When service system is under DDoS attacks, it is important to detect anomaly signature at starting time of attack for timely applying prevention solutions. However, early DDoS detection is difficult task because the velocity of DDoS attacks is very high. This paper proposes a DDoS attack detection method by modeling service system as M/G/R PS queue and calculating monitoring parameters based on the model in odder to
early detect symptom of DDoS attacks. The proposed method is validated by experimental system and it gives good results.
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
This document discusses a proposed scheme to detect application layer distributed denial of service (App-DDoS) attacks using hidden semi-Markov models. It begins by describing how current techniques have difficulty distinguishing App-DDoS attacks from normal flash crowds based on traffic characteristics alone. The proposed scheme aims to capture spatial-temporal patterns during normal flash crowds using an Access Matrix, and then uses a hidden semi-Markov model to analyze dynamics of the Access Matrix and detect anomalies indicating potential App-DDoS attacks. It argues this approach can more effectively identify if traffic surges are caused by attackers or normal users compared to existing detection systems.
PROACTIVE DETECTION OF DDOS ATTACKS IN PUBLISH-SUBSCRIBE NETWORKSIJNSA Journal
The document summarizes research on proactively detecting DDoS attacks in publish-subscribe networks. It discusses how information-centric networking (ICN) using architectures like PURSUIT improve on the current internet architecture but are still vulnerable to DDoS attacks. The document then proposes a new content delivery scheme that prevents DDoS attacks through the use of network capabilities while maintaining the advantages of Bloom filter-based approaches used in PURSUIT. Security analysis suggests the proposed approach can resist DDoS attacks with high probability by making packet forwarding stateless and resistant to computational and replay attacks.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...journalBEEI
Distributed Denial of Service (DDoS) is a type of attack using the volume, intensity, and more costs mitigation to increase in this era. Attackers used many zombie computers to exhaust the resources available to a network, application or service so that authorize users cannot gain access or the network service is down, and it is a great loss for Internet users in computer networks affected by DDoS attacks. In the Network Forensic, a crime that occurs in the system network services can be sued in the court and the attackers will be punished in accordance with law. This research has the goal to develop a new approach to detect DDoS attacks based on network traffic activity were statistically analyzed using Naive Bayes method. Data were taken from the training and testing of network traffic in a core router in Master of Information Technology Research Laboratory University of Ahmad Dahlan Yogyakarta. The new approach in detecting DDoS attacks is expected to be a relation with Intrusion Detection System (IDS) to predict the existence of DDoS attacks.
Detecting Misbehavior Nodes Using Secured Delay Tolerant NetworkIRJET Journal
This document proposes a method called Statistical-based Detection of Blackhole and Greyhole attackers (SDBG) to detect misbehaving nodes in delay tolerant networks. SDBG can detect both individual misbehaving nodes as well as nodes that are colluding together. It works by having each node record encounter data with other nodes, including the number of messages sent and received. Individual nodes that drop many messages can be detected based on having a low message forwarding ratio. Colluding nodes can be detected because they will have sent many messages to each other to fake good behavior. The method aims to accurately detect misbehaving nodes while keeping false positives low. Extensive simulations showed it can work well across different network conditions.
This document summarizes a research paper that proposes improvements to the probabilistic packet marking (PPM) algorithm for detecting the path of distributed denial-of-service attacks. The PPM algorithm allows routers to mark attack packets with identification information based on a predetermined probability. However, its termination condition is not well-defined, which can result in an incorrectly constructed attack path. The paper proposes a modified PPM algorithm called rectified PPM (RPPM) that defines a precise termination condition to guarantee the constructed attack path is correct with a specified level of confidence. An experimental framework is designed to test the RPPM algorithm under different packet marking probabilities and network structures.
An enhanced ip traceback mechanism for tracking the attack source using packe...IAEME Publication
The document discusses an enhanced IP traceback mechanism (EITM) to more efficiently trace the source of distributed denial of service (DDoS) attacks. EITM aims to reduce the number of packets required for traceback by improving existing linear and remainder packet marking schemes. It analyzes challenges in tracing attackers due to the stateless nature of the internet and proposes that an effective traceback scheme minimizes required packets. The main goal is a mechanism that needs a number of packets almost equal to the number of hops to reconstruct the attack path more efficiently.
How to detect middleboxes guidelines on a methodologycsandit
Internet middleboxes such as VPNs, firewalls, and proxies can significantly change handling of
traffic streams. They play an increasingly important role in various types of IP networks. If end
hosts can detect them, these hosts can make beneficial, and in some cases, crucial improvements
in security and performance But because middleboxes have widely varying behavior and effects
on the traffic they handle, no single technique has been discovered that can detect all of them.
Devising a detection mechanism to detect any particular type of middlebox interference involves
many design decisions and has numerous dimensions. One approach to assist with the
complexity of this process is to provide a set of systematic guidelines. This paper is the first
attempt to introduce a set of general guidelines (as well as the rationale behind them) to assist
researchers with devising methodologies for end-hosts to detect middleboxes by the end-hosts.
The guidelines presented here take some inspiration from the previous work of other
researchers using various and often ad hoc approaches. These guidelines, however, are mainly
based on our own experience with research on the detection of middleboxes. To assist
researchers in using these guidelines, we also provide an example of how to bring them into
play for detection of network compression
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
This document discusses a proposed scheme to detect application layer distributed denial of service (App-DDoS) attacks using hidden semi-Markov models. It begins by describing how current techniques have difficulty distinguishing App-DDoS attacks from normal flash crowds based on traffic characteristics alone. The proposed scheme aims to capture spatial-temporal patterns during normal flash crowds using an Access Matrix, and then uses a hidden semi-Markov model to analyze dynamics of the Access Matrix and detect anomalies indicating potential App-DDoS attacks. It argues this approach can more effectively identify if traffic surges are caused by attackers or normal users compared to existing detection systems.
PROACTIVE DETECTION OF DDOS ATTACKS IN PUBLISH-SUBSCRIBE NETWORKSIJNSA Journal
The document summarizes research on proactively detecting DDoS attacks in publish-subscribe networks. It discusses how information-centric networking (ICN) using architectures like PURSUIT improve on the current internet architecture but are still vulnerable to DDoS attacks. The document then proposes a new content delivery scheme that prevents DDoS attacks through the use of network capabilities while maintaining the advantages of Bloom filter-based approaches used in PURSUIT. Security analysis suggests the proposed approach can resist DDoS attacks with high probability by making packet forwarding stateless and resistant to computational and replay attacks.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...journalBEEI
Distributed Denial of Service (DDoS) is a type of attack using the volume, intensity, and more costs mitigation to increase in this era. Attackers used many zombie computers to exhaust the resources available to a network, application or service so that authorize users cannot gain access or the network service is down, and it is a great loss for Internet users in computer networks affected by DDoS attacks. In the Network Forensic, a crime that occurs in the system network services can be sued in the court and the attackers will be punished in accordance with law. This research has the goal to develop a new approach to detect DDoS attacks based on network traffic activity were statistically analyzed using Naive Bayes method. Data were taken from the training and testing of network traffic in a core router in Master of Information Technology Research Laboratory University of Ahmad Dahlan Yogyakarta. The new approach in detecting DDoS attacks is expected to be a relation with Intrusion Detection System (IDS) to predict the existence of DDoS attacks.
Detecting Misbehavior Nodes Using Secured Delay Tolerant NetworkIRJET Journal
This document proposes a method called Statistical-based Detection of Blackhole and Greyhole attackers (SDBG) to detect misbehaving nodes in delay tolerant networks. SDBG can detect both individual misbehaving nodes as well as nodes that are colluding together. It works by having each node record encounter data with other nodes, including the number of messages sent and received. Individual nodes that drop many messages can be detected based on having a low message forwarding ratio. Colluding nodes can be detected because they will have sent many messages to each other to fake good behavior. The method aims to accurately detect misbehaving nodes while keeping false positives low. Extensive simulations showed it can work well across different network conditions.
