This document summarizes an algorithm called the GI (Group Intruders) Time Frequency Algorithm that is proposed to identify hackers attempting distributed denial of service (DDoS) attacks on websites. The algorithm works by maintaining a history of all user access to the site that includes their IP address and time/date of each access. It identifies users that access the site repeatedly from the same IP address on a single date by calculating the average time between accesses. If the time frequency of accesses exceeds a predefined threshold, the user is added to an intruders list to deny future access. This aims to improve server performance by preventing hackers from overloading the server with requests.
Controlling ip spoofing through inter domain packet filters(synopsis)Mumbai Academisc
This document proposes an inter-domain packet filter (IDPF) architecture to mitigate IP spoofing and distributed denial-of-service (DDoS) attacks. The IDPF relies on Border Gateway Protocol (BGP) route updates exchanged between autonomous systems to infer the validity of packet source addresses forwarded by neighbors. Simulation results show that even partial deployment of IDPFs can limit spoofing capabilities of attackers and help localize the origin of attack packets. The document outlines the existing use of ingress filtering, describes the proposed IDPF system using BGP information, lists the system requirements, and defines modules for checking local networks, encrypting/decrypting content, and using BGP to route packets while detecting unauthorized senders.
BasepaperControlling IP Spoofing through Interdomain Packet Filtersbhasker nalaveli
This document discusses controlling IP spoofing through interdomain packet filters (IDPFs). It proposes an IDPF architecture that can mitigate IP spoofing without requiring global routing information. IDPFs are constructed using information from Border Gateway Protocol (BGP) route updates and deployed in border routers. Simulation results show that even partial deployment of IDPFs can limit spoofing capability of attackers and help localize the origin of attack packets.
This document summarizes a research paper that proposes improvements to the probabilistic packet marking (PPM) algorithm for detecting the path of distributed denial-of-service attacks. The PPM algorithm allows routers to mark attack packets with identification information based on a predetermined probability. However, its termination condition is not well-defined, which can result in an incorrectly constructed attack path. The paper proposes a modified PPM algorithm called rectified PPM (RPPM) that defines a precise termination condition to guarantee the constructed attack path is correct with a specified level of confidence. An experimental framework is designed to test the RPPM algorithm under different packet marking probabilities and network structures.
A Denial-of-Service (DoS) attack shuts down a machine or a network to make it inaccessible to its intended users. This PPT sheds light upon this kind of a cyberattack and its types, to increase awareness related to the threat that it poses to web servers and applications.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
Efficient packet marking for large scale ip trace back(synopsis)Mumbai Academisc
This document proposes a new probabilistic packet marking (PPM) approach for large-scale IP traceback that improves efficiency and accuracy of traceback and provides incentives for ISPs to deploy traceback. The approach uses a new IP header encoding scheme to store a router's full identification in a single packet, eliminating issues from fragmented IDs. It also does not disclose router IP addresses, alleviating security concerns for ISPs. The approach can control the distribution of marking information to potentially create revenue as a value-added service for ISPs.
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSijp2p
Peer-to-Peer systems form logical overlay networks on top of the Internet. Essentially, peers randomly
choose logical neighbours without any knowledge about underlying physical topology. This may cause
inefficient communications among peers. This topology mismatch problem may result in poor
performance and scalability for Peer-to-Peer systems. A possible way to improve the performance of
Peer-to-Peer systems is the overlay network construction based on the knowledge of the physical network
topology. In this paper, we will propose the use of the “Record Route” and “Timestamp” options
supported in the IP protocol to explore the paths between peers. By the topology-aware peer selection,
our approach outperforms traditional P2P systems using random peer selection. Our approach only
incurs a low overhead and can be deployed easily in various P2P systems.
The document proposes two new autonomous system (AS) traceback techniques to identify the AS of the attacker launching a denial-of-service (DoS) attack. The first technique, called Prevent Overwriting AS Traceback (POAST), marks packets with a dynamic probability and protects marked packets from being overwritten. It encodes the attacking AS number instead of router IP addresses. The second technique, called Efficient AS Traceback (EAST), is also described but not in detail. Both are evaluated to have better performance than existing probabilistic packet marking techniques for traceback by reducing the number of packets and routers required.
Controlling ip spoofing through inter domain packet filters(synopsis)Mumbai Academisc
This document proposes an inter-domain packet filter (IDPF) architecture to mitigate IP spoofing and distributed denial-of-service (DDoS) attacks. The IDPF relies on Border Gateway Protocol (BGP) route updates exchanged between autonomous systems to infer the validity of packet source addresses forwarded by neighbors. Simulation results show that even partial deployment of IDPFs can limit spoofing capabilities of attackers and help localize the origin of attack packets. The document outlines the existing use of ingress filtering, describes the proposed IDPF system using BGP information, lists the system requirements, and defines modules for checking local networks, encrypting/decrypting content, and using BGP to route packets while detecting unauthorized senders.
BasepaperControlling IP Spoofing through Interdomain Packet Filtersbhasker nalaveli
This document discusses controlling IP spoofing through interdomain packet filters (IDPFs). It proposes an IDPF architecture that can mitigate IP spoofing without requiring global routing information. IDPFs are constructed using information from Border Gateway Protocol (BGP) route updates and deployed in border routers. Simulation results show that even partial deployment of IDPFs can limit spoofing capability of attackers and help localize the origin of attack packets.
This document summarizes a research paper that proposes improvements to the probabilistic packet marking (PPM) algorithm for detecting the path of distributed denial-of-service attacks. The PPM algorithm allows routers to mark attack packets with identification information based on a predetermined probability. However, its termination condition is not well-defined, which can result in an incorrectly constructed attack path. The paper proposes a modified PPM algorithm called rectified PPM (RPPM) that defines a precise termination condition to guarantee the constructed attack path is correct with a specified level of confidence. An experimental framework is designed to test the RPPM algorithm under different packet marking probabilities and network structures.
A Denial-of-Service (DoS) attack shuts down a machine or a network to make it inaccessible to its intended users. This PPT sheds light upon this kind of a cyberattack and its types, to increase awareness related to the threat that it poses to web servers and applications.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
Efficient packet marking for large scale ip trace back(synopsis)Mumbai Academisc
This document proposes a new probabilistic packet marking (PPM) approach for large-scale IP traceback that improves efficiency and accuracy of traceback and provides incentives for ISPs to deploy traceback. The approach uses a new IP header encoding scheme to store a router's full identification in a single packet, eliminating issues from fragmented IDs. It also does not disclose router IP addresses, alleviating security concerns for ISPs. The approach can control the distribution of marking information to potentially create revenue as a value-added service for ISPs.
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSijp2p
Peer-to-Peer systems form logical overlay networks on top of the Internet. Essentially, peers randomly
choose logical neighbours without any knowledge about underlying physical topology. This may cause
inefficient communications among peers. This topology mismatch problem may result in poor
performance and scalability for Peer-to-Peer systems. A possible way to improve the performance of
Peer-to-Peer systems is the overlay network construction based on the knowledge of the physical network
topology. In this paper, we will propose the use of the “Record Route” and “Timestamp” options
supported in the IP protocol to explore the paths between peers. By the topology-aware peer selection,
our approach outperforms traditional P2P systems using random peer selection. Our approach only
incurs a low overhead and can be deployed easily in various P2P systems.
