 1 Department of Computing, Imperial College London, 180 Queen s Gate, London SW7 2AZ,
More informationAn Autonomic Approach to Denial of Service Defence
An Autonomic Approach to Denial of Service Defence Erol Gelenbe, Michael Gellman, and George Loukas Department of Electrical & Electronic Engineering Imperial College, London SW7 2BT {e.gelenbe,m.gellman,georgios.loukas}@imperial.ac.uk
More informationpacket retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.
Implementation of an Emulation Environment for Large Scale Network Security Experiments Cui Yimin, Liu Li, Jin Qi, Kuang Xiaohui National Key Laboratory of Science and Technology on Information System
More informationDetection of Distributed Denial of Service Attack with Hadoop on Live Network
Detection of Distributed Denial of Service Attack with Hadoop on Live Network Suchita Korad 1, Shubhada Kadam 2, Prajakta Deore 3, Madhuri Jadhav 4, Prof.Rahul Patil 5 Students, Dept. of Computer, PCCOE,
More informationCooperative Mechanism against DDoS Attacks
Cooperative Mechanism against DDoS Attacks Guangsen Zhang, Manish Parashar The Applied Software Systems Laboratory Department of Electrical and Computer Engineering Rutgers University {gszhang,parashar}@caip.rutgers.edu
More informationPreventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System
Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Shams Fathima M.Tech,Department of Computer Science Kakatiya Institute of Technology & Science, Warangal,India
More informationCONTROLLING IP SPOOFING THROUGH PACKET FILTERING
CONTROLLING IP SPOOFING THROUGH PACKET FILTERING Mrs. Mridu Sahu Department of Computer Science Engineering, RCET Bhilai, Chhattisgarh, India Email : mridu.kaushlesh@gmail.com Rainey C. Lal Department
More informationCHAPETR 3. DISTRIBUTED DEPLOYMENT OF DDoS DEFENSE SYSTEM
59 CHAPETR 3 DISTRIBUTED DEPLOYMENT OF DDoS DEFENSE SYSTEM 3.1. INTRODUCTION The last decade has seen many prominent DDoS attack on high profile webservers. In order to provide an effective defense against
More informationMultiagent Router Throttling: Decentralized Coordinated Response against DDoS Attacks
Multiagent Router Throttling: Decentralized Coordinated Response against DDoS Attacks Kleanthis Malialis and Daniel Kudenko Department of Computer Science University of York, UK {malialis,kudenko}@cs.york.ac.uk
More informationDenial of Service Attack Detection using Extended Analog Computers
Denial of Service Attack Detection using Extended Analog Computers Craig Shue, Brian Kopecky, Chris Weilemann Computer Science Department, Indiana University Bloomington, IN, U.S.A. {cshue, bkopecky, cweilema}@cs.indiana.edu
More informationDiDDeM: A System for Early Detection of TCP SYN Flood Attacks
DiDDeM: A System for Early Detection of TCP SYN Flood Attacks J. Haggerty, T. Berry, Q. Shi and M. Merabti School of Computing and Mathematical Sciences, Liverpool John Moores University, Liverpool, UK,
More informationDDoS Defense Mechanism by applying stamps
IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009 195 DDoS Defense Mechanism by applying stamps S S Nagamuthu Krishnan (PhD Research Scholar, Bhartathiar University,
More information