This document summarizes a research paper that proposes improvements to the probabilistic packet marking (PPM) algorithm for detecting the path of distributed denial-of-service attacks. The PPM algorithm allows routers to mark attack packets with identification information based on a predetermined probability. However, its termination condition is not well-defined, which can result in an incorrectly constructed attack path. The paper proposes a modified PPM algorithm called rectified PPM (RPPM) that defines a precise termination condition to guarantee the constructed attack path is correct with a specified level of confidence. An experimental framework is designed to test the RPPM algorithm under different packet marking probabilities and network structures.
An enhanced ip traceback mechanism for tracking the attack source using packe...IAEME Publication
The document discusses an enhanced IP traceback mechanism (EITM) to more efficiently trace the source of distributed denial of service (DDoS) attacks. EITM aims to reduce the number of packets required for traceback by improving existing linear and remainder packet marking schemes. It analyzes challenges in tracing attackers due to the stateless nature of the internet and proposes that an effective traceback scheme minimizes required packets. The main goal is a mechanism that needs a number of packets almost equal to the number of hops to reconstruct the attack path more efficiently.
How to detect middleboxes guidelines on a methodologycsandit
Internet middleboxes such as VPNs, firewalls, and proxies can significantly change handling of
traffic streams. They play an increasingly important role in various types of IP networks. If end
hosts can detect them, these hosts can make beneficial, and in some cases, crucial improvements
in security and performance But because middleboxes have widely varying behavior and effects
on the traffic they handle, no single technique has been discovered that can detect all of them.
Devising a detection mechanism to detect any particular type of middlebox interference involves
many design decisions and has numerous dimensions. One approach to assist with the
complexity of this process is to provide a set of systematic guidelines. This paper is the first
attempt to introduce a set of general guidelines (as well as the rationale behind them) to assist
researchers with devising methodologies for end-hosts to detect middleboxes by the end-hosts.
The guidelines presented here take some inspiration from the previous work of other
researchers using various and often ad hoc approaches. These guidelines, however, are mainly
based on our own experience with research on the detection of middleboxes. To assist
researchers in using these guidelines, we also provide an example of how to bring them into
play for detection of network compression
Efficient packet marking for large scale ip trace back(synopsis)Mumbai Academisc
This document proposes a new probabilistic packet marking (PPM) approach for large-scale IP traceback that improves efficiency and accuracy of traceback and provides incentives for ISPs to deploy traceback. The approach uses a new IP header encoding scheme to store a router's full identification in a single packet, eliminating issues from fragmented IDs. It also does not disclose router IP addresses, alleviating security concerns for ISPs. The approach can control the distribution of marking information to potentially create revenue as a value-added service for ISPs.
The document proposes two new autonomous system (AS) traceback techniques to identify the AS of the attacker launching a denial-of-service (DoS) attack. The first technique, called Prevent Overwriting AS Traceback (POAST), marks packets with a dynamic probability and protects marked packets from being overwritten. It encodes the attacking AS number instead of router IP addresses. The second technique, called Efficient AS Traceback (EAST), is also described but not in detail. Both are evaluated to have better performance than existing probabilistic packet marking techniques for traceback by reducing the number of packets and routers required.
A precise termination condition of the probabilistic packet marking algorithm...Mumbai Academisc
This document summarizes a research project that proposes a precise termination condition for the probabilistic packet marking (PPM) algorithm. The PPM algorithm allows routers to encode path information onto packets during a denial of service (DoS) attack, enabling the victim to reconstruct the attack graph. However, the existing PPM algorithm lacks a well-defined termination condition, and cannot handle multiple attackers. The proposed project aims to define a termination condition to ensure the reconstructed graph accurately represents the actual attack paths. It also extends the algorithm to support tracing packets from multiple attackers.
This document proposes a new framework to prevent DDoS attacks using multilevel filtering of distributed firewalls. At the primary level, distributed firewalls filter IP addresses from both the internet and intranet. At the secondary level, hop count and TTL based filtering provide additional secure filtration. The framework reduces limitations of previous techniques by combining benefits of distributed firewalls and dual filtering approaches. Distributed firewalls are installed throughout the network and centrally controlled. They filter traffic based on centralized security policies. Additional hop count and TTL filtering of packets further strengthens prevention of spoofed IP addresses and DDoS attacks.
Comprehensive Study of Counter-acting Security Threats in Mobile Ad Hoc Networksdrsrinivasanvenkataramani
This document summarizes various approaches for providing security in mobile ad hoc networks (MANETs). It discusses solutions that use cryptography and public/private keys to secure routing, as well as approaches based on trust, observation, and reputation. It also reviews methods for detecting node capture attacks and forged routing messages. The document surveys the strengths and limitations of different secure methods and their tradeoffs between security and efficiency.
a probabilistic misbehavior detection scheme toward efficient trust establish...swathi78
The document proposes iTrust, a probabilistic misbehavior detection scheme for secure routing in delay-tolerant networks (DTNs). iTrust introduces a periodically available Trusted Authority (TA) that judges nodes' behaviors based on collected routing evidence and probabilistically checks nodes. The TA models iTrust as an inspection game and sets an appropriate investigation probability to ensure security at reduced cost. Detection probability is correlated with node reputation, allowing a dynamic probability determined by user trust. Analysis and simulations show iTrust effectively and efficiently detects misbehavior.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
The document describes a man-in-the-middle attack against server-authenticated SSL sessions. It discusses how an attacker can: (1) redirect traffic by manipulating DNS or network topology; (2) sniff and modify traffic in real-time using a program; and (3) forward modified traffic while handling SSL/TLS encryption to avoid detection. The attack relies on flaws in SSL/TLS implementation and users' tendency to ignore security warnings to intercept secure connections without triggering alerts.
Defending against collaborative attacks byranjith kumar
Dear Student,
DREAMWEB TECHNO SOLUTIONS is one of the Hardware Training and Software Development centre available in
Trichy. Pioneer in corporate training, DREAMWEB TECHNO SOLUTIONS provides training in all software
development and IT-related courses, such as Embedded Systems, VLSI, MATLAB, JAVA, J2EE, CIVIL,
Power Electronics, and Power Systems. It’s certified and experienced faculty members have the
competence to train students, provide consultancy to organizations, and develop strategic
solutions for clients by integrating existing and emerging technologies.
ADD: No:73/5, 3rd Floor, Sri Kamatchi Complex, Opp City Hospital, Salai Road, Trichy-18
Contact @ 7200021403/04
phone: 0431-4050403
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.
This document proposes an inter-domain packet filter (IDPF) architecture to mitigate IP spoofing on the internet. The IDPFs are constructed using information from BGP route updates exchanged between autonomous systems, without requiring global routing information. Simulation results show that even partial deployment of IDPFs can limit an attacker's ability to spoof packets and help localize the origin of attack packets.
JPN1422 Defending Against Collaborative Attacks by Malicious Nodes in MANETs...chennaijp
Get the latest IEEE ns2 projects in JP INFOTECH; we are having following category wise projects like Industrial Informatics, Vehicular Technology, Networking, WSN and Manet.
For More Details:
http://jpinfotech.org/final-year-ieee-projects/2014-ieee-projects/ns2-projects/
PDS- A Profile based Detection Scheme for flooding attack in AODV based MANETijsptm
One of the main challenges in MANET is to design the robust security solution that can protect MANET
from various routing attacks. Flooding attack launched at network layer is a serious routing attack which
can consume more resources like bandwidth, battery power, etc. It is more concealed form of Denial of
service attack and resource consumption attack. The route discovery scheme in reactive routing protocols
like Adhoc On Demand Distance Vector (AODV) and Dynamic Source Routing (DSR) used in MANET
makes it more easy for malicious nodes to launch connection request floods by flooding the route request
packets (RREQ) on the network. A novel detection technique based on dynamic profile with traffic pattern
analysis (PDS) is proposed. Its effectiveness in detecting and isolating the malicious node that floods the
route request packets is evaluated using java simulator jist/swans.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to simplified models currently used. The simulator could help study defenses against problems like IP spoofing, DDoS attacks, and worms.