The document proposes two new autonomous system (AS) traceback techniques to identify the AS of the attacker launching a denial-of-service (DoS) attack. The first technique, called Prevent Overwriting AS Traceback (POAST), marks packets with a dynamic probability and protects marked packets from being overwritten. It encodes the attacking AS number instead of router IP addresses. The second technique, called Efficient AS Traceback (EAST), is also described but not in detail. Both are evaluated to have better performance than existing probabilistic packet marking techniques for traceback by reducing the number of packets and routers required.
The document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks. It describes different types of DoS attacks such as sending malformed packets to exploit protocol or application flaws. It notes that DDoS attacks involve aggregating malicious traffic from many zombie machines to flood the victim with packets. Most defense methods focus on mitigating bandwidth consumption from packet flooding. However, attackers may also directly target applications to exhaust computational resources. The document proposes an acknowledgment-based port hopping protocol for secure communication between a sender and receiver that is resistant to such attacks.
An enhanced ip traceback mechanism for tracking the attack source using packe...IAEME Publication
The document discusses an enhanced IP traceback mechanism (EITM) to more efficiently trace the source of distributed denial of service (DDoS) attacks. EITM aims to reduce the number of packets required for traceback by improving existing linear and remainder packet marking schemes. It analyzes challenges in tracing attackers due to the stateless nature of the internet and proposes that an effective traceback scheme minimizes required packets. The main goal is a mechanism that needs a number of packets almost equal to the number of hops to reconstruct the attack path more efficiently.
A precise termination condition of the probabilistic packet marking algorithm...Mumbai Academisc
This document summarizes a research project that proposes a precise termination condition for the probabilistic packet marking (PPM) algorithm. The PPM algorithm allows routers to encode path information onto packets during a denial of service (DoS) attack, enabling the victim to reconstruct the attack graph. However, the existing PPM algorithm lacks a well-defined termination condition, and cannot handle multiple attackers. The proposed project aims to define a termination condition to ensure the reconstructed graph accurately represents the actual attack paths. It also extends the algorithm to support tracing packets from multiple attackers.
This document summarizes research on low-resource routing attacks against anonymous communication systems like Tor. The researchers developed attacks where malicious nodes with few resources can compromise the anonymity of many users by exploiting preferential routing mechanisms. In experiments, a small number of malicious nodes falsely claiming high bandwidth compromised over 46% of paths in a Tor network, undermining theoretical models suggesting strong anonymity. Defenses are discussed to prevent low-resource adversaries from influencing routing.
IRJET- Simulation Analysis of a New Startup Algorithm for TCP New RenoIRJET Journal
This document presents a simulation analysis of a new startup algorithm for TCP New Reno to improve responsiveness for short-lived applications. The proposed TCP SYN Loss (TSL) startup algorithm uses a less conservative congestion response than standard TCP when connection setup packets are lost. Simulations are conducted using the ns-2 network simulator to evaluate the performance of TSL variants under different levels of congestion. The main results show that TSL variants can achieve an average latency gain of 15 round-trip times compared to standard TCP at up to 90% link utilization with a packet loss rate of 1%.
Speedy ip trace back(sipt) for identifying sadhanSadan Kumar
The document proposes a new method called Speedy IP Traceback (SIPT) to identify denial-of-service attacks. SIPT works by having routers insert the media access control (MAC) address of the client and the router's IP address into packets. This allows the destination to identify the attacker's boundary router and MAC address, tracing the attack path. Traditionally, mechanisms like ingress filtering, link testing, and packet marking have been used but have not kept pace with evolving attacks. SIPT provides a more direct way to find the router connected to the attacker.
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...ijsptm
The IP(Internet Protocol) spoofing is a technique that consists in replacing the IP address of the sender by
another sender’s address. This technique allows the attacker to send a message without being intercepted
by the firewall. The most used method to deal with such attacks is the technique called "Network Ingress
Filtering". This technique has been used, initially, forIPv4 networks, but its principles, are currently
extended toIPv6 networks.Unfortunately, it has some limitations, the main is its accuracy. To improve
safety conditions, we applied the "First-Come First-Serve (FCFS)" technique, applied for IPV6 networks,
and developed by the "Internet Engineering Task Force (IETF)" within its working group "Source Address
Validation Improvements (SAVI)", which is currently being standardization. In this paper, we remember
the course of an attack by IP Spoofing and expose the threats it entails.Then, we explain the "Network
Ingress Filtering" technique. Next, We present the FCFS SAVI method and methodology that we have
adopted for its implementation.Finally, we, followingthe results, discuss and compare the advantages,
disadvantages andlimitations of the FCFSSAVI methodto thoseknown in the "Network Ingress Filtering"
technique. FCFS SAVI method is more effective than the technique of "Network Ingress Filtering", but
requires some improvements, for dealing with limitations it presents.
Detecting Misbehavior Nodes Using Secured Delay Tolerant NetworkIRJET Journal
This document proposes a method called Statistical-based Detection of Blackhole and Greyhole attackers (SDBG) to detect misbehaving nodes in delay tolerant networks. SDBG can detect both individual misbehaving nodes as well as nodes that are colluding together. It works by having each node record encounter data with other nodes, including the number of messages sent and received. Individual nodes that drop many messages can be detected based on having a low message forwarding ratio. Colluding nodes can be detected because they will have sent many messages to each other to fake good behavior. The method aims to accurately detect misbehaving nodes while keeping false positives low. Extensive simulations showed it can work well across different network conditions.
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
This document discusses a proposed scheme to detect application layer distributed denial of service (App-DDoS) attacks using hidden semi-Markov models. It begins by describing how current techniques have difficulty distinguishing App-DDoS attacks from normal flash crowds based on traffic characteristics alone. The proposed scheme aims to capture spatial-temporal patterns during normal flash crowds using an Access Matrix, and then uses a hidden semi-Markov model to analyze dynamics of the Access Matrix and detect anomalies indicating potential App-DDoS attacks. It argues this approach can more effectively identify if traffic surges are caused by attackers or normal users compared to existing detection systems.
A novel token based approach towards packet loss controleSAT Journals
This document summarizes a research paper that proposes a novel congestion control mechanism called Stable Token-Limited Congestion Control (STLCC). STLCC monitors inter-domain traffic rates and limits the number of tokens to control congestion and improve network performance. The authors implemented STLCC in a prototype application and found that it was effective at controlling packet loss and improving network performance compared to other congestion control methods. They concluded that STLCC can automatically measure and reduce congestion to allocate network resources stably.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
As growth of internet and computer increase day by day so as the growth of attacks on network is also
tremendously increased day by day. In this paper we introduced a wired network and create two TCP
source node and one attacker node (Distributed denial-of-service) flooding type attack which is the attack
on the bandwidth of TCP node at source side sends data to destination through router and also measure the
impact of Denial-of-service attack (DoS) on that wired network how packets of other source nodes and that
node will drop down due to the impact of flooding type denial-of-service attack and shows the result using
NS-2 NAM & Xgraph windows in simulation.
