A rank correlation based detection against distributed reflection do s attacks

•Download as DOCX, PDF•

0 likes•80 views

This document proposes a Rank Correlation Based Detection (RCD) algorithm to detect Distributed Reflection Denial of Service (DRDoS) attacks in a protocol-independent manner. RCD analyzes the inherent rank correlation between responsive traffic flows stimulated by the same attacking flow. Preliminary simulations show RCD can efficiently differentiate reflection flows from legitimate ones, providing a usable indicator for DRDoS detection. The algorithm uses Spearman's Rank Correlation as it is more suitable than Pearson's correlation for the nonlinear traffic patterns and outliers introduced during DRDoS attacks.

Education Technology

A Rank Correlation Based Detection against Distributed
Reflection DoS Attacks
ABSTRACT:
DDoS presents a serious threat to the Internet since its inception, where lots of
controlled hosts flood the victim site with massive packets. Moreover, in
Distributed Reflection DoS (DRDoS), attackers fool innocent servers (reflectors)
into flushing packets to the victim. But most of current DRDoS detection
mechanisms are associated with specific protocols and cannot be used for unknown
protocols. It is found that because of being stimulated by the same attacking flow,
the responsive flows from reflectors have inherent relations: the packet rate of one
converged responsive flow may have linear relationships with another. Based on
this observation, the Rank Correlation based Detection (RCD) algorithm is
proposed. The preliminary simulations indicate that RCD can differentiate
reflection flows from legitimate ones efficiently and effectively, thus can be used
as a useable indicator for DRDoS.
EXISTING SYSTEM:
There have been some packet-level defense methods. Filtering all incoming
response packets, which is of low cost, will result in no general access to the

remote server. Inspecting packet content and tracking protocol status maybe
helpful, but need a lot of computation which is also vulnerable to attacks. Along
with more protocols being exploited to launch DRDoS, countermeasures must
consider a list of possible protocols with each one treated specifically, and the list
needs to be updated in time. So we urgently expect some protocol independent
methods to help detecting most kinds of DRDoS.
PROPOSED SYSTEM:
We investigate the basic traffic pattern introduced near the victim under DRDoS,
and propose a general detection method: the Rank Correlation based Detection
(RCD). RCD is protocol independent and its computation cost is not affected by
network throughput. In RCD, once an attack alarm rises, upstream routers will
sample and test rank correlation of suspicious flows and use the correlation value
for further detection. Correlation has been successfully used in DDoS detection,
e.g., correlation coefficient has been successfully employed to discriminate DDoS
attacks from flash crowds. As we know, it is the first time that DRDoS is analyzed
and detected using correlation.
ADVANTAGES OF PROPOSED SYSTEM:
The preliminary simulations indicate that RCD can differentiate reflection flows
from legitimate ones efficiently and effectively, thus can be used as a useable
indicator for DRDoS.

ALGORITHM USED:
Spearman’s Rank Correlation
The well-known Pearson’s correlation coefficient is suitable for describing the
linear relationship. However, due to the background traffic and delay, the linearity
may not be obvious. And Pearson’s correlation is sensitive to outliers introduced
by traffic bursts. Through experimental comparisons, Spearman’s rank correlation
coefficient (Spearman’s rho) is more suitable for detection, where a raw value is
converted to a ranked value and then Pearson’s correlation is applied. For a given
value, its ranked value is the average of its position(s) in the ascending order of all
values.
SYSTEM CONFIGURATION:-
HARDWARE REQUIREMENTS:-
 Processor - Pentium –IV
 Speed - 1.1 Ghz

 RAM - 512 MB(min)
 Hard Disk - 40 GB
 Key Board - Standard Windows Keyboard
 Mouse - Two or Three Button Mouse
 Monitor - LCD/LED
SOFTWARE REQUIREMENTS:-
 Operating System : LINUX
 Tool : Network Simulator-2
 Front End : OTCL (Object Oriented Tool Command
Language)
REFERENCE:
Wei Wei, Feng Chen, Yingjie Xia, and Guang Jin, “A Rank Correlation Based
Detection against Distributed Reflection DoS Attacks”, IEEE
COMMUNICATIONS LETTERS, VOL. 17, NO. 1, JANUARY 2013

The document proposes a Rank Correlation Based Detection (RCD) algorithm to detect Distributed Reflection Denial of Service (DRDoS) attacks in a protocol-independent manner. RCD analyzes the inherent rank correlations between responsive traffic flows stimulated by the same attacking flow. Preliminary simulations show RCD can efficiently differentiate reflection flows from legitimate ones, providing a usable indicator for DRDoS detection. The algorithm uses Spearman's Rank Correlation as it is more suitable than Pearson's correlation for the nonlinear packet rates and outliers introduced by network delays and bursts.

IEEE BE-BTECH NS2 PROJECT@ DREAMWEB TECHNO SOLUTION

ranjith kumar

Dear Student, DREAMWEB TECHNO SOLUTIONS is one of the Hardware Training and Software Development centre available in Trichy. Pioneer in corporate training, DREAMWEB TECHNO SOLUTIONS provides training in all software development and IT-related courses, such as Embedded Systems, VLSI, MATLAB, JAVA, J2EE, CIVIL, Power Electronics, and Power Systems. It’s certified and experienced faculty members have the competence to train students, provide consultancy to organizations, and develop strategic solutions for clients by integrating existing and emerging technologies. ADD: No:73/5, 3rd Floor, Sri Kamatchi Complex, Opp City Hospital, Salai Road, Trichy-18 Contact @ 7200021403/04 phone: 0431-4050403

Privacy preserving and truthful detection

jpstudcorner

Chennai Office: JP INFOTECH, Old No.31, New No.86, 1st Floor, 1st Avenue, Ashok Nagar, Chennai-83. Landmark: Next to Kotak Mahendra Bank/Bharath Scans Landline: (044) - 43012642 / Mobile: (0)9952649690 Pondicherry Office: JP INFOTECH, #45, Kamaraj Salai, Thattanchavady, Puducherry - 9 Landmark: Opp. to Thattanchavady Industrial Estate & Next to VVP Nagar Arch. Landline: (0413) - 4300535 / Mobile: (0)8608600246 / (0)9952649690

Limiting Self-Propagating Malware Based on Connection Failure Behavior

csandit

Self-propagating malware (e.g., an Internet worm) exploits security loopholes in software to infect servers and then use them to scan the Internet for more vulnerable servers. While the mechanisms of worm infection and their propagation models are well understood, defense against worms remains an open problem. One branch of defense research investigates the behavioral difference between worm-infected hosts and normal hosts to set them apart. One particular observation is that a worm-infected host, which scans the Internet with randomly selected addresses, has a much higher connection-failure rate than a normal host. Rate-limit algorithms have been proposed to control the spread of worms by traffic shaping based on connection failure rate. However, these rate-limit algorithms can work properly only if it is possible to measure failure rates of individual hosts efficiently and accurately. This paper points out a serious problem in the prior method and proposes a new solution based on a highly efficient double-bitmap data structure, which places only a small memory footprint on the routers, while providing good measurement of connection failure rates whose accuracy can be tuned by system parameters.