This document proposes a Tiered Authentication scheme called TAM for multicast traffic in ad-hoc networks. TAM exploits network clustering to reduce overhead and ensure scalability. Within a cluster, one-way hash chains authenticate message sources by appending an authentication code to messages. Between clusters, messages include multiple authentication codes based on different keys from the source to authenticate it. TAM aims to securely deliver multicast traffic while addressing challenges like resource constraints and packet loss in ad-hoc networks.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
This document summarizes information from the 2017 business rates revaluation in the UK. It provides data on the number and rateable value of properties by sector and region. It also outlines the transitional relief scheme for the maximum annual increases and decreases in rates payable over 5 years depending on a property's rateable value. Charts show the rates payable per square foot for central London retail and office properties.
Dossier hydromassage Rehabilitacion, Quiropractico, Fisioterapeuta, Clinica, ...ITALY COFFEE TEA STORE
HydroMassage ofrece un masaje potente y relajante a través de ondas de agua a presión sin necesidad de desvestirse o personal adicional. Sus beneficios incluyen alivio temporal de dolores musculares, reducción del estrés, mejora de la circulación y relajación profunda. Su diseño elegante y compacto se adapta fácilmente a cualquier espacio y ofrece varios programas de masaje a través de una pantalla táctil intuitiva.
Chris Lie adalah seorang
komikus, desain
action-figure, sekaligus
desain video game yang berasal dari Indonesia, dimana ia berpengalaman dalam industri komik di Amerika. Tercatat karya Chris Lie seperti konsep karakter mainan untuk Gi Joe, Transformers, Marvel Ultimate Alliance 2, Amazing Spider-man, Iron Man 3 pernah ia desain.
This document is a resume for Damone R. Phanavong seeking a position as an innovative manufacturing engineer. It summarizes his experience over 25 years working in manufacturing engineering roles for companies like Benchmark Electronics, Flextronics International, and Venture Manufacturing Services. It highlights his expertise in areas like PCB assembly, process development, lean manufacturing, and problem solving.
Efficient packet marking for large scale ip trace back(synopsis)Mumbai Academisc
This document proposes a new probabilistic packet marking (PPM) approach for large-scale IP traceback that improves efficiency and accuracy of traceback and provides incentives for ISPs to deploy traceback. The approach uses a new IP header encoding scheme to store a router's full identification in a single packet, eliminating issues from fragmented IDs. It also does not disclose router IP addresses, alleviating security concerns for ISPs. The approach can control the distribution of marking information to potentially create revenue as a value-added service for ISPs.
The document proposes two new autonomous system (AS) traceback techniques to identify the AS of the attacker launching a denial-of-service (DoS) attack. The first technique, called Prevent Overwriting AS Traceback (POAST), marks packets with a dynamic probability and protects marked packets from being overwritten. It encodes the attacking AS number instead of router IP addresses. The second technique, called Efficient AS Traceback (EAST), is also described but not in detail. Both are evaluated to have better performance than existing probabilistic packet marking techniques for traceback by reducing the number of packets and routers required.
A precise termination condition of the probabilistic packet marking algorithm...Mumbai Academisc
This document summarizes a research project that proposes a precise termination condition for the probabilistic packet marking (PPM) algorithm. The PPM algorithm allows routers to encode path information onto packets during a denial of service (DoS) attack, enabling the victim to reconstruct the attack graph. However, the existing PPM algorithm lacks a well-defined termination condition, and cannot handle multiple attackers. The proposed project aims to define a termination condition to ensure the reconstructed graph accurately represents the actual attack paths. It also extends the algorithm to support tracing packets from multiple attackers.
This document proposes a new framework to prevent DDoS attacks using multilevel filtering of distributed firewalls. At the primary level, distributed firewalls filter IP addresses from both the internet and intranet. At the secondary level, hop count and TTL based filtering provide additional secure filtration. The framework reduces limitations of previous techniques by combining benefits of distributed firewalls and dual filtering approaches. Distributed firewalls are installed throughout the network and centrally controlled. They filter traffic based on centralized security policies. Additional hop count and TTL filtering of packets further strengthens prevention of spoofed IP addresses and DDoS attacks.
Comprehensive Study of Counter-acting Security Threats in Mobile Ad Hoc Networksdrsrinivasanvenkataramani
This document summarizes various approaches for providing security in mobile ad hoc networks (MANETs). It discusses solutions that use cryptography and public/private keys to secure routing, as well as approaches based on trust, observation, and reputation. It also reviews methods for detecting node capture attacks and forged routing messages. The document surveys the strengths and limitations of different secure methods and their tradeoffs between security and efficiency.
a probabilistic misbehavior detection scheme toward efficient trust establish...swathi78
The document proposes iTrust, a probabilistic misbehavior detection scheme for secure routing in delay-tolerant networks (DTNs). iTrust introduces a periodically available Trusted Authority (TA) that judges nodes' behaviors based on collected routing evidence and probabilistically checks nodes. The TA models iTrust as an inspection game and sets an appropriate investigation probability to ensure security at reduced cost. Detection probability is correlated with node reputation, allowing a dynamic probability determined by user trust. Analysis and simulations show iTrust effectively and efficiently detects misbehavior.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
The document describes a man-in-the-middle attack against server-authenticated SSL sessions. It discusses how an attacker can: (1) redirect traffic by manipulating DNS or network topology; (2) sniff and modify traffic in real-time using a program; and (3) forward modified traffic while handling SSL/TLS encryption to avoid detection. The attack relies on flaws in SSL/TLS implementation and users' tendency to ignore security warnings to intercept secure connections without triggering alerts.
Defending against collaborative attacks byranjith kumar
Dear Student,
DREAMWEB TECHNO SOLUTIONS is one of the Hardware Training and Software Development centre available in
Trichy. Pioneer in corporate training, DREAMWEB TECHNO SOLUTIONS provides training in all software
development and IT-related courses, such as Embedded Systems, VLSI, MATLAB, JAVA, J2EE, CIVIL,
Power Electronics, and Power Systems. It’s certified and experienced faculty members have the
competence to train students, provide consultancy to organizations, and develop strategic
solutions for clients by integrating existing and emerging technologies.
ADD: No:73/5, 3rd Floor, Sri Kamatchi Complex, Opp City Hospital, Salai Road, Trichy-18
Contact @ 7200021403/04
phone: 0431-4050403
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.
This document proposes an inter-domain packet filter (IDPF) architecture to mitigate IP spoofing on the internet. The IDPFs are constructed using information from BGP route updates exchanged between autonomous systems, without requiring global routing information. Simulation results show that even partial deployment of IDPFs can limit an attacker's ability to spoof packets and help localize the origin of attack packets.
JPN1422 Defending Against Collaborative Attacks by Malicious Nodes in MANETs...chennaijp
Get the latest IEEE ns2 projects in JP INFOTECH; we are having following category wise projects like Industrial Informatics, Vehicular Technology, Networking, WSN and Manet.
For More Details:
http://jpinfotech.org/final-year-ieee-projects/2014-ieee-projects/ns2-projects/
PDS- A Profile based Detection Scheme for flooding attack in AODV based MANETijsptm
One of the main challenges in MANET is to design the robust security solution that can protect MANET
from various routing attacks. Flooding attack launched at network layer is a serious routing attack which
can consume more resources like bandwidth, battery power, etc. It is more concealed form of Denial of
service attack and resource consumption attack. The route discovery scheme in reactive routing protocols
like Adhoc On Demand Distance Vector (AODV) and Dynamic Source Routing (DSR) used in MANET
makes it more easy for malicious nodes to launch connection request floods by flooding the route request
packets (RREQ) on the network. A novel detection technique based on dynamic profile with traffic pattern
analysis (PDS) is proposed. Its effectiveness in detecting and isolating the malicious node that floods the
route request packets is evaluated using java simulator jist/swans.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to simplified models currently used. The simulator could help study defenses against problems like IP spoofing, DDoS attacks, and worms.
This document proposes a Tiered Authentication scheme called TAM for multicast traffic in ad-hoc networks. TAM exploits network clustering to reduce overhead and ensure scalability. Within a cluster, one-way hash chains authenticate message sources by appending an authentication code to messages. Between clusters, messages include multiple authentication codes based on different keys from the source to authenticate it. TAM aims to securely deliver multicast traffic while addressing challenges like resource constraints and packet loss in ad-hoc networks.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
This document summarizes information from the 2017 business rates revaluation in the UK. It provides data on the number and rateable value of properties by sector and region. It also outlines the transitional relief scheme for the maximum annual increases and decreases in rates payable over 5 years depending on a property's rateable value. Charts show the rates payable per square foot for central London retail and office properties.