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSIJNSA Journal
Denial of service (DoS) is a significant security threat in open networks such as the Internet. The existing limitations of the Internet protocols and the common availability tools make a DoS attack both effective and easy to launch. There are many different forms of DoS attack and the attack size could be amplified from a single attacker to a distributed attack such as a distributed denial of service (DDoS). IP traceback is one important tool proposed as part of DoS mitigation and a number of traceback techniques have been proposed including probabilistic packet marking (PPM). PPM is a promising technique that can be used to trace the complete path back from a victim to the attacker by encoding of each router's 32-bit IP address in at least one packet of a traffic flow. However, in a network with multiple hops through a number of autonomous systems (AS), as is common with most Internet services, it may be undesirable for every router to contribute to packet marking or for an AS to reveal its internal routing structure. This paper proposes two new efficient autonomous system (AS) traceback techniques to identify the AS of the attacker by probabilistically marking the packets. Traceback on the AS level has a number of advantages including a reduction in the number of bits to be encoded and a reduction in the number of routers that need to participate in the marking. Our results show a better performance comparing to PPM and other techniques.
A computer network plays a major part in the development of any industry. Nowadays, in this fast paced
networking world each and every industry depends on internet for their progress. As said above this is the fast
paced world, the attack to disable the progress are also fast paced. DDoS (Distributed Denial of Service) is one
among them. Though it is one of the many attacks, they temporarily disable a service provided by the company.
This paper proposes a series of steps which not only checks the possible attack but also tries its best to thwart
them. Instead of going for conventional approach of blocking the excess traffic, the proposed approach will
prolong the access to the service. In the mean time checking for the possible attack is done. Thus, not only it
thwarts the attacks but also gives them reliable user their access with a little bit of delay, resulting in high
reliability.
This document discusses network tunneling protocols and tools. It describes how protocols like SSH, GRE, and ICMP can be used to encapsulate other protocols and bypass network restrictions. Examples of network tunneling tools that operate over HTTP, DNS, and ICMP are provided. The document notes both legitimate and malicious uses of tunneling, and outlines challenges in detecting tunneling traffic and payloads.
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
When service system is under DDoS attacks, it is important to detect anomaly signature at starting time of attack for timely applying prevention solutions. However, early DDoS detection is difficult task because the velocity of DDoS attacks is very high. This paper proposes a DDoS attack detection method by modeling service system as M/G/R PS queue and calculating monitoring parameters based on the model in odder to
early detect symptom of DDoS attacks. The proposed method is validated by experimental system and it gives good results.
This document summarizes a research paper that proposes an inter-domain packet filter (IDPF) architecture to mitigate IP spoofing on the Internet. The IDPF constructs packet filters from information in Border Gateway Protocol (BGP) route updates and deploys them in network border routers. The IDPF framework is shown to correctly filter packets with valid source addresses, based on the single-path routing assumption. Simulation results demonstrate that even partial IDPF deployment can effectively limit spoofing capability and help localize attack origins. The paper establishes the relationship between IDPF effectiveness and the power-law topology of Internet autonomous systems.
This document proposes an inter-domain packet filter (IDPF) architecture to mitigate IP spoofing on the internet. The IDPFs are constructed using information from BGP route updates exchanged between autonomous systems, without requiring global routing information. Simulation results show that even partial deployment of IDPFs can limit an attacker's ability to spoof packets and help localize the origin of attack packets.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to current tools.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to simplified models currently used. The simulator could help study defenses against problems like IP spoofing, DDoS attacks, and worms.
PROACTIVE DETECTION OF DDOS ATTACKS IN PUBLISH-SUBSCRIBE NETWORKSIJNSA Journal
Information centric networking (ICN) using architectures such as Publish-Subscribe Internet Routing Paradigm (PSIRP) or Publish-Subscribe Internet Technology (PURSUIT) has been proposed as an important candidate for the Internet of the future. ICN is an emerging research area that proposes a transformation of the current host centric Internet architecture into an architecture where information items are of primary importance. This change allows network functions such as routing and locating to be optimized based on the information items themselves. The Bloom filter based content delivery is a sourcerouting scheme that is used in the PSIRP/PURSUIT architectures. Although this mechanism solves many issues of today’s Internet such as the growth of the routing table and the scalability problems, it is vulnerable to distributed denial-of-service (DDoS) attacks. In this paper, we present a new content delivery scheme that has the advantages of Bloom filter based approach while at the same time being able to prevent DDoS attacks on the forwarding mechanism. Our security analysis suggests that with the proposed approach, the forwarding plane is able to resist attacks such as DDoS with very high probability.
The document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks. It describes different types of DoS attacks such as sending malformed packets to exploit protocol or application flaws. It notes that DDoS attacks involve aggregating malicious traffic from many zombie machines to flood the victim with packets. Most defense methods focus on mitigating bandwidth consumption from packet flooding. However, attackers may also directly target applications to exhaust computational resources. The document proposes an acknowledgment-based port hopping protocol for secure communication between a sender and receiver that is resistant to such attacks.
An enhanced ip traceback mechanism for tracking the attack source using packe...IAEME Publication
The document discusses an enhanced IP traceback mechanism (EITM) to more efficiently trace the source of distributed denial of service (DDoS) attacks. EITM aims to reduce the number of packets required for traceback by improving existing linear and remainder packet marking schemes. It analyzes challenges in tracing attackers due to the stateless nature of the internet and proposes that an effective traceback scheme minimizes required packets. The main goal is a mechanism that needs a number of packets almost equal to the number of hops to reconstruct the attack path more efficiently.
A precise termination condition of the probabilistic packet marking algorithm...Mumbai Academisc
This document summarizes a research project that proposes a precise termination condition for the probabilistic packet marking (PPM) algorithm. The PPM algorithm allows routers to encode path information onto packets during a denial of service (DoS) attack, enabling the victim to reconstruct the attack graph. However, the existing PPM algorithm lacks a well-defined termination condition, and cannot handle multiple attackers. The proposed project aims to define a termination condition to ensure the reconstructed graph accurately represents the actual attack paths. It also extends the algorithm to support tracing packets from multiple attackers.
This document summarizes research on low-resource routing attacks against anonymous communication systems like Tor. The researchers developed attacks where malicious nodes with few resources can compromise the anonymity of many users by exploiting preferential routing mechanisms. In experiments, a small number of malicious nodes falsely claiming high bandwidth compromised over 46% of paths in a Tor network, undermining theoretical models suggesting strong anonymity. Defenses are discussed to prevent low-resource adversaries from influencing routing.
IRJET- Simulation Analysis of a New Startup Algorithm for TCP New RenoIRJET Journal
This document presents a simulation analysis of a new startup algorithm for TCP New Reno to improve responsiveness for short-lived applications. The proposed TCP SYN Loss (TSL) startup algorithm uses a less conservative congestion response than standard TCP when connection setup packets are lost. Simulations are conducted using the ns-2 network simulator to evaluate the performance of TSL variants under different levels of congestion. The main results show that TSL variants can achieve an average latency gain of 15 round-trip times compared to standard TCP at up to 90% link utilization with a packet loss rate of 1%.
Speedy ip trace back(sipt) for identifying sadhanSadan Kumar
The document proposes a new method called Speedy IP Traceback (SIPT) to identify denial-of-service attacks. SIPT works by having routers insert the media access control (MAC) address of the client and the router's IP address into packets. This allows the destination to identify the attacker's boundary router and MAC address, tracing the attack path. Traditionally, mechanisms like ingress filtering, link testing, and packet marking have been used but have not kept pace with evolving attacks. SIPT provides a more direct way to find the router connected to the attacker.