Detecting Misbehavior Nodes Using Secured Delay Tolerant Network

IRJET Journal

This document proposes a method called Statistical-based Detection of Blackhole and Greyhole attackers (SDBG) to detect misbehaving nodes in delay tolerant networks. SDBG can detect both individual misbehaving nodes as well as nodes that are colluding together. It works by having each node record encounter data with other nodes, including the number of messages sent and received. Individual nodes that drop many messages can be detected based on having a low message forwarding ratio. Colluding nodes can be detected because they will have sent many messages to each other to fake good behavior. The method aims to accurately detect misbehaving nodes while keeping false positives low. Extensive simulations showed it can work well across different network conditions.

DoS Forensic Exemplar Comparison to a Known Sample

CSCJournals

The investigation of any event or incident often involves the evaluation of physical evidence. Occasionally, a comparison is conducted between an evidentiary sample of unknown origin and that of an appropriate known sample. In a Denial of Service (DoS) attack, items of evidentiary value may cross the spectrum from anecdotes to useful information in firewall logs or complete packet captures. Because of the spoofed or reflective nature of DoS attacks, relevant information leading to the direct identification of the perpetrator is rarely available. In many instances, this underscores the significance of the investigator's ability to accurately identify the tool utilized by the suspect. For a DoS attack scenario, this would likely involve a commercially available stresser or criminal bot infrastructure. In this paper, we propose the concept of a DoS exemplar and determine if the comparison of evidentiary samples to an appropriate known sample of DoS attributes could add value in the investigative process. We also provide a simple tool to compare two DoS flows.

Trust Based Routing In wireless sensor Network

Anjan Mondal

This document discusses trust based routing in wireless sensor networks. It describes the characteristics and applications of sensor networks, and different types of attacks they face including passive attacks like traffic analysis and active attacks that aim to modify or fabricate routing information. It then proposes a trust based routing model for sensor networks that calculates direct trust between neighboring nodes based on their packet forwarding behavior, and propagates this trust information through route requests to enable computation of trust beyond single hops. This model aims to secure routing against active attacks in infrastructure-less sensor networks.

Delaunay based two-phase algorithm for connected cover in WSNs

Maynooth University

Monitoring applications are one of the main usages of wireless sensor networks, where the sensor nodes are responsible to report any event of interest in the monitoring area. Due to their limited energy storage, the nodes are prone to fail, which may lead to network partitioning problem. To cope with this problem, the number of deployed sensor nodes in an area is more than the required quantity. The challenge is to turn on a minimal number of nodes to preserve network connectivity and area coverage. In this paper, we apply computational geometry techniques to introduce a new 2-phase algorithm, called Delaunay Based Connected Cover (DBCC), to find a connected cover in an omnidirectional wireless sensor network. In the first phase, the Delaunay triangulation of all sensors is computed and a minimal number of sensors is selected to ensure the coverage of the region. In the second phase, connectivity of the nodes is ensured. The devised method is simulated by NS2 and is compared with two well-known algorithms, CCP and OGDC. For the case, where the communication and the coverage radii are equal, our method requires 23% and 45% fewer nodes compared to the aforementioned methods, respectively. In the second simulation case, the communication radius is set to 1.5 times of the coverage radius. The results demonstrate that DBCC chooses 14% and 34% fewer nodes, respectively.

This document summarizes a payload-based anomaly detection system called PAYL that models normal application payloads for network traffic. PAYL computes a byte frequency distribution profile during training and uses Mahalanobis distance during detection to measure similarity to the profile. It was shown to achieve nearly 100% accuracy with a 0.1% false positive rate on some datasets. The system aims to detect new worms and exploits at a network gateway before propagation.

DDoS Attack and Defense Scheme in Wireless Ad hoc Networks

IJNSA Journal

The wireless ad hoc networks are highly vulnerable to distributed denial of service(DDoS) attacks because of its unique characteristics such as open network architecture, shared wireless medium and stringent resource constraints. These attacks throttle the tcp throughput heavily and reduce the quality of service(QoS) to end systems gradually rather than refusing the clients from the services completely. In this paper, we discussed the DDoS attacks and proposed a defense scheme to improve the performance of the ad hoc networks. Our proposed defense mechanism uses the medium access control (MAC) layer information to detect the attackers. The status values from MAC layer that can be used for detection are Frequency of receiving RTS/CTS packets, Frequency of sensing a busy channel and the number of RTS/DATA retransmissions. Once the attackers are identified, all the packets from those nodes will be blocked. The network resources are made available to the legitimate users. We perform the simulation with Network Simulator NS2 and we proved that our proposed system improves the network performance.

An os independent heuristics based worm-containment system

UltraUploader

This document describes an operating system independent worm containment system that uses heuristic rules to detect infections. The system observes outgoing network traffic over configurable time windows and uses rules to identify anomalous activity, which could indicate a worm infection. Four heuristic rules are presented that detect events like new connections or connections to new IP addresses. Simulations show the system can contain worms with scan rates from 2 to 100,000 scans per second by tuning parameters and using DHCP scattering.

An4101227230

IJERA Editor

This document presents an approach for detecting encrypted network traffic attacks by making correlation schemes more robust. The approach embeds a timing-based watermark into network flows by adjusting the timing of selected packets. By slightly changing packet timing, the watermark achieves robust correlation against random timing perturbations. The proposed active watermarking scheme analyzes packet delay correlations between adjacent network nodes to detect watermarks and trace traffic back to its origin, even if the traffic is encrypted. This technique requires fewer packets than passive timing-based correlation to achieve robustness against attacks.