Dossier hydromassage Rehabilitacion, Quiropractico, Fisioterapeuta, Clinica, ...ITALY COFFEE TEA STORE
HydroMassage ofrece un masaje potente y relajante a través de ondas de agua a presión sin necesidad de desvestirse o personal adicional. Sus beneficios incluyen alivio temporal de dolores musculares, reducción del estrés, mejora de la circulación y relajación profunda. Su diseño elegante y compacto se adapta fácilmente a cualquier espacio y ofrece varios programas de masaje a través de una pantalla táctil intuitiva.
Chris Lie adalah seorang
komikus, desain
action-figure, sekaligus
desain video game yang berasal dari Indonesia, dimana ia berpengalaman dalam industri komik di Amerika. Tercatat karya Chris Lie seperti konsep karakter mainan untuk Gi Joe, Transformers, Marvel Ultimate Alliance 2, Amazing Spider-man, Iron Man 3 pernah ia desain.
This document is a resume for Damone R. Phanavong seeking a position as an innovative manufacturing engineer. It summarizes his experience over 25 years working in manufacturing engineering roles for companies like Benchmark Electronics, Flextronics International, and Venture Manufacturing Services. It highlights his expertise in areas like PCB assembly, process development, lean manufacturing, and problem solving.
El documento presenta resúmenes de 10 grupos sobre diferentes temas de pedagogía. Los grupos discuten conceptos como el origen de la educación en la antigua Grecia, las enseñanzas de Sócrates, Platón y Aristóteles, la educación en el Renacimiento, el estoicismo, el cristianismo y el judaísmo, san Agustín, la pedagogía medieval y la Ilustración. Cada grupo ofrece breves explicaciones sobre sus respectivos temas pedagógicos asignados.
Los MOOC son cursos masivos y abiertos en línea que han evolucionado de la educación abierta en Internet. Algunos MOOC populares son ofrecidos por grandes universidades estadounidenses a través de plataformas como Coursera y Udacity, cubriendo una variedad de temas como futuro de la educación, literacidad crítica y creación de empresas. Los autores se inscribieron en un MOOC específico sobre cómo empezar un negocio propio.
El documento discute la discapacidad intelectual, destacando que implica limitaciones significativas en el funcionamiento intelectual y comportamiento adaptativo que se manifiestan como dificultades para aprender, adquirir conocimientos y lograr dominio. La discapacidad intelectual se caracteriza por un funcionamiento intelectual aproximadamente dos desviaciones estándar por debajo de la media y limitaciones en habilidades conceptuales, sociales y de adaptación práctica.
STOCHASTIC MODELING TECHNOLOGY FOR GRAIN CROPS STORAGE APPLICATION: REVIEWijaia
Stochastic modeling is a key technique in event prediction and forecasting applications. Recently, stochastic models such as the Artificial Neural Network, Hidden Markov, and Markov hain have received a significant attention in agricultural application. These techniques are capable of predicting the actions for the better planning and management in various fields. This work comprehensively summarizes and compares their applications such as their processing techniques, performance, as well as their strengths and limitations with regard to event prediction and forecasting. The work ends with recommendations on
the appropriate techniques for cereal grain storage application.
This document discusses props needed for a film production. It lists props like a motorbike, car, book, and photo album that will be used to indicate the romantic genre of the trailer and develop scenes. The motorbike and photo album are especially symbolic as the motorbike accident is how the two main characters meet and the photo album reveals they are brother and sister.
El documento presenta diferentes imágenes de varios aspectos como un mapa físico de México, fotografías de un glaciar y un unicornio, obras de arte como "La fuga de Vulcano" de Diego Velázquez y "Los girasoles" de Vincent Van Gogh, un dibujo de Garfield, una obra de Sol LeWitt, una pintura negra de Goya, y una fotografía de un perro de raza xoloitzcuintle, además de incluir la ubicación de la escuela del autor.
Este documento compara las propiedades mecánicas de tres materiales: níquel como metal, grafito como cerámico y polietileno como polímero. Describe las propiedades de cada material, incluyendo su estructura, puntos de fusión, dureza y resistencia. Explica que el níquel es dúctil con buena tenacidad, el grafito es blando pero resistente a altas temperaturas, y el polietileno existe en formas de alta y baja densidad con diferentes propiedades mecánicas. Adem
Este documento habla sobre la ergonomía y cómo puede prevenir enfermedades relacionadas con el trabajo. La ergonomía estudia la interacción entre los seres humanos y sus entornos de trabajo para mejorar el bienestar, la productividad y la seguridad. Se enfoca en el diseño de puestos de trabajo, máquinas, herramientas y la organización de la empresa. La aplicación de principios ergonómicos puede ayudar a prevenir lesiones musculoesqueléticas causadas por factores como posturas forzadas, movimientos repetitivos
Jane Williamson's portfolio contains examples of graphic design projects including a magazine cover, Prezi presentation, photo design, montage, business identity logo and materials, infographic, HTML/CSS coded web page mockup, brochure, and corrections to the web page mockup and business identity projects. The portfolio demonstrates her skills in programs like InDesign, Photoshop, Illustrator, Prezi, and HTML/CSS and her ability to plan projects by sketching ideas and applying design principles.
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINEIJNSA Journal
Application-layer Distributed Denial-of-Service (DDoS) attack takes advantage of the complexity and
diversity of network protocols and services. This kind of attacks is more difficult to prevent than other kinds
of DDoS attacks. This paper introduces a novel detection mechanism for application-layer DDoS attack
based on a One-Class Support Vector Machine (OC-SVM). Support vector machine (SVM) is a relatively
new machine learning technique based on statistics. OC-SVM is a special variant of the SVM and since
only the normal data is required for training, it is effective for detection of application-layer DDoS attack.
In this detection strategy, we first extract 7 features from normal users’ sessions. Then, we build normal
users’ browsing models by using OC-SVM. Finally, we use these models to detect application-layer DDoS
attacks. Numerical results based on simulation experiments demonstrate the efficacy of our detection
method.
Augmented split –protocol; an ultimate d do s defenderijcsa
Distributed Denials of Service (DDoS) attacks have become the daunting problem for businesses, state
administrator and computer system users. Prevention and detection of a DDoS attack is a major research
topic for researchers throughout the world. As new remedies are developed to prevent or mitigate DDoS
attacks, invaders are continually evolving new methods to circumvent these new procedures. In this paper,
we describe various DDoS attack mechanisms, categories, scope of DDoS attacks and their existing
countermeasures. In response, we propose to introduce DDoS resistant Augmented Split-protocol (ASp).
The migratory nature and role changeover ability of servers in Split-protocol architecture will avoid
bottleneck at the server side. It also offers the unique ability to avoid server saturation and compromise
from DDoS attacks. The goal of this paper is to present the concept and performance of (ASp) as a
defensive tool against DDoS attacks.
DDOS Attacks-A Stealthy Way of Implementation and DetectionIJRES Journal
Cloud Computing is a new paradigm provides various host service [paas, saas, Iaas over the internet.
According to a self-service,on-demand and pay as you use business model,the customers will obtain the cloud
resources and services.It is a virtual shared service.Cloud Computing has three basic abstraction layers System
layer(Virtual Machine abstraction of a server),Platform layer(A virtualized operating system, database and
webserver of a server and Application layer(It includes Web Applications).Denial of Service attack is an attempt
to make a machine or network resource unavailable to the intended user. In DOS a user or organization is
deprived of the services of a resource they would normally expect to have.A Successful DOS attack is a highly
noticeable event impacting the entire online user base.DOS attack is found by First Mathematical Metrical
Method (Rate Controlling,Timing Window,Worst Case and Pattern Matching)DOS attack not only affect the
Quality of the service and also affect the performance of the server. DDOS attacks are launched from Botnet-A
large Cluster of Connected device(cellphone,pc or router) infected with malware that allow remote control by an
attacker. Intruder using SIPDAS in DDOS to perform attack.SIPDAS attack strategies are detected using Heap
Space Monitoring Algorithm.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
PROACTIVE DETECTION OF DDOS ATTACKS IN PUBLISH-SUBSCRIBE NETWORKSIJNSA Journal
Information centric networking (ICN) using architectures such as Publish-Subscribe Internet Routing Paradigm (PSIRP) or Publish-Subscribe Internet Technology (PURSUIT) has been proposed as an important candidate for the Internet of the future. ICN is an emerging research area that proposes a transformation of the current host centric Internet architecture into an architecture where information items are of primary importance. This change allows network functions such as routing and locating to be optimized based on the information items themselves. The Bloom filter based content delivery is a sourcerouting scheme that is used in the PSIRP/PURSUIT architectures. Although this mechanism solves many issues of today’s Internet such as the growth of the routing table and the scalability problems, it is vulnerable to distributed denial-of-service (DDoS) attacks. In this paper, we present a new content delivery scheme that has the advantages of Bloom filter based approach while at the same time being able to prevent DDoS attacks on the forwarding mechanism. Our security analysis suggests that with the proposed approach, the forwarding plane is able to resist attacks such as DDoS with very high probability.