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...ijsptm
The IP(Internet Protocol) spoofing is a technique that consists in replacing the IP address of the sender by
another sender’s address. This technique allows the attacker to send a message without being intercepted
by the firewall. The most used method to deal with such attacks is the technique called "Network Ingress
Filtering". This technique has been used, initially, forIPv4 networks, but its principles, are currently
extended toIPv6 networks.Unfortunately, it has some limitations, the main is its accuracy. To improve
safety conditions, we applied the "First-Come First-Serve (FCFS)" technique, applied for IPV6 networks,
and developed by the "Internet Engineering Task Force (IETF)" within its working group "Source Address
Validation Improvements (SAVI)", which is currently being standardization. In this paper, we remember
the course of an attack by IP Spoofing and expose the threats it entails.Then, we explain the "Network
Ingress Filtering" technique. Next, We present the FCFS SAVI method and methodology that we have
adopted for its implementation.Finally, we, followingthe results, discuss and compare the advantages,
disadvantages andlimitations of the FCFSSAVI methodto thoseknown in the "Network Ingress Filtering"
technique. FCFS SAVI method is more effective than the technique of "Network Ingress Filtering", but
requires some improvements, for dealing with limitations it presents.
Detecting Misbehavior Nodes Using Secured Delay Tolerant NetworkIRJET Journal
This document proposes a method called Statistical-based Detection of Blackhole and Greyhole attackers (SDBG) to detect misbehaving nodes in delay tolerant networks. SDBG can detect both individual misbehaving nodes as well as nodes that are colluding together. It works by having each node record encounter data with other nodes, including the number of messages sent and received. Individual nodes that drop many messages can be detected based on having a low message forwarding ratio. Colluding nodes can be detected because they will have sent many messages to each other to fake good behavior. The method aims to accurately detect misbehaving nodes while keeping false positives low. Extensive simulations showed it can work well across different network conditions.
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
This document discusses a proposed scheme to detect application layer distributed denial of service (App-DDoS) attacks using hidden semi-Markov models. It begins by describing how current techniques have difficulty distinguishing App-DDoS attacks from normal flash crowds based on traffic characteristics alone. The proposed scheme aims to capture spatial-temporal patterns during normal flash crowds using an Access Matrix, and then uses a hidden semi-Markov model to analyze dynamics of the Access Matrix and detect anomalies indicating potential App-DDoS attacks. It argues this approach can more effectively identify if traffic surges are caused by attackers or normal users compared to existing detection systems.
A novel token based approach towards packet loss controleSAT Journals
This document summarizes a research paper that proposes a novel congestion control mechanism called Stable Token-Limited Congestion Control (STLCC). STLCC monitors inter-domain traffic rates and limits the number of tokens to control congestion and improve network performance. The authors implemented STLCC in a prototype application and found that it was effective at controlling packet loss and improving network performance compared to other congestion control methods. They concluded that STLCC can automatically measure and reduce congestion to allocate network resources stably.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
As growth of internet and computer increase day by day so as the growth of attacks on network is also
tremendously increased day by day. In this paper we introduced a wired network and create two TCP
source node and one attacker node (Distributed denial-of-service) flooding type attack which is the attack
on the bandwidth of TCP node at source side sends data to destination through router and also measure the
impact of Denial-of-service attack (DoS) on that wired network how packets of other source nodes and that
node will drop down due to the impact of flooding type denial-of-service attack and shows the result using
NS-2 NAM & Xgraph windows in simulation.
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSIJNSA Journal
Denial of service (DoS) is a significant security threat in open networks such as the Internet. The existing limitations of the Internet protocols and the common availability tools make a DoS attack both effective and easy to launch. There are many different forms of DoS attack and the attack size could be amplified from a single attacker to a distributed attack such as a distributed denial of service (DDoS). IP traceback is one important tool proposed as part of DoS mitigation and a number of traceback techniques have been proposed including probabilistic packet marking (PPM). PPM is a promising technique that can be used to trace the complete path back from a victim to the attacker by encoding of each router's 32-bit IP address in at least one packet of a traffic flow. However, in a network with multiple hops through a number of autonomous systems (AS), as is common with most Internet services, it may be undesirable for every router to contribute to packet marking or for an AS to reveal its internal routing structure. This paper proposes two new efficient autonomous system (AS) traceback techniques to identify the AS of the attacker by probabilistically marking the packets. Traceback on the AS level has a number of advantages including a reduction in the number of bits to be encoded and a reduction in the number of routers that need to participate in the marking. Our results show a better performance comparing to PPM and other techniques.
A computer network plays a major part in the development of any industry. Nowadays, in this fast paced
networking world each and every industry depends on internet for their progress. As said above this is the fast
paced world, the attack to disable the progress are also fast paced. DDoS (Distributed Denial of Service) is one
among them. Though it is one of the many attacks, they temporarily disable a service provided by the company.
This paper proposes a series of steps which not only checks the possible attack but also tries its best to thwart
them. Instead of going for conventional approach of blocking the excess traffic, the proposed approach will
prolong the access to the service. In the mean time checking for the possible attack is done. Thus, not only it
thwarts the attacks but also gives them reliable user their access with a little bit of delay, resulting in high
reliability.
This document discusses network tunneling protocols and tools. It describes how protocols like SSH, GRE, and ICMP can be used to encapsulate other protocols and bypass network restrictions. Examples of network tunneling tools that operate over HTTP, DNS, and ICMP are provided. The document notes both legitimate and malicious uses of tunneling, and outlines challenges in detecting tunneling traffic and payloads.
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
When service system is under DDoS attacks, it is important to detect anomaly signature at starting time of attack for timely applying prevention solutions. However, early DDoS detection is difficult task because the velocity of DDoS attacks is very high. This paper proposes a DDoS attack detection method by modeling service system as M/G/R PS queue and calculating monitoring parameters based on the model in odder to
early detect symptom of DDoS attacks. The proposed method is validated by experimental system and it gives good results.
This document summarizes a research paper that proposes an inter-domain packet filter (IDPF) architecture to mitigate IP spoofing on the Internet. The IDPF constructs packet filters from information in Border Gateway Protocol (BGP) route updates and deploys them in network border routers. The IDPF framework is shown to correctly filter packets with valid source addresses, based on the single-path routing assumption. Simulation results demonstrate that even partial IDPF deployment can effectively limit spoofing capability and help localize attack origins. The paper establishes the relationship between IDPF effectiveness and the power-law topology of Internet autonomous systems.
This document proposes an inter-domain packet filter (IDPF) architecture to mitigate IP spoofing on the internet. The IDPFs are constructed using information from BGP route updates exchanged between autonomous systems, without requiring global routing information. Simulation results show that even partial deployment of IDPFs can limit an attacker's ability to spoof packets and help localize the origin of attack packets.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to current tools.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to simplified models currently used. The simulator could help study defenses against problems like IP spoofing, DDoS attacks, and worms.
PROACTIVE DETECTION OF DDOS ATTACKS IN PUBLISH-SUBSCRIBE NETWORKSIJNSA Journal
Information centric networking (ICN) using architectures such as Publish-Subscribe Internet Routing Paradigm (PSIRP) or Publish-Subscribe Internet Technology (PURSUIT) has been proposed as an important candidate for the Internet of the future. ICN is an emerging research area that proposes a transformation of the current host centric Internet architecture into an architecture where information items are of primary importance. This change allows network functions such as routing and locating to be optimized based on the information items themselves. The Bloom filter based content delivery is a sourcerouting scheme that is used in the PSIRP/PURSUIT architectures. Although this mechanism solves many issues of today’s Internet such as the growth of the routing table and the scalability problems, it is vulnerable to distributed denial-of-service (DDoS) attacks. In this paper, we present a new content delivery scheme that has the advantages of Bloom filter based approach while at the same time being able to prevent DDoS attacks on the forwarding mechanism. Our security analysis suggests that with the proposed approach, the forwarding plane is able to resist attacks such as DDoS with very high probability.