A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE

IJNSA Journal

When service system is under DDoS attacks, it is important to detect anomaly signature at starting time of attack for timely applying prevention solutions. However, early DDoS detection is difficult task because the velocity of DDoS attacks is very high. This paper proposes a DDoS attack detection method by modeling service system as M/G/R PS queue and calculating monitoring parameters based on the model in odder to early detect symptom of DDoS attacks. The proposed method is validated by experimental system and it gives good results.

DETECTING PACKET DROPPING ATTACK IN WIRELESS AD HOC NETWORK

IJCI JOURNAL

In wireless ad hoc network, packet loss is a serious issue. Either it is caused by link errors or by malicious packet dropping. The malicious nodes in a route can intentionally drop the packets during the transmission from source to destination. It is difficult to distinct the packet loss due to link errors and malicious dropping. Here is a mechanism which will detect the malicious packet dropping by using the correlation between packets. An auditing architecture based on homomorphic linear authenticator can be used to ensure the proof of reception of packets at each node. Also to ensure the forwarding of packets at each node, a reputation mechanism based on indirect reciprocity can be used.

Layered approach using conditional random fields for intrusion detection (syn...

Mumbai Academisc

The document proposes a layered approach using conditional random fields for intrusion detection. It aims to improve accuracy and efficiency. Each layer is trained separately to detect different attack types (probe, DoS, R2L, U2R) using relevant features. The layers act as filters to quickly detect and block attacks without passing connections to subsequent layers. Experimental results show the proposed system outperforms other methods with high improvements in detecting certain attack types. Hardware requirements include a Pentium IV PC with 256MB RAM and software requirements include Windows XP and development tools like Java and Eclipse.

PDS- A Profile based Detection Scheme for flooding attack in AODV based MANET

ijsptm

One of the main challenges in MANET is to design the robust security solution that can protect MANET from various routing attacks. Flooding attack launched at network layer is a serious routing attack which can consume more resources like bandwidth, battery power, etc. It is more concealed form of Denial of service attack and resource consumption attack. The route discovery scheme in reactive routing protocols like Adhoc On Demand Distance Vector (AODV) and Dynamic Source Routing (DSR) used in MANET makes it more easy for malicious nodes to launch connection request floods by flooding the route request packets (RREQ) on the network. A novel detection technique based on dynamic profile with traffic pattern analysis (PDS) is proposed. Its effectiveness in detecting and isolating the malicious node that floods the route request packets is evaluated using java simulator jist/swans.

A1803050106

IOSR Journals

This document proposes a variation of the StriFA pattern matching technique for intrusion detection. StriFA converts input streams into shorter integer streams to accelerate matching. The variation layers StriFA in a four-step process. First, a dataset is preprocessed by mapping symbolic attributes to integers. Then it is split into four subsets, each containing normal and attack records. Feature values are extracted and stored as integer strings. These strings are used to train a layered StriFA architecture to detect 22 attack types mixed with normal data. Performance is evaluated against other algorithms, finding this variation achieves the highest accuracy with the lowest error rate.

Efficient ddos attacks security scheme using asvs

eSAT Journals

Abstract A distributed Denial of Service (DDoS) attack enables higher threats to the internet. There are so many scheme designed to identify the node which is to be attacker node. The real process is such as we want to trace the source of the attacker and enable security to our network. The protocol introduced here, called Adaptive Selective Verification with Stub (ASVS) is shown to use bandwidth efficiently and uses stub creation. The Stub procedure to reduce the server load at the time of emergency and congestion. Using this stub idea we can store the ASVS protocol procedure in the server and we can have the stub in the every client so that we can detect the hacker system by the client itself. We use omniscient protocol which enables to send information about the attacker to all the clients. Keywordss: Adaptive Selective Verification With Stub (ASVS), Distributive Denial Of Service Attacks (DDoS) Flooding, Performance Analysis.

Efficient ddos attacks security scheme using asvs

eSAT Publishing House

IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.

INFRINGEMENT PRECLUSION SYSTEM VIA SADEC: STEALTHY ATTACK DETECTION AND COUNT...

ijp2p

In this paper we are providing a implementation details about simulated solution of stealthy packet drop attack. Stealthy packet drop attack is a suite of four attack types, includes colluding collision, packet misrouting, identity delegation and power control. Stealthy packet drop attacks disrupts the packet from reaching to it’s destination through malicious behaviour. These attacks can be easily breakdown the multi-hop wireless ad-hoc networks. Most widely preferred method for detecting attacks in wireless network is behaviour based detection method. In this method a normal network overhears communication from its neighbourhood. Here we are implementing a SADEC protocol which is proposed solution of stealthy packet drop attacks. SADEC overlaid the base line local monitoring. In base line local monitoring each neighbour maintains additional information about routing path also it adds some checking responsibility to all its neighbours. SADEC proves more efficient than baseline local monitoring to mitigate successfully all the stealthy attack types.

Spatial approximate string search

IEEEFINALYEARPROJECTS

Network assisted mobile computing with optimal uplink query processing

JPINFOTECH JAYAPRAKASH

1) The document proposes a network-assisted mobile computing system where mid-network nodes can lease processing power to mobile devices to reduce latency and battery usage when processing queries. 2) It studies the tradeoff between battery usage, processing latency, transmission latency, and leasing costs to determine the optimal processing policy for allocating work across devices. 3) The proposed system divides query processing across the mobile station, relay nodes, and application server to minimize costs based on leasing, latency, and battery usage considerations.

Using fuzzy logic control to provide intelligent traffic management service f...

JPINFOTECH JAYAPRAKASH

This paper proposes a distributed traffic management framework that uses fuzzy logic control. Routers are deployed with intelligent data rate controllers to manage increasing internet traffic. Unlike other explicit traffic control protocols that estimate network parameters, the fuzzy logic controller can directly measure router queue size. This avoids issues from parameter estimation while reducing computation and memory usage. The queue size is used to proactively regulate source sending rates, increasing resilience to congestion. Simulation results show the new scheme achieves better performance than existing protocols relying on network parameter estimation.