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...IRJET Journal
This document summarizes research on using machine learning techniques to detect distributed denial-of-service (DDoS) attacks. It discusses how DDoS attacks have become more sophisticated over time. The document examines using naïve Bayes, multilayer perceptron, and other machine learning classifiers on a new dataset containing modern DDoS attack types like HTTP floods and SQL injection DDoS. According to the experimental results, multilayer perceptron achieved the highest accuracy for detecting these modern DDoS attacks.
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...cscpconf
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. Recently,
there are an increasing number of DDoS attacks against online services and Web applications.
These attacks are targeting the application level. Detecting application layer DDOS attack is
not an easy task. A more sophisticated mechanism is required to distinguish the malicious flow
from the legitimate ones. This paper proposes a detection scheme based on the information
theory based metrics. The proposed scheme has two phases: Behaviour monitoring and
Detection. In the first phase, the Web user browsing behaviour (HTTP request rate, page
viewing time and sequence of the requested objects) is captured from the system log during nonattack
cases. Based on the observation, Entropy of requests per session and the trust score for
each user is calculated. In the detection phase, the suspicious requests are identified based on
the variation in entropy and a rate limiter is introduced to downgrade services to malicious
users. In addition, a scheduler is included to schedule the session based on the trust score of the
user and the system workload.
This document proposes using a linear prediction model to detect a wide range of flooding distributed denial of service (DDoS) attacks. It models the entropy of incoming network traffic over time using a linear prediction technique commonly applied to financial time series. The model is tested on simulated network data containing normal traffic and introduced attacks of varying rates. Results show the linear prediction model can successfully detect attacks with low rates and delays by identifying anomalies in the modeled entropy time series compared to normal traffic patterns. This approach aims to provide a fast and effective method for detecting different types of flooding DDoS attacks.
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. A distributed denial-of-service attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. The proposed system suggests a mechanism based on entropy variations between normal and DDoS attack traffic. Entropy is an information theoretic concept, which is a measure of randomness. The proposed method employs entropy variation to measure changes of randomness of flows. The implementation of the proposed method brings no modifications on current routing software.
DDOS DETECTION IN SOFTWARE-DEFINED NETWORK (SDN) USING MACHINE LEARNINGIJCI JOURNAL
In recent years, the concept of cloud computing and the software-defined network (SDN) have spread
widely. The services provided by many sectors such as medicine, education, banking, and transportation
are being replaced gradually with cloud-based applications. Consequently, the availability of these
services is critical. However, the cloud infrastructure and services are vulnerable to attackers who aim to
breach its availability. One of the major threats to any system availability is a Denial-of-Service (DoS)
attack, which is intended to deny the legitimate user from accessing cloud resources. The Distributed
Denial-of-Service attack (DDoS) is a type of DoS attack which is considerably more effective and
dangerous. A lot of efforts have been made by the research community to detect DDoS attacks, however,
there is still a need for further efforts in this germane field. In this paper, machine learning techniques are
utilized to build a model that can detect DDoS attacks in Software-Defined Networks (SDN). The used ML
algorithms have shown high performance in the earliest studies; hence they have been used in this study
along with feature selection technique. Therefore, our model utilized these algorithms to detect DDoS
attacks in network traffic. The outcome of this experiment shows the impact of feature selection in
improving the model performance. Eventually, The Random Forest classifier has achieved the highest
accuracy of 0.99 in detecting DDoS attack.
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKScsandit
This document summarizes a research paper that proposes a new framework for detecting flooding attacks in mobile agent networks. The framework integrates divergence measures like Hellinger distance and Chi-square over a sketch data structure. The sketch data structure is used to derive probability distributions from traffic data in fixed memory. Divergence measures compare the current and prior probability distributions to detect deviations indicating attacks. The performance of detecting attacks while minimizing false alarms is evaluated using real network traces with injected flooding attacks. Experimental results show the proposed approach outperforms existing solutions.
Our world today relies heavily on informatics and the internet, as computers and communications networks have increased day by day. In fact, the increase is not limited to portable devices such as smartphones and tablets, but also to home appliances such as: televisions, refrigerators, and controllers. It has made them more vulnerable to electronic attacks. The denial of service (DoS) attack is one of the most common attacks that affect the provision of services and commercial sites over the internet. As a result, we decided in this paper to create a smart model that depends on the swarm algorithms to detect the attack of denial of service in internet networks, because the intelligence algorithms have flexibility, elegance and adaptation to different situations. The particle swarm algorithm and the bee colony algorithm were used to detect the packets that had been exposed to the DoS attack, and a comparison was made between the two algorithms to see which of them can accurately characterize the DoS attack.
This paper proposes a system called FireCol for detecting and preventing distributed denial-of-service (DDoS) attacks. FireCol uses a distributed architecture of multiple intrusion prevention systems (IPS) forming protective rings around subscribed users. The IPS devices collaborate by exchanging traffic information to calculate scores for potential attacks. If a high score indicates a potential DDoS attack, the protective rings use parallel communication to verify the attack near the source before it reaches the victim. Simulation results show FireCol can effectively detect DDoS attacks while imposing low overhead and supporting scalability.
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...IJNSA Journal
Technology has developed so fast that we feel both safe as well as unsafe in both ways. Systems used today are always prone to attack by malicious users. In most cases, services are hindered because these systems cannot handle the amount of over loads the attacker provides. So, proper service load measurement is necessary. The tool that is being described in this paper for developments is based on the Denial of Service methodologies. This tool, XDoser will put a synthetic load on the servers for testing purpose. The HTTP Flood method is used which includes an HTTP POST method as it forces the website to gather the maximum resources possible in response to every single request. The tool developed in this paper will focus on overloading the backend with multiple requests. So, the tool can be implemented for servers new or old for synthetic test endurance testing.
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...IJNSA Journal
The document describes a tool called XDoser that was developed to test system load capacity using denial of service features. XDoser uses HTTP flood attacks by continuously sending HTTP POST requests to a server, overloading it with processing-intensive requests. Testing showed XDoser was more effective at overwhelming a test server than other DoS tools, with the server failing over 80% of XDoser requests within a set time frame. However, XDoser's effectiveness decreased with longer testing durations and it had issues maintaining connections.
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
This document summarizes a research paper that proposes a new method for identifying denial of service (DoS) attacks using multivariate correlation analysis (MCA). The method involves three main steps: 1) generating basic features from network traffic, 2) using MCA to extract correlations between features and generate triangle area maps, and 3) using an anomaly-based detection mechanism to distinguish attacks from normal traffic based on differences from pre-generated normal profiles. The researchers evaluate their method on the KDD Cup 99 dataset and achieve moderate detection performance. However, they identify issues related to differences in feature scales that reduce detection of some attacks. They propose using statistical normalization to address this.
This document summarizes a research paper that proposed and evaluated methods for mitigating denial of service (DoS) and distributed denial of service (DDoS) attacks on virtual machines. The paper implemented iptables connection limits on the host machine to prevent excessive connections from attacking IPs. It also tuned network performance by adjusting the receiving window size to maximize bandwidth utilization. The experimental results showed that the iptables security measures protected against DoS/DDoS attacks while window scaling optimization improved network performance during attacks.