PROACTIVE DETECTION OF DDOS ATTACKS IN PUBLISH-SUBSCRIBE NETWORKSIJNSA Journal
The document summarizes research on proactively detecting DDoS attacks in publish-subscribe networks. It discusses how information-centric networking (ICN) using architectures like PURSUIT improve on the current internet architecture but are still vulnerable to DDoS attacks. The document then proposes a new content delivery scheme that prevents DDoS attacks through the use of network capabilities while maintaining the advantages of Bloom filter-based approaches used in PURSUIT. Security analysis suggests the proposed approach can resist DDoS attacks with high probability by making packet forwarding stateless and resistant to computational and replay attacks.
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
As technology is running on its wheels, networking has turned into one of our basic aspects. In this world along with
networking inimical vulnerabilities are also advancing in a drastic manner, resulting in perilous security threats. This calls for the great
need of network security. ARP spoofing is one of the most common MITM attacks in the LAN. This attack can show critical
implications for internet users especially in stealing sensitive information’s such as passwords. Beyond this it can facilitate other
attacks like denial of service(DOS), session hijacking etc..,. In this paper we are proposing a new method by encrypting MAC address
to shield from ARP cache poisoning
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
1) The document proposes a method for early detection of DDoS attacks by modeling a service system as an M/G/R processor sharing queue.
2) It calculates monitoring parameters based on the queue model in order to detect symptoms of DDoS attacks early.
3) Experimental results show the proposed method detects DDoS attacks with high true positive and true negative rates compared to an entropy-based detection method.
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
1) The document proposes a method for early detection of DDoS attacks based on modeling a service system as an M/G/R processor sharing queue.
2) It involves sampling system resources over time, calculating resource utilization and variance parameters, and comparing a degradation index to a threshold to detect anomalous degradation indicative of an attack.
3) Experimental results show the proposed method achieved higher rates of true positives and true negatives for DDoS detection compared to an entropy-based detection method, demonstrating its effectiveness at early detection.
This document proposes a novel method to defend against IP spoofing attacks using packet filtering and marking techniques. It involves a network architecture model with trusted nodes that can access each other after authentication. The proposed method uses packet tracing and cooperation between trusted adjacent nodes to detect and block spoofed packets entering the trusted network from external sources. It aims to effectively defend against distributed denial of service attacks and IP spoofing attacks.
An improved ip traceback mechanism for network securityeSAT Journals
This document summarizes several existing IP traceback techniques and proposes a new hybrid approach. It discusses disadvantages of current techniques like high storage and bandwidth overhead. The proposed approach aims to reduce these overheads while maintaining single-packet traceability. It would reduce the number of routers queried and storage required by 2/3 compared to existing approaches. The approach was analyzed using the CAIDA dataset but has not been tested in a real-time network. The document concludes future work could develop a real-time traceback mechanism to identify attacks within a network.
The Fight against IP Spoofing Attacks: Network Ingress Filtering Versus First...ClaraZara1
The IP(Internet Protocol) spoofing is a technique that consists in replacing the IP address of the sender by another sender’s address. This technique allows the attacker to send a message without being intercepted by the firewall. The most used method to deal with such attacks is the technique called "Network Ingress Filtering". This technique has been used, initially, forIPv4 networks, but its principles, are currently extended toIPv6 networks.Unfortunately, it has some limitations, the main is its accuracy. To improve safety conditions, we applied the "First-Come First-Serve (FCFS)" technique, applied for IPV6 networks, and developed by the "Internet Engineering Task Force (IETF)" within its working group "Source Address Validation Improvements (SAVI)", which is currently being standardization. In this paper, we remember the course of an attack by IP Spoofing and expose the threats it entails.Then, we explain the "Network Ingress Filtering" technique. Next, We present the FCFS SAVI method and methodology that we have adopted for its implementation.Finally, we, followingthe results, discuss and compare the advantages, disadvantages andlimitations of the FCFSSAVI methodto thoseknown in the "Network Ingress Filtering" technique. FCFS SAVI method is more effective than the technique of "Network Ingress Filtering", but requires some improvements, for dealing with limitations it presents.
Hypertext transfer protocol performance analysis in traditional and software ...IJECEIAES
The extensive use of the internet has resulted in novel technologies and protocol improvisation. Hypertext transfer protocol/1.1 (HTTP/1.1) is widely adapted on the internet. However, HTTP/2 is found to be more efficient over transport control protocol (TCP). The HTTP/2 protocol can withstand the payload overhead when compared to HTTP/1.1 by multiplexing multiple requests. However, both the protocols are highly susceptible to applicationlevel denial of service (DoS) attacks. In this research, a slow-rate DoS attack called Slowloris is detected over Apache2 servers enabled with both versions of HTTP in traditional networks and software defined networks (SDN). Server metrics such as server connection time to the webpage, latency in receiving a response from the server, page load time, response-response gap, and inter-packet arrival time at the server are monitored to analyze attack activity. A Monte Carlo simulation is used to estimate threshold values for server connection time and latency for attack detection. This work is implemented in a lab environment using virtual machines, Ryu controller, zodiac FX OpenFlow switch and Apache2 servers. This study also highlights SDN's security benefits over traditional networks.
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. A distributed denial-of-service attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. The proposed system suggests a mechanism based on entropy variations between normal and DDoS attack traffic. Entropy is an information theoretic concept, which is a measure of randomness. The proposed method employs entropy variation to measure changes of randomness of flows. The implementation of the proposed method brings no modifications on current routing software.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
The document discusses routing security issues on the internet and proposes solutions through the Mutually Agreed Norms for Routing Security (MANRS) initiative. It outlines how routing works and common issues like route hijacking. It then details the MANRS framework, which establishes baseline security recommendations and builds a community to promote adoption. The goals are to reduce routing incidents through concerted action and make routing more resilient without regulation. Metrics and tools are provided to help operators implement recommendations and measure progress over time.
This paper proposes a system called FireCol for detecting and preventing distributed denial-of-service (DDoS) attacks. FireCol uses a distributed architecture of multiple intrusion prevention systems (IPS) forming protective rings around subscribed users. The IPS devices collaborate by exchanging traffic information to calculate scores for potential attacks. If a high score indicates a potential DDoS attack, the protective rings use parallel communication to verify the attack near the source before it reaches the victim. Simulation results show FireCol can effectively detect DDoS attacks while imposing low overhead and supporting scalability.
IRJET- Constructing Inter Domain Packet Filter for Controlling IP SpoofingIRJET Journal
This document proposes an Inter Domain Packet Filter (IDPF) architecture to reduce IP spoofing on the internet. The IDPF architecture takes advantage of the limited number of feasible paths between autonomous systems (ASes) implied by their commercial relationships. It constructs packet filters based on routing information exchanged in Border Gateway Protocol (BGP) updates between neighboring ASes, without requiring global routing knowledge. Simulation studies show that even partial deployment of IDPFs can help localize the source of attack packets and limit attackers' ability to spoof IP addresses.