Facilitating document annotation using content and querying value

JPINFOTECH JAYAPRAKASH

Towards secure multi keyword top-k retrieval over encrypted cloud data

JPINFOTECH JAYAPRAKASH

The document proposes a two-round searchable encryption scheme to enable secure multi-keyword top-k retrieval over encrypted cloud data. Existing searchable encryption schemes only support boolean keyword search and do not consider relevance. The proposed Two-Round Searchable Encryption scheme uses homomorphic encryption and a vector space model to enable users to participate in ranking while most computation is done on the server side ciphertext only. This guarantees security without sacrificing efficiency.

final year ieee projects in pondicherry

JPINFOTECH JAYAPRAKASH

This document lists 71 IEEE projects from 2013 available for students through JP Infotech. The projects cover a wide range of domains including cloud computing, data mining, secure computing, networking, mobile computing, and more. They are designed to support students with journal and conference publications, document and presentation reviews, assignments, mock interviews, certification, and placement assistance. Students can also submit their own projects for support.

2013 ieee java project titles for cse, it and mca

JPINFOTECH JAYAPRAKASH

Back pressure-based packet-by-packet adaptive routing in communication networks

JPINFOTECH JAYAPRAKASH

This document proposes a new adaptive routing algorithm built upon the widely studied back-pressure algorithm. It decouples the routing and scheduling components by designing a probabilistic routing table to route packets to per-destination queues, while scheduling decisions in wireless networks use "shadow queues". This reduces implementation complexity and delay compared to existing back-pressure algorithms. The approach can also optimize routing-coding tradeoffs in networks using simple network coding.

IEEE PROJECTS FOR ECE 2013 2014

JPINFOTECH JAYAPRAKASH

Participatory privacy enabling privacy in participatory sensing

JPINFOTECH JAYAPRAKASH

The document discusses privacy issues in participatory sensing and proposes a privacy-enhanced participatory sensing infrastructure called PEPSI. Participatory sensing allows mobile users to share sensor data, but existing systems do not provide adequate privacy protections. PEPSI uses cryptographic tools to allow query/report matching by a service provider while guaranteeing privacy for mobile nodes and query submitters. It aims to provide provable privacy by design and defines clear privacy properties.

What's hot

Anomalous payload based network intrusion detection

UltraUploader

DDoS Attack and Defense Scheme in Wireless Ad hoc Networks

IJNSA Journal

An os independent heuristics based worm-containment system

UltraUploader

An4101227230

IJERA Editor

A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE

IJNSA Journal

DETECTING PACKET DROPPING ATTACK IN WIRELESS AD HOC NETWORK

IJCI JOURNAL

Layered approach using conditional random fields for intrusion detection (syn...

Mumbai Academisc

PDS- A Profile based Detection Scheme for flooding attack in AODV based MANET

ijsptm

A1803050106

IOSR Journals

Efficient ddos attacks security scheme using asvs

eSAT Journals

Efficient ddos attacks security scheme using asvs

eSAT Publishing House

INFRINGEMENT PRECLUSION SYSTEM VIA SADEC: STEALTHY ATTACK DETECTION AND COUNT...

ijp2p

Spatial approximate string search

IEEEFINALYEARPROJECTS

What's hot (13)

Anomalous payload based network intrusion detection

DDoS Attack and Defense Scheme in Wireless Ad hoc Networks

An os independent heuristics based worm-containment system

An4101227230

A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE

DETECTING PACKET DROPPING ATTACK IN WIRELESS AD HOC NETWORK

Layered approach using conditional random fields for intrusion detection (syn...

PDS- A Profile based Detection Scheme for flooding attack in AODV based MANET

A1803050106

Efficient ddos attacks security scheme using asvs

INFRINGEMENT PRECLUSION SYSTEM VIA SADEC: STEALTHY ATTACK DETECTION AND COUNT...

Spatial approximate string search

Viewers also liked

Network assisted mobile computing with optimal uplink query processing

JPINFOTECH JAYAPRAKASH

Using fuzzy logic control to provide intelligent traffic management service f...

JPINFOTECH JAYAPRAKASH

Facilitating document annotation using content and querying value

JPINFOTECH JAYAPRAKASH

Towards secure multi keyword top-k retrieval over encrypted cloud data

JPINFOTECH JAYAPRAKASH

final year ieee projects in pondicherry

JPINFOTECH JAYAPRAKASH

2013 ieee java project titles for cse, it and mca

JPINFOTECH JAYAPRAKASH

Back pressure-based packet-by-packet adaptive routing in communication networks

JPINFOTECH JAYAPRAKASH

IEEE PROJECTS FOR ECE 2013 2014

JPINFOTECH JAYAPRAKASH

Participatory privacy enabling privacy in participatory sensing

JPINFOTECH JAYAPRAKASH

A highly scalable key pre distribution scheme for wireless sensor networks

JPINFOTECH JAYAPRAKASH

This document proposes a new scalable key management scheme for wireless sensor networks (WSNs) using unital design theory. Existing key pre-distribution schemes suffer from low scalability or degraded performance metrics like storage overhead and resiliency for large networks. The proposed scheme aims to enhance scalability without degrading other metrics. It introduces a naive mapping from unital design to key pre-distribution showing high scalability. It also proposes an enhanced unital-based scheme maintaining good key sharing probability while further improving scalability. Analysis shows the approach outperforms existing schemes in criteria like storage overhead, energy consumption, scalability, and resiliency.

2013 14 ieee ece project titles - jp infotech

JPINFOTECH JAYAPRAKASH

Privacy preserving delegated access control in public clouds

JPINFOTECH JAYAPRAKASH

This document proposes a new approach called two layer encryption (TLE) to delegate fine-grained access control enforcement to public clouds while preserving data and user privacy. Under TLE, the data owner performs coarse-grained encryption and the cloud performs fine-grained re-encryption based on access control policies. This addresses limitations of existing approaches where the data owner must re-encrypt data whenever user credentials change. The TLE approach also keeps user identity attributes and data confidential from the cloud.

Distributed cooperative caching in social wireless networks

JPINFOTECH JAYAPRAKASH

This paper proposes cooperative caching strategies to minimize content provisioning costs in social wireless networks (SWNETs). SWNETs consist of mobile devices that share common interests in electronic content. The paper develops models of the network, services, and pricing, and uses these to create two caching strategies: Split Cache, which optimally places objects for networks with homogeneous demands, and Distributed Benefit, which minimizes costs for heterogeneous networks. Analytical and simulation results show that these strategies reduce costs. An Android prototype validates the results. Selfish user behaviors are also analyzed.