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...IJCNCJournal
This document discusses a study that proposes a dynamic entropy-based method for detecting DDoS attacks in SDN environments. The study introduces using dynamic threshold values that change over time based on the entropy value variability of network traffic windows, to help predict system state and detect new attacks more accurately compared to static thresholds. The study also evaluates the proposed method in a practical SDN testbed environment, not just in simulations, and finds it can rapidly detect DDoS attacks with high accuracy.
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...IJCNCJournal
Software-Defined Network (SDN) is an innovative network architecture with the goal of providing the flexibility and simplicity in network operation and management through a centralized controller. These features help SDN to easily adapt tothe expansion of networkrequirements, but it is also a weakness when it comes to security. With centralized architecture, SDN is vulnerable to cyber-attacks, especially Distributed Denial of Service (DDoS) attack. DDoS is a popular attack type which consumes all network resources and causes congestion in the entire network. In this research, we will introduce a DDoS detection model based on the statistical method with a dynamic threshold value that changes over time. Along with the simulation result, we build a practical SDN model to apply our method, the results show that our method can detectD DoS attacks rapidly with high accuracy.
An intelligent system to detect slow denial of service attacks in software-de...IJECEIAES
Slow denial of service attack (DoS) is a tricky issue in software-defined network (SDN) as it uses less bandwidth to attack a server. In this paper, a slow-rate DoS attack called Slowloris is detected and mitigated on Apache2 and Nginx servers using a methodology called an intelligent system for slow DoS detection using machine learning (ISSDM) in SDN. Data generation module of ISSDM generates dataset with response time, the number of connections, timeout, and pattern match as features. Data are generated in a real environment using Apache2, Nginx server, Zodiac FX OpenFlow switch and Ryu controller. Monte Carlo simulation is used to estimate threshold values for attack classification. Further, ISSDM performs header inspection using regular expressions to mark flows as legitimate or attacked during data generation. The proposed feature selection module of ISSDM, called blended statistical and information gain (BSIG), selects those features that contribute best to classification. These features are used for classification by various machine learning and deep learning models. Results are compared with feature selection methods like Chi-square, T-test, and information gain.
Similar to A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE (20)
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...Diana Rendina
Librarians are leading the way in creating future-ready citizens – now we need to update our spaces to match. In this session, attendees will get inspiration for transforming their library spaces. You’ll learn how to survey students and patrons, create a focus group, and use design thinking to brainstorm ideas for your space. We’ll discuss budget friendly ways to change your space as well as how to find funding. No matter where you’re at, you’ll find ideas for reimagining your space in this session.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
1. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.6, November 2016
DOI: 10.5121/ijnsa.2016.8502 17
A MECHANISM FOR EARLY DETECTING DDOS
ATTACKS BASED ON M/G/R PS QUEUE
Nguyen Hong Son
Department of Information and Communication Technology, Post and
Telecommunication Institute of Technology, Ho Chi Minh City, Viet Nam
ABSTRACT
When service system is under DDoS attacks, it is important to detect anomaly signature at starting time of
attack for timely applying prevention solutions. However, early DDoS detection is difficult task because the
velocity of DDoS attacks is very high. This paper proposes a DDoS attack detection method by modeling
service system as M/G/R PS queue and calculating monitoring parameters based on the model in odder to
early detect symptom of DDoS attacks. The proposed method is validated by experimental system and it
gives good results.
KEYWORDS
DDoS, Detection, M/G/R Processor Sharing queue
1. INTRODUCTION
The goal of any DoS attacks is to stop services in servers or to isolate servers from users. There
are many ways for hackers to reach the goal. We can classify two main kinds of DoS ways which
have ever been exploited by hackers in reality. In the first one, hackers manage to stop service
from users by exploiting vulnerabilities in network services or system software in servers [31].
For example, hackers have exploited vulnerabilities of DNS system to poison DNS servers
andweb sites were isolated from its clients bypoisoned DNS servers responding to queries of
clients with wrong IP addresses. In the second, hackers make to exhaust resources of networks or
resources of hosts. The common way is to send to target systems with a lot of requests, SYN
flood attack, for instance. The bandwidth of link will be degraded by a lot of connections going
through. The CPU power and memory capacity will quickly be emptied by having to handle
enormous amount of requests and processing for responses [32]. The target servers cannot run for
services in exhausted status. This is a key of the kind of DoS ways. The main challenge facing
hackers in the second way is how to make number of requests enough to destroy target hosts. It is
difficult for hackers to overload a target host with an attack computer having power smaller than
the target host. However, hackers have overcome the challenge by using a great number of attack
computers simultaneously. A lot of compromised computers on Internet were mobilized by
hackers to join in their DoS attacks. The case of DoS attack is called distributed denial of service
(DDoS). Nowadays, DDoS attack is still serious type of attacks and hardly to prevent. DDoS
attack detection is an important task in DDoS attack mitigation; however, it is a difficult task.
DDoS attack detection is not significant if it was too late. In any case, DDoS defense mechanism
must detect the attack as soon as possible and look for the source to prevent it.DDoS defense
mechanism is a topic paid attention by many researchers. So far, variety of DDoS defense
2. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.6, November 2016
18
mechanisms have been proposed, such as in [1], [2], [3], and [17]. All DDoS defense mechanisms
belong to kind of network-based mechanism or kind of destination-based mechanism [4]. The
defense mechanisms is proposed by authors in [5], [6], [7], [8] are network-based mechanisms
which based on identifying and filtering IP traffic for detecting DDoS attacks. If DDoS attacks
take place in application layer, network-based mechanisms is not useful solutions because they
have no means for sensing any things in application layer. Application-level DDoS attacks have
just been detected by destination-based defense mechanisms. The common principle of
destination-based defense mechanisms is to look for a special signature which reflects actual
DDoS attacks at early stage. Variety of theories have been applied to build destination-based
defense mechanisms, such as using entropy in information theory [9], [10], [11], [12], game
theory model in [17],artificial intelligent, learning machine, data mining [13], [14], [15], [16].
In this paper we propose a DDoS attack detection mechanism which can early detect DDoS
attacks based on M/G/R Processor Sharing (PS) queue. It belongs to type of destination-based
defense mechanism. The proposed mechanism is also aimed at application-level DDoS attacks.
The idea behind of the proposed mechanism is to model service system (victim system of DDoS
attacks) as a M/G/R PS queue and to apply theory results in [28] to identify signature of DDoS
attacks early. The rest of paper is organized as following: Section 2 overviews related works from
other authors. The M/G/R PS queue is introduced in section 3. Section 4 presents about modeling
service computer as M/G/R PS queue. The proposed DDoS detection mechanism is described in
section 5. Section 6 presents experimental results for validating the proposed method. The session
7 will close the paper by several conclusions.
2. RELATED WORKS
Up to now, DDoS attack is the most common attack that hackers use to shut down service from
user in networks. Researchers have attempted to develop effective ways for preventing the
attacks. In general, almost methods use such sequence as: data collecting, preprocessing or filter,
and processing for detecting anomaly signature from DDoS attacks. Thus, all DDoS defense
methods belong to kind of reactive mechanism; it means that waiting for attacks in place,
detecting them, and appling prevention ways latter. We have still no effective proactive
mechanism for preventing DDoS attacks. There are two common methods of anomaly detection
used in reactive mechanisms: statistical analyze and appling technology of learning machine or
artificial intelligent. Authors in [18] based on calculating entropy and statistic of packet attributes
to detect DDoS attacks. They also proposed a prototype for responding DDoS attacks recently
detected.
Other entropy-based mechanisms, such as [19],[20],[21], packet headers are represented as
independent information symbols with unique probability of occurrence. It based on calculating
entropy of stochastic request packets in a period of time. According to the algorithms, deviations
of two values of entropy from two consecutive calculations are compared with a preset threshold.
Whenever the threshold is exceeded, the system was under a DDoS attack.
In other methods, detection algorithms are continuously trained based on network events in order
to update filter criteria by using learning machine or artificial intelligent technology. It is a
common method for DDoS detection in [22],[23],[24].Some common algorithms in network
intrusion and anomaly detection are Multilayer Perceptron, Gaussian Classifier, K-means
Clustering and Markov model [25].