A survey on Stack Path Identification and Encryption Adopted as Spoofing Defe...IOSR Journals
Abstract: Spoofing attacks are a constant nag in the information world, so many methodologies have been
invented to reduce on its effects but still there is a lot left to be desired. The kind of impact that this attacks have
on Electronic Payment Systems is so detrimental to the economic world given that this systems are viewed as
performance enhancers on payments. This study elaborates two methodologies a combination of StackPi and
Encryption as spoofing defense methodologies. Billions of shillings are lost in this rollercoaster thus giving rise
to a situation that deserves undivided attention and should be researched on. A profound argument on the
methodologies that have been used in this mission to eradicate spoofing attacks, the limitations that they posses
and other methodologies that have been brought in play to succeed them elicits an interesting he strategy of
integrating or combining methodologies and the benefits that this strategy contributes to curbing spoofing
attacks. With that knowledge underhand, it can be justified why the combination of Stack Pi and Encryption is a
recommended solution against spoofing attacks.
Keywords: Electronic Payment Systems, Encryption, Security, Spoofing attacks, Stack Pi
Similar to AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOS (20)
Design and optimization of ion propulsion dronebjmsejournal
Electric propulsion technology is widely used in many kinds of vehicles in recent years, and aircrafts are no exception. Technically, UAVs are electrically propelled but tend to produce a significant amount of noise and vibrations. Ion propulsion technology for drones is a potential solution to this problem. Ion propulsion technology is proven to be feasible in the earth’s atmosphere. The study presented in this article shows the design of EHD thrusters and power supply for ion propulsion drones along with performance optimization of high-voltage power supply for endurance in earth’s atmosphere.
Build the Next Generation of Apps with the Einstein 1 Platform.
Rejoignez Philippe Ozil pour une session de workshops qui vous guidera à travers les détails de la plateforme Einstein 1, l'importance des données pour la création d'applications d'intelligence artificielle et les différents outils et technologies que Salesforce propose pour vous apporter tous les bénéfices de l'IA.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Gas agency management system project report.pdfKamal Acharya
The project entitled "Gas Agency" is done to make the manual process easier by making it a computerized system for billing and maintaining stock. The Gas Agencies get the order request through phone calls or by personal from their customers and deliver the gas cylinders to their address based on their demand and previous delivery date. This process is made computerized and the customer's name, address and stock details are stored in a database. Based on this the billing for a customer is made simple and easier, since a customer order for gas can be accepted only after completing a certain period from the previous delivery. This can be calculated and billed easily through this. There are two types of delivery like domestic purpose use delivery and commercial purpose use delivery. The bill rate and capacity differs for both. This can be easily maintained and charged accordingly.
Software Engineering and Project Management - Introduction, Modeling Concepts...Prakhyath Rai
Introduction, Modeling Concepts and Class Modeling: What is Object orientation? What is OO development? OO Themes; Evidence for usefulness of OO development; OO modeling history. Modeling
as Design technique: Modeling, abstraction, The Three models. Class Modeling: Object and Class Concept, Link and associations concepts, Generalization and Inheritance, A sample class model, Navigation of class models, and UML diagrams
Building the Analysis Models: Requirement Analysis, Analysis Model Approaches, Data modeling Concepts, Object Oriented Analysis, Scenario-Based Modeling, Flow-Oriented Modeling, class Based Modeling, Creating a Behavioral Model.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELijaia
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
Digital Twins Computer Networking Paper Presentation.pptxaryanpankaj78
A Digital Twin in computer networking is a virtual representation of a physical network, used to simulate, analyze, and optimize network performance and reliability. It leverages real-time data to enhance network management, predict issues, and improve decision-making processes.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Software Engineering and Project Management - Software Testing + Agile Method...Prakhyath Rai
Software Testing: A Strategic Approach to Software Testing, Strategic Issues, Test Strategies for Conventional Software, Test Strategies for Object -Oriented Software, Validation Testing, System Testing, The Art of Debugging.
Agile Methodology: Before Agile – Waterfall, Agile Development.
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...PIMR BHOPAL
Variable frequency drive .A Variable Frequency Drive (VFD) is an electronic device used to control the speed and torque of an electric motor by varying the frequency and voltage of its power supply. VFDs are widely used in industrial applications for motor control, providing significant energy savings and precise motor operation.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Embedded machine learning-based road conditions and driving behavior monitoring
AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOS
1. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
DOI : 10.5121/ijnsa.2011.3619 249
K.Kuppusamy 1
and S.Malathi 2
1
Department of Computer Science &Engineering, Alagappa University, Karaikudi
kkdiksamy@yahoo.com
2
Research Scholar, Manonmaniam Sundaranar University, Tirunelvelli
visitmalathi@gmail.com
ABSTRACT
With the tremendous growth of internet services, websites are becoming indispensable. When the number
of users gets increased accessing the websites, the performance of the server gets down. Due to much
burden on the server, the response time gets delayed. When the process becomes slow, the ratio of the
users accessing to the site also goes down. Apart from this, it may also happen due to the attack of
Hackers. We have implemented a special kind of technique to recognize the attack carried out by the
hackers and block them from using the site. This is termed as Denial of Service and thus is carried out
among the web users and is commonly referred to as Distributed Denial of Service (DDoS). To improve
server performance and deny the accessibility permissions to the hackers are proposed in this paper.
KEYWORDS
Websites, Attack, Hacker, DDoS
1. INTRODUCTION
In this modern computerized world, large number of new technologies has been emerging.
Websites are the common source through which they are made accessible to all.
Websites have the web server which processes the clients’ request and send the response to
them. The websites become popular either by most of the users access to this site or it may
contain most useful information relevant to the users’ needs. When the websites become
accessible to large number of users it may sometimes lead to overload for the server. The result,
the performance of the server goes down. When server performance is low, the response time
for the client’s request gets increased. So the accessibility of the website becomes reduced.
This is how the website competitors make the site less popular by making its performance very
slow. It may also be done by other users to waste the server bandwidth. This kind of
performance degradation is termed as Hackers or Intruders. Thus they make the website not to
be used by the users. This may be carried out by one of the following ways:
By sending the request continuously with less time intervals.
By opening the website and refresh it unnecessarily.
By using some automation protocol (QTP protocol), access the website to be processed
automatically.
Thus by using any one of these ways mentioned above, the intruders will hack the performance
of server. When these happen continuously, the users can’t get better response time, since the
server can’t identify the right response from the right users. It just accepts all requests, stores it
in queue and sends the response continuously. Thus the hackers will perform faster and thereby
reducing the performance quality of the server.
AN EFFECTIVE PREVENTION OF ATTACKS USING GI
TIME FREQUENCY ALGORITHM UNDER DDOS
2. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
250
Thus to tackle these problems, we have proposed a new technology of DDoS(i.e.) to deny the
access of the intruders to the website, we have to implement the Distributed Denial of Service
technology in a new manner.
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is
an attempt to make a computer resource unavailable to its hackers who prevent the efficient
functioning of the sites.
Attempts are made to detect and prevent the intrusion of the hackers to the websites, the DDOS
attack technique is carried out. This technique increases the server performance by preventing
the intruders from making any intrusion.
2. RELATED WORK
The inter-domain packet filter (IDPF) to mitigate the level of IP spoofing on the internet was
proposed in the paper [1]. IDPFs are constructed from the information implicit in BGP route
updates and are deployed in network border routers. And also they proposed and studied an
inter-domain packet filter (IDPF) architecture as an effective countermeasure to the IP spoofing-
based DDoS attacks. IDPFs rely on BGP update messages exchanged between neighboring as is
on the Internet to infer the validity of source address of a packet forwarded by a neighbor. It is
stated that IDPFs can be easily deployed on the current BGP-based Internet routing architecture.