Twitsper tweeting privately

JPINFOTECH JAYAPRAKASH

Identity based secure distributed data storage schemes

JPINFOTECH JAYAPRAKASH

This document proposes two identity-based secure distributed data storage schemes. The schemes allow a file owner to independently decide access permissions for receivers without help from a private key generator. When a receiver queries the system, they can only access one of the owner's files, not all files. The schemes also protect against collusion attacks where receivers cannot obtain the owner's secret key even if they compromise proxy servers. The first scheme provides confidentiality against chosen plaintext attacks, while the second achieves security against chosen ciphertext attacks. To the best of the authors' knowledge, this is the first scheme that allows file-level access control and protects against collusion attacks in the standard model.

Efficient algorithms for neighbor discovery in wireless networks

JPINFOTECH JAYAPRAKASH

E1. The paper proposes and analyzes several algorithms for neighbor discovery in wireless networks. It presents an ALOHA-like algorithm for when nodes cannot detect collisions and a receiver feedback-based algorithm when they can. E2. It then analyzes neighbor discovery in a multihop setting, establishing an upper bound on the running time of the ALOHA-like algorithm and a lower bound on the running time of any randomized algorithm. E3. The paper aims to develop algorithms that do not require nodes to know the number of neighbors or be synchronized, and that allow asynchronous starting and determine when to terminate discovery.

Toward fine grained, unsupervised, scalable performance diagnosis for product...

JPINFOTECH JAYAPRAKASH

Proteus multiflow diversity routing for wireless networks with cooperative tr...

JPINFOTECH JAYAPRAKASH

This paper proposes a routing protocol called Proteus for wireless networks using cooperative transmissions. Proteus aims to improve network performance by leveraging virtual MISO links through cooperative transmissions. It makes two key algorithmic decisions - the number of cooperating transmitters per link and the cooperation strategy. Proteus is evaluated using NS2 simulations and shown to improve throughput by 15-300% depending on node density by optimizing these decisions.

Secure mining of association rules in horizontally distributed databases

JPINFOTECH JAYAPRAKASH

This document proposes a new protocol for securely mining association rules from horizontally distributed databases. It summarizes an existing protocol from Kantarcioglu and Clifton, which leaks excess information. The proposed protocol uses novel secure multi-party algorithms to compute unions and test set inclusions privately. It offers enhanced privacy and is more efficient than the existing protocol in terms of communication rounds, cost, and computation.

Viewers also liked (19)

Network assisted mobile computing with optimal uplink query processing

Using fuzzy logic control to provide intelligent traffic management service f...

Facilitating document annotation using content and querying value

Towards secure multi keyword top-k retrieval over encrypted cloud data

final year ieee projects in pondicherry

2013 ieee java project titles for cse, it and mca

Back pressure-based packet-by-packet adaptive routing in communication networks

IEEE PROJECTS FOR ECE 2013 2014

Participatory privacy enabling privacy in participatory sensing

A highly scalable key pre distribution scheme for wireless sensor networks

2013 14 ieee ece project titles - jp infotech

Privacy preserving delegated access control in public clouds

Distributed cooperative caching in social wireless networks

Twitsper tweeting privately

Identity based secure distributed data storage schemes

Efficient algorithms for neighbor discovery in wireless networks

Toward fine grained, unsupervised, scalable performance diagnosis for product...

Proteus multiflow diversity routing for wireless networks with cooperative tr...

Secure mining of association rules in horizontally distributed databases

Similar to A rank correlation based detection against distributed reflection do s attacks

Detection and localization of multiple spoofing attackers in wireless networks

JPINFOTECH JAYAPRAKASH

This document proposes methods for detecting and localizing multiple spoofing attackers in wireless networks. It discusses using received signal strength (RSS) spatial correlation, which is a physical property associated with each node's location, to detect spoofing attacks. It formulates determining the number of attackers as a multiclass detection problem and develops cluster-based mechanisms. When training data is available, it explores using support vector machines to improve accuracy. An integrated detection and localization system is developed that can localize multiple attackers with over 90% accuracy in experiments. Existing cryptographic approaches have overhead while the proposed RSS-based spatial correlation method does not require wireless device modification.

Behavioral malware detection in delay tolerant network

Bittu Roy

This document proposes a system for detecting behavioral malware in delay tolerant networks. It presents a general behavioral characterization of proximity malware based on a naive Bayesian model. This model has been successfully used to detect malware in non-DTN settings. The system addresses challenges in extending this model to DTNs, including having insufficient evidence due to limited node contact and the risk of collecting evidence from infected nodes. It proposes techniques like look-ahead and adaptive look-ahead to balance these risks.

DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...

IJCNCJournal

This document discusses a study that proposes a dynamic entropy-based method for detecting DDoS attacks in SDN environments. The study introduces using dynamic threshold values that change over time based on the entropy value variability of network traffic windows, to help predict system state and detect new attacks more accurately compared to static thresholds. The study also evaluates the proposed method in a practical SDN testbed environment, not just in simulations, and finds it can rapidly detect DDoS attacks with high accuracy.

DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...

IJCNCJournal

Software-Defined Network (SDN) is an innovative network architecture with the goal of providing the flexibility and simplicity in network operation and management through a centralized controller. These features help SDN to easily adapt tothe expansion of networkrequirements, but it is also a weakness when it comes to security. With centralized architecture, SDN is vulnerable to cyber-attacks, especially Distributed Denial of Service (DDoS) attack. DDoS is a popular attack type which consumes all network resources and causes congestion in the entire network. In this research, we will introduce a DDoS detection model based on the statistical method with a dynamic threshold value that changes over time. Along with the simulation result, we build a practical SDN model to apply our method, the results show that our method can detectD DoS attacks rapidly with high accuracy.

A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE

IJNSA Journal

1) The document proposes a method for early detection of DDoS attacks by modeling a service system as an M/G/R processor sharing queue. 2) It calculates monitoring parameters based on the queue model in order to detect symptoms of DDoS attacks early. 3) Experimental results show the proposed method detects DDoS attacks with high true positive and true negative rates compared to an entropy-based detection method.