M/G/R Processor Sharing queue was used by authors in [26], [27], [28] to discover relationship
between the degradation of the TCP flows and utilization of link that transports the TCP flows.
3. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.6, November 2016
19
Based on the relationship, we can know whether TCP flows are in degradation by observing their
throughput. Especially, in [28] provided a new view of the relationship which expresses
relationship between degradation of TCP flows and utilization of link by using link utilization
variance. An important feature of the variance is to increase with link utilization mean; however,
it will be decrease when certain saturation threshold is exceeded.The feature can be exploited to
build a way that allows to early detecting degradation of TCP flows from their throughput. We
recognize that degradation of TCP flows is the same as degradation of service in computer under
DDoS attacks. Thus, the feature is applied to build a destination-based DDoS detection
mechanism in this paper. The service computer will be modeled as a M/G/R PS queue and its
parameters will be replaced by suitable parameters in expressions in [28].
3. M/G/R PROCESSOR SHARING QUEUE
M/G/1 Processor Sharing queue differs from M/G/1 queue in manner of customer service. Both
queues have only one server and the server of M/G/1 queue just serves one customer at a time
until finish. So, if more customers arrive at busy M/G/1 queue, they must wait for server
available. Unlike the server of M/G/1 queue, the server of M/G/1 PS queue serves customers
simultaneously and there is no queue in the M/G/1 PS queue ! Customers always reach service
upon arrival and capacity of the server is fairly shared between them. Because of the behavior,
M/G/1 PS becomes an important modeling tool, such as modeling TCP flows in Internet.
Naturally, TCP connections are fairly shared bandwidth of network link [29].
M/G/R PS queue is the same as M/G/1 PS queue but which have R servers. The arrivals follow a
Poisson process and the service times distribution is general. Customers entering the system are
served immediately by R servers. When the system hasN customers, all of them are in service. In
case of R greater than N, each customer is simultaneously served by just one server. Thus, service
rate for each customer is equal the service rate of server. However, each customer will receive
service rate less than service rate of server in case of N greater than R. In the case, total capacity
of R servers are equally shared by N customers and the system is the same as M/G/1 PS queue
[30].
4. M/G/R PS MODEL
The idea behind the M/G/R Processor Sharing model in our context is to look at
processing service requests at service computer, such web site. A service computer is referred to
as processor sharing system;it servesmany clients simultaneously by sharing system performance.
The computer responds to all service requests fairly. If we consider each service request as a
customer and they share executive capacity of computer, we can apply M/G/R PS to model
behavior of respond processing in the system. According to the model, when number of
customers is greater than R, the executive capacity will be fairly share for all current customers.
In this paper, we use theory results from [28] with R replaced by number of client; degradation of
service computer performance is expressed by expression (1)
( )
(⌊ ⌋ )
( )
( ( )( ⌊ ⌋)) (1)
with C is maximum executive capacity of service computer, is resource utilization, and C(R, )
is Erlang’s C equation. The parameter in our model is formulated by expression (2)
( ∫ ( ) ∫ ( ) ) (2)
4. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.6, November 2016
20
Where
P: total of CPU capacity
Pt(t): consume of CPU capacity at time of t
T: period of calculate time
M: total of main memory capacity
Mt(t): occupied capacity of main memory at time of t
5. THE MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON
M/G/R/PS MODEL
As presented in [28], the M/G/R PS model does not allow to direct calculating degradation
D(R, ). Thus, relationship between utilization variance and degradation of performance was
formulated for detecting symptom of degradation in performance easily. It switches to calculate
index of degradation I( ) by expression(3)
( )
( )
(3)
Where VU( ) is the variance of samples, is the resource utilization, and V0is the variance of
request when resource of computer is not saturated, it is calculated by (4)
V0:=
( )
(4)
so variations in resource degradation can be detected by I( ). However, I( ) can not help to
specify degradation in a certain time frame. Indeed, we just get whether degree of degradation
exceeds a reference value. By setting up a controlled environment or actual system, we can
determine the V0 and calculate a threshold. The threshold is set to corresponding with resource
saturation. As recommended in [28], the threshold should be three times deviation of I( ) plus its
mean in case of low utilization <0.5. Expression (3) uses a parameter ( ) to indicate the number
of previous samples to calculate the variance.
The method of early DDoS attack detection in this paper is constructed by determining
degradation in available resource of service computer via the above M/G/R PS model. Under
DDoS attack during, available resources become to smaller and indicated by the index I( ). For
getting I( ), we first calculate the parameters VU( ), V0, and . The variance VU( ) is derived
from sampling k samples of service computer resources in period Δt with during of sample , and
VU( ) is formulated as (5).
VU()= 2
[]=
∑ ( []) (5)
We get V0 from actual system, by setting up the mechanism in actual system an run it in normal
condition (no DDoS attack), select during seconds and k samples, calculate Vu()/, repeat
several times, get value of mean, and the value is V0.
The detection algorithm is implemented as a program which runs on protected systems. The
program continuously samples system resources and calculates necessary parameters for
calculating degradation index I(). Whenever the value of index exceeds a preset threshold,
signature of DDoS attack is detected and the program signals an alarm to detectors. The threshold
5. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.6, November 2016
21
is selected how to detect DDoS attacks as soon as possible by monitoring an actual system under
DDoS attack in controlled environments.
6. VALIDATING THE PROPOSED MECHANISM
In order to validating the proposed mechanism, we apply the system introduced in[31]. The
system is illustrated in figure 1. The M/G/R PS-based DDoS detection method is validated by
comparing with entropy-based DDoS detection method. The entropy-based DDoSdetection
mechanism bases on calculating entropy of stochastic requests in a period of time, proposed in
[21]. According to the algorithm, if deviation of two values of entropy from two consecutive
calculations exceeds a preset threshold, the system was under a DDoS attack. Two DDoS
detection methods are implemented in the experimental system by two plugins: plugin 1 and
plugin 2 which run simultaneously on the same protected system (web server).
Figure 1. The experimental system in [31]
Several EDSs (Event Data Samples) were specified for testing. The first EDS, called EDS 1,
includes chains of 5 seconds of attack interleaved by 10 seconds of non attack. By collecting
detection results from the testing system, statistics of four quantities TP (true positive), FP (false
positive), TN (true negative) and FN (false negative) are illustrated in figure 2.
6. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.6, November 2016
22
Figure 2. Results of testing for the case of using EDS1
Figure 2 shows that TP and TN rate of M/G/R PS-based detection mechanism are higher than in
entropy-based detection mechanism, TP rate of 92% and TN rate of 88%. The rates of entropy-
based detection mechanism are just at 89% and 83%, respectively. In terms of error indication,
both rates of FP and FN from the proposed mechanism are smaller than the rates of entropy-based
detection mechanism.
Figure 3. Results of testing for the case of using EDS2.
In the second testing case, EDS2 includes chains of 10 seconds of attack interleaved by 10
seconds of non attack. It extends periods of attack longer than in case of EDS1. Results of the
testing case are described in figure 3. Figure 3 shows that the rates of correct indication from the
proposed mechanism are still higher than the rates from entropy-based detection mechanism, TP
rate of 89% and TN rate of 93% comparing with 78% and 85%, respectively. In terms of error
indication, FN rate of the proposed mechanism is still smaller than the FN rate of entropy-based
detection mechanism, 11% comparing with 22%. However, value of FP rate from the proposed
mechanism is greater than the rate from entropy-based detection mechanism, value of 17%
comparing with 15%, but two values are not much different.
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
TP FN TN FP
M/G/R PS-based
entropy-based
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
TP FN TN FP
M/G/R PS-based
entropy-based
7. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.6, November 2016
23
7. CONCLUSIONS
Service systems were modeled as a M/G/R PS and the new method for early detecting DDoS
attacks was presented in this paper. The method is one of host-based DDoS detection methods
that detects signature of attack early by sampling system resources and fast calculating parameter
of resource degradation. Experimental results show that the method has good sensitivity to
detection, the rates of correct indication are very high, and the rates of error indication are low.
Moreover, implementation of the method is easily and it is rather suitable for detecting
application-level DDoS attacks.
REFERENCES
[1] J.Mirkovic, P. Reiher; “A taxonomy of DDoS attack and DDoS defense mechanisms”; ACM
SIGCOMM Computer Communications Review, vol. 34, no. 2, pp. 39-53, April 2004.