Distributed Denial of Service (DDoS) attacks pose an increasingly grave threat to the Internet,
as evidenced by recent DDoS attacks mounted on both popular Internet sites [3] and the Internet
infrastructure [2]. Alarmingly, DDoS attacks are observed on a daily basis on most of the large
backbone networks [4].
One of the factors that complicates the mechanisms of policing such attacks is IP spoofing, the
act of forging the source addresses in IP packets. By masquerading as a different host, an
attacker can hide its actual identity and location, rendering source-based packet filtering less
effective. It has been shown that a large part of the Internet is vulnerable to IP spoofing [5], [6].
Recently, there is anecdotal evidence of attackers to stage attacks utilizing bot-nets1 [7]. In this
case, since the attacks are carried out through intermediaries, i.e., the compromised .bots, it is
tempting to believe that the use of IP spoofing is less of a factor than previously. However,
recent studies present evidence to the contrary and show that IP spoofing is still a commonly
observed phenomenon [8], [9].Man-in-the-middle attacks, such as variants of TCP hijack and
DNS poisoning attacks [10], [11], are carried out by the attacker masquerading as the host at the
other end of a valid transaction.
In [12], Li et al., described SAVE, a new protocol for networks to propagate valid network
prefixes along the same paths that data packets will follow. Routers along the paths can thus
construct the appropriate filters using the prefix and path information. Bremler-Barr and Levy
proposed a spoofing prevention method (SPM) [13], where packets exchanged between
members of the SPM scheme carry an authentication key associated with the source and
destination AS domains.
The idea of IDPF is motivated by the work carried out by Park and Lee [14], which was the first
effort to evaluate the relationship between topology and the effectiveness of route based packet
filtering. The authors stated that packet filters that are constructed based on the global routing
information can significantly limit IP spoofing when deployed in just a small number of ASes.
In this work, they extend the idea and demonstrate that filters that are built based on local BGP
updates can also be effective.
Unicast reverse path forwarding (uRPF) [15] requires that a packet is forwarded only when the
interface that the packet arrives on is exactly the same used by the router to reach the source IP
3. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
251
of the packet. If the interface does not match, the packet is dropped. While simple, the scheme is
limited given that Internet routing is inherently asymmetric, i.e., the forward and reverse paths
between a pair of hosts are often quite different. In Hop-Count Filtering (HCF) [16], each end
system maintains a mapping between IP address aggregates and valid hop counts from the
origin to the end system. Packets that arrive with a different hop count are suspicious and are
therefore discarded or marked for further processing.
The Bogon Route Server Project [17] maintains a list of bogon network prefixes that are not
routable on the public Internet. Recently IP trace-back mechanisms based on probabilistic
packet marking (PPM) have been proposed for achieving trace-back of DoS attacks.
Effective mitigation of denial of service (DoS) attack is a pressing problem on the Internet. In
many instances, DoS attacks can be prevented if the spoofed source IP address is traced back to
its origin which allows assigning penalties to the offending party or isolating the compromised
hosts and domains from the rest of the network. Recently IP trace-back mechanisms based on
probabilistic packet marking (PPM) have been proposed for achieving trace-back of DoS
attacks.
In the paper[18] shows that probabilistic packet marking—of interest due to its efficiency and
implementability vis-`a-vis deterministic packet marking and logging or messaging based
schemes—suffers under spoofing of the marking field in the IP header by the attacker which can
impede trace back by the victim.
It shows there is a trade-off between the ability of the victim to localize the attacker and the
severity of the DoS attack, which is represented as a function of the marking probability, path
length, and traffic volume. The optimal decision problem—the victim can choose the marking
probability whereas the attacker can choose the spoofed marking value, source address, and
attack volume—can be expressed as a constrained mini-max optimization problem, where the
victim chooses the marking probability such that the number of forgeable attack paths is
minimized.
It also shows the attacker’s ability to hide his location is curtailed by increasing the marking
probability; however, the latter is upper-bounded due to sampling constraints. In typical IP
internets, the attacker’s address can be localized to within 2–5 equally likely sites which render
PPM effective against single source attacks. Under distributed DoS attacks, the uncertainty
achievable by the attacker can be amplified, which diminishes the effectiveness of PPM.
Denial of service (DoS) is a pressing problem on the Internet as evidenced by recent attacks on
commercial servers and ISPs and their consequent disruption of services [19]. DoS attacks [20],
[21], [22], [23], [24], [25] consume resources associated with various network elements—e.g.,
Through servers, routers, firewalls, and end hosts—which impedes the efficient functioning and
provisioning of services in accordance with their intended purpose.
A number of recent works have studied the problem of tracing the physical source of a DoS
attack [23]. Several types of DoS attacks have been identified [19], [21], [23],[24] with the most
basic DoS attack demanding more resources than the target system or network can supply.
Resources may be network bandwidth, file system space, processes, or network connections
[23]. While host-based DoS attacks are more easily traced and managed, network-based DoS
attacks which exploit their accessibility of the TCP/IP protocol suite represent a more subtle and
challenging threat [23]. Network-based DoS attacks, by default, employ spoofing to forge the
source address of DoS packets to hide the identity of the physical source [25].
During a DoS attack, an attacker may try to gauge the impact of the attack using various service
requests including them and ICMP echo requests. Thus, logging of such events and activities
can disclose information about the attacker’s source. The victim uses information inscribed in
packets to trace the attack back to its source. In both methods, overhead in the form of variable-
4. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
252
length marking fields that depend on path length or traffic overhead due to extra messaging
packets are incurred.
Probabilistic packet marking [23] achieves the best of both worlds—space efficiency in the
form of constant marking field and processing efficiency in the form of minimal router
support—at the expense of introducing uncertainty due to probabilistic sampling of a flow’s
path. The latter has two important, and opposing, effects: (a) discovery of correct path
information by sampling which aids the victim’s objective of trace-back, and (b) injection of
corrupted information by the attacker.
In the latter, with a certain probability a packet—however formatted by the attacker—will travel
through untouched, and can impede the victim’s ability to identify the true attack path. More
generally, the number of forgeable paths that are from an information-theoretic point-of-view
indistinguishable with respect to their validity from the true attack path can further render
source identification difficult if their numbers are large.
Paper [18] shows the critical issue —the attacker’s ability to inject misleading information—and
give a comprehensive analysis of the effectiveness of PPM under single-source and distributed
DoS attacks, complemented by numerical evaluations. They remark that PPM is not perfect and
suffers under two additional they access (they are not unique to PPM, however, and are shared
by the other approaches).
First, PPM is reactive in the sense that damage must occur before corrective actions— including
source identification—can be undertaken by the victim. Second, PPM does not scale they all
under distributed DoS (DDoS) attacks in the sense that the more hosts an attacker is able to
compromise and use as a distributed attack site, the greater the effort needed (approximately
proportional) to identify the attack sites.
Firewalls offer a protection for private networks against both internal and external attacks.
However, configuring firewalls to ensure the protections is a difficult task. The main reason is
the lack of methodology to analyze the security of firewall configurations. IP spoofing attack is
an attack in which an attacker can impersonate another person towards a victim.