A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE

IJNSA Journal

1) The document proposes a method for early detection of DDoS attacks based on modeling a service system as an M/G/R processor sharing queue. 2) It involves sampling system resources over time, calculating resource utilization and variance parameters, and comparing a degradation index to a threshold to detect anomalous degradation indicative of an attack. 3) Experimental results show the proposed method achieved higher rates of true positives and true negatives for DDoS detection compared to an entropy-based detection method, demonstrating its effectiveness at early detection.

Defending against collaborative attacks by

jpstudcorner

HEAD OFFICE (CHENNAI): JP INFOTECH, Old No. 31, New No: 86, 1st Floor, 1st Avenue, Ashok Nagar (Ashok Pillar), Chennai – 83. Landmark: Next to Kotak Mahendra Bank / Bharath Scans MOBILE: (0)9952649690 LANDLINE: (044) 43012642 E-MAIL: jpinfotechprojects@gmail.com PUDUCHERRY / PONDICHERRY OFFICE: JP INFOTECH, #45, Kamaraj Salai, Thattanchavady, Pondy-Tindivanam High Road, Puducherry/Pondicherry – 605009. Landmark: Opp. To Thattanchavady Industrial Estate and Next to VVP Nagar Arch. MOBILE: (0)9952649690 / (0) 8608600246 LANDLINE: (0413)4300535 E-MAIL: jpinfotechprojects@gmail.com

Aa04404164169

IJERA Editor

Detection of application layer ddos attack using hidden semi markov model (20...

Mumbai Academisc

This document discusses a proposed scheme to detect application layer distributed denial of service (App-DDoS) attacks using hidden semi-Markov models. It begins by describing how current techniques have difficulty distinguishing App-DDoS attacks from normal flash crowds based on traffic characteristics alone. The proposed scheme aims to capture spatial-temporal patterns during normal flash crowds using an Access Matrix, and then uses a hidden semi-Markov model to analyze dynamics of the Access Matrix and detect anomalies indicating potential App-DDoS attacks. It argues this approach can more effectively identify if traffic surges are caused by attackers or normal users compared to existing detection systems.

Entropy based DDos Detection in SDN

Vishal Vasudev

1) The document describes a proposed SDN-based system to detect and prevent DDoS attacks. It uses entropy calculations on traffic flow statistics to detect attacks. When an attack is detected, the controller installs rules to block traffic from bot IPs and the server uses CAPTCHAs to authenticate legitimate users. 2) The system was tested using iperf and attack tools on an emulation platform. Results showed it maintained high throughput even during attacks, unlike approaches that overload the controller. It also had lower false positives than other detection algorithms. 3) Future work could include expanding the system to detect attacks targeting different SDN layers and more servers. The approach provides an effective and scalable DDoS defense for

Review of Flooding Attack Detection in AODV Protocol for Mobile Ad-hoc Network

ijsrd.com

Ad Hoc Networks are extremely vulnerable to attacks due to their dynamically changing topology, absence of conventional security infrastructures, vulnerability of nodes and channels and open medium of communication. Denial of Service (DoS) and Distributed DoS (DDoS) attacks are two of the most harmful threats to the network functionality. The Prevention methods like authentication and cryptography techniques alone are not able to provide the security to these types of networks. Therefore, efficient intrusion detection must be deployed to facilitate the identification and isolation of attacks. Major attacks on Mobile Ad hoc networks are flooding, selective forwarding, sinkhole, wormhole etc. We have presented various intrusion detection techniques in MANET. Then we have proposed a method to detect flooding attack in MANET.

SUBSIDING ROUTING MISBEHAVIOR IN MANET USING “MIRROR MODEL

cscpconf

Noncooperation or failure to work together is a big challenge that surely degrades the performance and reliability of Mobile Adhoc Networks. In MANETs, nodes have dual responsibilities of forwarding and routing, that’s why it needs unison with nodes. To sort out non-cooperation a real life behavior should be implemented, so that misbehavior is nullified.In this paper, we present the “Mirror Model” that strictly enforces cooperation due to its punishment strategy. Node’s behavior is watched by its neighbors in PON mode, to update the NPF, NPRF values for a threshold time. After the expiry of the threshold time each node calculates the PFR and broadcasts its neighbors. Similarly all neighbors broadcasted PFR is received and processed by the node to define the ‘G’ and ‘BP’ values. The G value is used to isolate selfish nodes from the routing paths and BP denotes the amount of packets to be dropped by an honest node against a selfish node in spite of its misbehavior/packet drops. Cooperation within the neighbors, certainly result in subsiding misbehavior of selfish nodes, therein enhancing cooperation of the whole MANET. This model ensures honesty and reliability in MANET because it does not eliminate a node, but it behaves in the same way as the node behaved. Therefore, it justifies its name, after all mirrors reflects the same. We have implemented the model in “GloMoSim” on top of the DSR protocol, resulting its effectiveness, as compared to the DSR protocol when the network is misconducting for its selfish needs

Attack tor

Phil Emon

This document summarizes research on low-resource routing attacks against anonymous communication systems like Tor. The researchers developed attacks where malicious nodes with few resources can compromise the anonymity of many users by exploiting preferential routing mechanisms. In experiments, a small number of malicious nodes falsely claiming high bandwidth compromised over 46% of paths in a Tor network, undermining theoretical models suggesting strong anonymity. Defenses are discussed to prevent low-resource adversaries from influencing routing.

USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT

IJNSA Journal

With the growing deployment of host-based and network-based intrusion detection systems in increasingly large and complex communication networks, managing low-level alerts from these systems becomes critically important. Probes of multiple distributed firewalls (FWs), intrusion detection systems (IDSs) or intrusion prevention systems (IPSs) are collected throughout a monitored network such that large series of alerts (alert streams) need to be fused. An alert indicates an abnormal behavior, which could potentially be a sign for an ongoing cyber attack. Unfortunately, in a real data communication network, administrators cannot manage the large number of alerts occurring per second, in particular since most alerts are false positives. Hence, an emerging track of security research has focused on alert correlation to better identify true positive and false positive. To achieve this goal we introduce Mission Oriented Network Analysis (MONA). This method builds on data correlation to derive network dependencies and manage security events by linking incoming alerts to network dependencies.

USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT

IJNSA Journal

Secure data aggregation technique for wireless sensor networks in the presenc...

LogicMindtech Nologies

This document discusses secure data aggregation techniques for wireless sensor networks in the presence of collusion attacks. It describes how existing iterative filtering algorithms used for data aggregation and trust assessment in sensor networks are vulnerable to sophisticated collusion attacks. The proposed solution improves iterative filtering techniques by providing an initial trust estimate based on robust estimation of individual sensor errors. This makes the algorithms robust against collusion attacks while also making them more accurate and faster converging.

Wormhole attack detection algorithms in wireless network coding systems

Pvrtechnologies Nellore

This document proposes algorithms to detect wormhole attacks in wireless network coding systems. It first discusses how wormhole attacks can severely impact network coding protocols by disrupting routing and introducing unfair workload distributions. It then presents a centralized algorithm that uses a central node to detect wormholes by measuring changes in expected transmission counts. For distributed systems without a central node, it proposes DAWN, a distributed algorithm that examines the order nodes receive innovative packets and their expected transmission counts to detect wormholes. The algorithms aim to detect wormholes using only local information available from regular network coding protocols to keep overhead low. Extensive testing validated the effectiveness and efficiency of the proposed approaches.

DFAA- A Dynamic Flow Aggregation Approach Against SDDOS Attacks in Cloud

IRJET Journal

This document proposes a new method called DFAA (Dynamic Flow Aggregation Approach) to detect periodic shrew distributed denial of service (DDoS) attacks in cloud computing. The method uses frequency-domain characteristics extracted from the autocorrelation of network flows as clustering features. It groups end-user flows using the BIRCH clustering algorithm and then refines the clusters. The evaluation shows the method can categorize abnormal network flows with fast response times and high detection accuracy, while avoiding lower impact groups of abnormal flows.

DDOS Attacks-A Stealthy Way of Implementation and Detection

IJRES Journal

Cloud Computing is a new paradigm provides various host service [paas, saas, Iaas over the internet. According to a self-service,on-demand and pay as you use business model,the customers will obtain the cloud resources and services.It is a virtual shared service.Cloud Computing has three basic abstraction layers System layer(Virtual Machine abstraction of a server),Platform layer(A virtualized operating system, database and webserver of a server and Application layer(It includes Web Applications).Denial of Service attack is an attempt to make a machine or network resource unavailable to the intended user. In DOS a user or organization is deprived of the services of a resource they would normally expect to have.A Successful DOS attack is a highly noticeable event impacting the entire online user base.DOS attack is found by First Mathematical Metrical Method (Rate Controlling,Timing Window,Worst Case and Pattern Matching)DOS attack not only affect the Quality of the service and also affect the performance of the server. DDOS attacks are launched from Botnet-A large Cluster of Connected device(cellphone,pc or router) infected with malware that allow remote control by an attacker. Intruder using SIPDAS in DDOS to perform attack.SIPDAS attack strategies are detected using Heap Space Monitoring Algorithm.

A system for denial of-service attack detection based on multivariate correla...

IGEEKS TECHNOLOGIES

The document proposes a denial-of-service (DoS) attack detection system using multivariate correlation analysis (MCA) to accurately characterize network traffic. It extracts geometric correlations between network traffic features using triangle area maps. This anomaly-based system can detect both known and unknown DoS attacks by learning patterns in legitimate traffic. Evaluation on the KDD Cup 99 dataset shows it outperforms two previous state-of-the-art methods in detection accuracy.

Similar to A rank correlation based detection against distributed reflection do s attacks (20)

Detection and localization of multiple spoofing attackers in wireless networks

Behavioral malware detection in delay tolerant network

DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...

DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...

A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE

Defending against collaborative attacks by

Aa04404164169

Detection of application layer ddos attack using hidden semi markov model (20...

Entropy based DDos Detection in SDN

Review of Flooding Attack Detection in AODV Protocol for Mobile Ad-hoc Network

SUBSIDING ROUTING MISBEHAVIOR IN MANET USING “MIRROR MODEL

Attack tor

USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT

Secure data aggregation technique for wireless sensor networks in the presenc...

Wormhole attack detection algorithms in wireless network coding systems

DFAA- A Dynamic Flow Aggregation Approach Against SDDOS Attacks in Cloud

DDOS Attacks-A Stealthy Way of Implementation and Detection

A system for denial of-service attack detection based on multivariate correla...

Recently uploaded

LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP

RAHUL

This Dissertation explores the particular circumstances of Mirzapur, a region located in the core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal environment for investigating the changes in vegetation cover dynamics. Our study utilizes advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to analyze the transformations that have taken place over the course of a decade. The complex relationship between human activities and the environment has been the focus of extensive research and worry. As the global community grapples with swift urbanization, population expansion, and economic progress, the effects on natural ecosystems are becoming more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for these activities. As the most crucial natural resource, its utilization by humans results in different 'Land uses,' which are determined by both human activities and the physical characteristics of the land. The utilization of land is impacted by human needs and environmental factors. In countries like India, rapid population growth and the emphasis on extensive resource exploitation can lead to significant land degradation, adversely affecting the region's land cover. Therefore, human intervention has significantly influenced land use patterns over many centuries, evolving its structure over time and space. In the present era, these changes have accelerated due to factors such as agriculture and urbanization. Information regarding land use and cover is essential for various planning and management tasks related to the Earth's surface, providing crucial environmental data for scientific, resource management, policy purposes, and diverse human activities. Accurate understanding of land use and cover is imperative for the development planning of any area. Consequently, a wide range of professionals, including earth system scientists, land and water managers, and urban planners, are interested in obtaining data on land use and cover changes, conversion trends, and other related patterns. The spatial dimensions of land use and cover support policymakers and scientists in making well-informed decisions, as alterations in these patterns indicate shifts in economic and social conditions. Monitoring such changes with the help of Advanced technologies like Remote Sensing and Geographic Information Systems is crucial for coordinated efforts across different administrative levels. Advanced technologies like Remote Sensing and Geographic Information Systems 9 Changes in vegetation cover refer to variations in the distribution, composition, and overall structure of plant communities across different temporal and spatial scales. These changes can occur natural.