[2] T. Peng, C. Leckie, K. Ramamohanarao; “Survey of network-based defense mechanisms countering
the DoS and DDoS problems”; ACM Comput. Surv. 39, 1, Article 3, April 2007.
[3] RioRey; “Taxonomy of DDoS Attacks”; RioRey Taxonomy Rev 2.3 2012, 2012. [online]
http://www.riorey.com/x-resources/2012/RioRey Taxonomy DDoS Attacks 2012.pdf.
[4] Saman Taghavi Zargar, James Joshi,David Tipper; “A Survey of Defense Mechanisms Against
Distributed Denial of Service (DDoS) Flooding Attacks”; Communications Surveys & Tutorials,
IEEE ,Volume 15, Issue 4, 2013.
[5] Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao; “PacketScore: A Statistics-Based Packet Filtering
Scheme against Distributed Denial-of-Service Attacks”; IEEE Trans. On Dependable and Secure
Computing, vol. 3, no. 2, pp. 141-155, 2006.
[6] S. Changhua, Jindou, F., Lei, S., & Bin, L.; "A Novel Router-based Scheme to Mitigate SYN
Flooding DDoS Attacks"; in IEEE INFOCOM (Poster), Anchorage, Alaska, USA, 2007.
[7] M. Abliz; “Internet Denial of Service Attacks and Defense Mechanisms”; University of Pittsburgh,
Department of Computer Science, Technical Report. TR-11-178, March 2011.
[8] Cheng, J., Yin, J., Liu, Y., Cai, Z., Wu, C.; “DDoS attack detection using IP address feature
interaction”; Proceedings of the 1st International Conference on Intelligent Networking and
Collaborative Systems, Barcelona, Spain, pp. 113–118. IEEE CS, 4-6 November 2009.
[9] Krishan Kumar, Joshil, Kuldip Singh; “A Distributed Approach using Entropy to Detect DDOS
Attacks in ISP Domain”; International conference on signal processing, communications and
networking 2007, Chennai: IEEExplore Digital Library Press , pp. 331 – 337, 22-24 Feb. 2007.
[10] Shui Yu, Wanlei Zhou, Robin DOSs; “Information Theory Based Detection Against Network
Behavior Mimicking DDOS Attacks”; Communications Letters, IEEE Vol. 12(4), pp. 318 -321, April
2008.
[11] Shui Yu, Wanlei Zhou; “Entropy-Based Collaborative Detection of DDOS Attacks on Community
Networks”; Sixth Annual IEEE International Conference on Pervasive Computing and
Communications, Hong Kong IEEE CS Press, pp.566 – 571, 17-21 March 2008.
[12] Giseop No, Ilkyeun Ra; “Adaptive DDoS Detector Design Using Fast Entropy Computation
Method”; The Fifth IEEE International Conference on Innovative Mobile and Internet Services in
Ubiquitous Computing, 2011.
[13] Hwang, K., Dave, P., Tanachaiwiwat, S. NetShield; “Protocol anomaly detection with datamining
against DDoS attacks”; Proceedings of the 6th International Symposium on Recent Advances in
Intrusion Detection, Pittsburgh, PA, pp. 8–10. Springerverlag. , 8-10 September, 2003.
[14] R. Jalili, F. ImaniMehr; “Detection of Distributed Denial of Service Attacks Using Statistical Pre-
Prossesor and Unsupervised Neural Network”; ISPEC, Springer-Verlag Berlin Heidelberg, pp.192-
203, 2005.
[15] Y. C. Wu, H. R. Tseng, W. Yang, R. H. Jan; “DDoS detection and traceback with decision tree and
grey relational analysis”; International Journal of Ad Hoc Ubiquitous Computing., vol. 7, no. 2, pp.
121-136, 2011.
[16] Wang, J., Phan, R. C. W., Whitley, J. N., Parish, D. J.; “Augmented attack tree modeling of
distributed denial of services and tree based attack detection method”; Proceedings of the 10th IEEE
8. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.6, November 2016
24
International Conference on Computer and Information Technology, Bradford, UK, 29 June-1 July,
pp. 1009–1014. IEEE CS, 2010.
[17] G Dayanandam, T V Rao, S Pavan Kumar Reddy, Ravinuthala Sruthi; “Password Based Scheme and
Group Testing for Defending DDOS Attacks”; International Journal of Network Security & Its
Applications (IJNSA), Vol.5, No.3, May 2013.
[18] D. Schnackenberg, R. Balupari, D, Kindred L. Feinstein, "Statistical Approaches to DDoS Attack
Detection and Response," in DARPA Information Survivability Conference and Expedition, vol.
2003, Apr.
[19] Z. Qin, L. Ou, J. Liu, A. X. Liu J. Zhang, "An Advanced Entropy-Based DDoS Detection Scheme," in
International Conference on Information, Networking and Automation, pp. 67-71, 2010
[20]I. Ra G. No, "An efficient and reliable DDoS attack detection using fast entropy computation method,"
in International Symposium on Communication and Information technology, pp. 1223-1228, 2009
[21] S. Renuka Devi, P. Yogesh; “Detection Of Application Layer DDoS Attacks Using Information
Theory Based Metrics”; CCSEA, SEA, CLOUD, DKMP, CS & IT 05, pp. 217–223, DOI :
10.5121/csit.2012.2223, 2012
[22] Hwang, K., Dave, P., Tanachaiwiwat, S. NetShield; “Protocol anomaly detection with datamining
against DDoS attacks”; Proceedings of the 6th International Symposium on Recent Advances in
Intrusion Detection, Pittsburgh, PA, pp. 8–10. Springerverlag. , 8-10 September, 2003
[23] R. Jalili, F. ImaniMehr; “Detection of Distributed Denial of Service Attacks Using Statistical Pre-
Prossesor and Unsupervised Neural Network”; ISPEC, Springer-Verlag Berlin Heidelberg, pp.192-
203, 2005
[24] Y. C. Wu, H. R. Tseng, W. Yang, R. H. Jan; “DDoS detection and traceback with decision tree and
grey relational analysis”; International Journal of Ad Hoc Ubiquitous Computing., vol. 7, no. 2, pp.
121-136, 2011
[25] D. O,Brien S. Seufert, "Machine Learning for Automatic Defence against Distributed Denial of
Service Attack," in ICC, pp. 1217-1222, 2007
[26] Kawahara, R.; Ishibashi, K.; Asaka, T.; Ori, K., “A method of IP traffic management using TCP flow
statistics,” IEEE Global Telecommunications Conference, GLOBECOM ’03, vol. 7, pp. 4059-4063,
2003
[27] Kawahara, R.; Ishibashi, K.; Asaka, T.; Sumita, S.; Abe, T., “A method of bandwidth dimensioning
and management using flow statistics [IP networks],” IEEE Global Telecommunications Conference,
GLOBECOM’04, vol. 2, pp. 670-674, 2004
[28] Ishibashi, K.; Kawahara, R.; Asaka, T.; Aida, M.; Ono, S.; Asano,S., “Detection of TCP
performance degradation using link utilization statistics,” IEICE Transactions on Communications,
pp. 47-56, 1989
[29] J. Roberts, U. Mocci, J. Virtamo (eds.): Broadband Network Teletraffic, Springer, 1996
[30] Dr. János Sztrik, Basic Queueing Theory, University of Debrecen, Faculty of Informatics.
[31] Nguyen Hong Son, A System For Validating And Comparing Host-Based Ddos Detection
Mechanisms, International Journal of Network Security & Its Application (IJNSA) Vol.7, No.6, 2015.
[32] Saman Taghavi Zargar, Joshi, Member, IEEE, and David Tipper,A Survey of Defense Mechanisms
Against Distributed Denial of Service (DDoS) Flooding Attacks, IEEE Communications Surveys &
Tutorials, 2014.
AUTHOR
Son Nguyen Hong received his B.Sc. in Computer Engineering from Ho Chi Minh City University of
Technology, his M.Sc. and PhD in Communication Engineering from the Post and Telecommunication
Institute of Technology Hanoi. His current research interests include communication engineering, network
security, computer engineering and cloud computing.