Your Skill Boost Masterclass: Strategies for Effective Upskilling

Excellence Foundation for South Sudan

UGC NET Exam Paper 1- Unit 1:Teaching Aptitude

S. Raj Kumar

The History of Stoke Newington Street Names

History of Stoke Newington

How to deliver Powerpoint Presentations.pptx

HajraNaeem15

Advanced Java[Extra Concepts, Not Difficult].docx

adhitya5119

Film vocab for eal 3 students: Australia the movie

Nicholas Montgomery

How to Create a More Engaging and Human Online Learning Experience

Wahiba Chair Training & Consulting

Chapter 4 - Islamic Financial Institutions in Malaysia.pptx

Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia

RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students

Himanshu Rai

Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx

siemaillard

BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...

Nguyen Thanh Tu Collection

spot a liar (Haiqa 146).pptx Technical writhing and presentation skills

haiqairshad

คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1

สมใจ จันสุกสี

MARY JANE WILSON, A “BOA MÃE” .

Colégio Santa Teresinha

What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...

GeorgeMilliken2

South African Journal of Science: Writing with integrity workshop (2024)

Academy of Science of South Africa

BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...

Nguyen Thanh Tu Collection

A Independência da América Espanhola LAPBOOK.pdf

Jean Carlos Nunes Paixão

Walmart Business+ and Spark Good for Nonprofits.pdf

TechSoup

"Learn about all the ways Walmart supports nonprofit organizations. You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money. The webinar may also give some examples on how nonprofits can best leverage Walmart Business+. The event will cover the following:: Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping. Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders. Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates. Answers about how you can do more with Walmart!"

Recently uploaded (20)

LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP

Your Skill Boost Masterclass: Strategies for Effective Upskilling

UGC NET Exam Paper 1- Unit 1:Teaching Aptitude

The History of Stoke Newington Street Names

How to deliver Powerpoint Presentations.pptx

Advanced Java[Extra Concepts, Not Difficult].docx

Film vocab for eal 3 students: Australia the movie

How to Create a More Engaging and Human Online Learning Experience

Chapter 4 - Islamic Financial Institutions in Malaysia.pptx

RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students

Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx

BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...

spot a liar (Haiqa 146).pptx Technical writhing and presentation skills

คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1

MARY JANE WILSON, A “BOA MÃE” .

What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...

South African Journal of Science: Writing with integrity workshop (2024)

BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...

A Independência da América Espanhola LAPBOOK.pdf

Walmart Business+ and Spark Good for Nonprofits.pdf

A rank correlation based detection against distributed reflection do s attacks

1. A Rank Correlation Based Detection against Distributed Reflection DoS Attacks ABSTRACT: DDoS presents a serious threat to the Internet since its inception, where lots of controlled hosts flood the victim site with massive packets. Moreover, in Distributed Reflection DoS (DRDoS), attackers fool innocent servers (reflectors) into flushing packets to the victim. But most of current DRDoS detection mechanisms are associated with specific protocols and cannot be used for unknown protocols. It is found that because of being stimulated by the same attacking flow, the responsive flows from reflectors have inherent relations: the packet rate of one converged responsive flow may have linear relationships with another. Based on this observation, the Rank Correlation based Detection (RCD) algorithm is proposed. The preliminary simulations indicate that RCD can differentiate reflection flows from legitimate ones efficiently and effectively, thus can be used as a useable indicator for DRDoS. EXISTING SYSTEM: There have been some packet-level defense methods. Filtering all incoming response packets, which is of low cost, will result in no general access to the

2. remote server. Inspecting packet content and tracking protocol status maybe helpful, but need a lot of computation which is also vulnerable to attacks. Along with more protocols being exploited to launch DRDoS, countermeasures must consider a list of possible protocols with each one treated specifically, and the list needs to be updated in time. So we urgently expect some protocol independent methods to help detecting most kinds of DRDoS. PROPOSED SYSTEM: We investigate the basic traffic pattern introduced near the victim under DRDoS, and propose a general detection method: the Rank Correlation based Detection (RCD). RCD is protocol independent and its computation cost is not affected by network throughput. In RCD, once an attack alarm rises, upstream routers will sample and test rank correlation of suspicious flows and use the correlation value for further detection. Correlation has been successfully used in DDoS detection, e.g., correlation coefficient has been successfully employed to discriminate DDoS attacks from flash crowds. As we know, it is the first time that DRDoS is analyzed and detected using correlation. ADVANTAGES OF PROPOSED SYSTEM: The preliminary simulations indicate that RCD can differentiate reflection flows from legitimate ones efficiently and effectively, thus can be used as a useable indicator for DRDoS.

3. ALGORITHM USED: Spearman’s Rank Correlation The well-known Pearson’s correlation coefficient is suitable for describing the linear relationship. However, due to the background traffic and delay, the linearity may not be obvious. And Pearson’s correlation is sensitive to outliers introduced by traffic bursts. Through experimental comparisons, Spearman’s rank correlation coefficient (Spearman’s rho) is more suitable for detection, where a raw value is converted to a ranked value and then Pearson’s correlation is applied. For a given value, its ranked value is the average of its position(s) in the ascending order of all values. SYSTEM CONFIGURATION:- HARDWARE REQUIREMENTS:-  Processor - Pentium –IV  Speed - 1.1 Ghz

4.  RAM - 512 MB(min)  Hard Disk - 40 GB  Key Board - Standard Windows Keyboard  Mouse - Two or Three Button Mouse  Monitor - LCD/LED SOFTWARE REQUIREMENTS:-  Operating System : LINUX  Tool : Network Simulator-2  Front End : OTCL (Object Oriented Tool Command Language) REFERENCE: Wei Wei, Feng Chen, Yingjie Xia, and Guang Jin, “A Rank Correlation Based Detection against Distributed Reflection DoS Attacks”, IEEE COMMUNICATIONS LETTERS, VOL. 17, NO. 1, JANUARY 2013

A rank correlation based detection against distributed reflection do s attacks

Recommended

Recommended

More Related Content

What's hot

What's hot (13)

Viewers also liked

Viewers also liked (19)

Similar to A rank correlation based detection against distributed reflection do s attacks

Similar to A rank correlation based detection against distributed reflection do s attacks (20)

Recently uploaded

Recently uploaded (20)

A rank correlation based detection against distributed reflection do s attacks