3. METHODOLOGY
3.1. Proposed Method
The aim of the proposed method is to develop an efficient method in order to deny the services
to the hackers and improve the server performance using the DDoS technique.
This is summed up below: In order to detect the intruders, the entry of all users and their
activities are maintained as history. The history also contains the information about the users
with their corresponding entry time, date and their accessing site. Based on the history, we can
identify all the users accessing the server.
Each user entering the internet is assigned a unique IP address. This IP address is also stored in
the history along with the users’ entry details. Based on this IP address, we can identify the
particular user. This identification is successfully done by grouping the IP addresses from the
history and count the number of occurrence of the same IP address under the same date.
If for example, the same IP address such as 192.323.2.3 is found occurring repeatedly under the
same date, then their time of entry into the site is retrieved correspondingly and counts the
number of occurrence. Thus we identify the user who utilizes the site for the maximum number
of times on the same day.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
253
The next step is to determine the time frequency of that user using our proposed algorithm
named GI (Group Intruders) Time Frequency Algorithm. The time frequency is determined
by calculating the time difference between the each entry time by using the relation,
Tij = tj – ti (1)
where,
Tij is the difference between the time tj and ti.
tj and ti are the time in ith
and jth
entry of the user.
After calculating the time difference between each set, the average mean time difference is
determined by using the relation,
Tm = ∑∑∑∑ Tij (2)
where,
Tm is the mean time difference calculated from the sum of all time difference Tij.
While calculating the mean time difference, the frequency is calculated by dividing the mean
time by the number of times occurred. The relation is shown as below:
Tf = Tm / n (3)
where,
Tf is the time frequency calculated.
Tm is the mean time difference found using the relation (2) n is the number of time the particular
IP Address occurred.
A frequency limitation is set by us as N and now, the calculated time frequency is compared
with this N frequency. When the calculated frequency is greater than the N frequency, then that
IP address is treated as Hackers IP address and so the user is added to Intruders List to prevent
their access further.
The IP address in the Intruders List is maintained permanently in order to check the upcoming
user. If the user in the list tries to enter again, then the access permission is denied by not giving
any response to that kind of users, using the DDoS mechanism. If other users enter into the site,
the history is maintained in order to determine their performance.
The proposed method consists of a GI Time Frequency algorithm. All the required validation
processes will be taken in consideration by the proposed method. The following provides the
description about the proposed method.
3.2 GI Time Frequency Algorithm
Begin
Maintain the Intruders List, I
Maintain the History of the user, H
User Entered into the site, User.
Get the IP Address, Date, Time of the user and store the details in the history, H.
if (User.IP == I.IP)
{
Type = “Existing Intruder”
Print: Access Denied.
Break
}
Else if (User.IP == H.IP)
6. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
254
{
if (User. Date == H.Date)
{
Type = “New Intruder”
}
}
if ( Type == “New Intruder”)
{
Get the time from the history for the User.IP
Calculate the time difference, Tij = tj – ti
Calculate the average mean time, Tm = ∑∑∑∑ Tij
Find the number of occurrence, n.
Calculate the time frequency, Tf = Tm / n
Find the Maximum frequency, N.
if (Tf > N)
{
Add the User.IP to the Intruder List, I
Print : “Access Denied”
}
}
Else
{
Accept the request from the User.IP
Send the response for the request.
}
End
3.3 Algorithm Explanation
The GI Time Frequency Algorithm is used to group the intruders under the Intruders list and
thus prevent them from accessing the website. First step of the algorithm is to maintain the
history of the user and the intruders list. When the user enters into the site, the details are
collected and added in the history. Then the details are matched with the intruders list. If the
match returns true value, then the user is treated as intruder and the access is denied. Otherwise,
the details are matched with the history for finding the occurrence of the same user under the
same date. If this returns true, then the time frequency is calculated. The time frequency is
compared with the maximum frequency. If the calculated time frequency exceeds the maximum
frequency, the user is added to the intruders list. Otherwise, their request is accepted and the
response is provided to the user. Thus the GI Time Frequency provides a better method to block
the intruders from accessing the web page.
3.4 Flow Chart
The diagrammatic representation of the flow of the GI Time Frequency algorithm is given as a
flowchart below:
7. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
255
Yes
No
Yes
Yes
Figure-1 Process Flow of the Algorithm
4. EXPERIMENTAL RESULTS
The experimental results of this paper are carried out by taking a set of intruder list and the
website. The browser maintains the history of the user and at the same time the details of the
history are tabulated with the fields such as Date, Time, and IP Address. Based on the IP
Address, each incoming user is analyzed.
Get the IP Address,
Date, Entry Time
User enter into
the Site
Maintain the history and
the intruders list
Is the IP
Address, date
in the history?
Calculate the time
frequency
Time
frequency > N
Is the IP
Address in the
Intruders list?
Store the details in the
History
Access Denied
8. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
256
When the new user enters into the site frequently, the algorithm is implemented to determine
whether the user is intruder. If not, proper response is provided to the user.
The experimental setup is carried out with two different situations. At first, the experiment is
carried out without any intrusion detection or any DDoS prevention. In that situation, normal
performance of the web server is found and noted. When the intruders are allowed to access the
site, the performance in this situation is also calculated and noted.
At the second part, the intruder list is maintained and checked the user with the list. If the
intruders are found, the access is denied by implementing the GI Time Frequency Algorithm. In
this situation, the web server performance is noted. And thus the comparison is made between
the two experimental setups. This helps the users to determine the efficiency of our proposed
algorithm named as GI Time Frequency Algorithm.
Thus the implementation of the DDoS to prevent the server from accessing the server and lower
the performance of the server is meted out successfully in this system.
5. CONCLUSION
The aim of the paper is to propose a method to detect the intruders accessing the website
unnecessarily minimizing the performance ratio of the server. Such intruders are detected using
a special technique which is proposed in this paper, and their access is prevented by using the
DDoS technique.
A special algorithm named GI Time Frequency Algorithm is implemented in this paper to group
the detected intruders and prevent them from accessing to the website and thereby the quality of
the server performance is maintained.
REFERENCES
[1] “Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates” by
Zhenhai Duan, Xin Yuan, Jaideep Chandrashekar.
[2] Massive DDoS attack hit DNS root servers. http://www. internetnews.com/ent-
news/article.php/1486981, October 2002.
[3] Yahoo attributes a lengthy service failure to an attack.
http://www.nytimes.com/library/tech/00/02/biztech/ articles/08yahoo.html%, February 2000.
[4] Craig Labovitz, Danny McPherson, and Farnam Jahanian. Infrastructure attack detection and
mitigation. SIGCOMM 2005, August 2005. Tutorial.
[5] R. Beverly. Spoofer project. http://momo.lcs.mit.edu/ spoofer.
[6] R. Beverly and S. Bauer. The Spoofer Project: Inferring the extent of Internet source address
_ltering on the internet. In Proceedings of Usenix Steps to Reducing Unwanted Traf_c on the
Internet Workshop SRUTI'05, Cambridge, MA, July 2005.
[7] Srikanth Kandula, Dina Katabi, Matthais Jacob, and Arthur Berger. Botz-4-Sale: Surviving
Organized DDoS Attacks that Mimic Flash Crowds. In Second Symposium on Networked
Systems Design and Implementation (NSDI'05)., 2005.
[8] D. Moore, G. Voelker, and S. Savage. Inferring internet Denial-of-Service activity. In
Proceedings of 10th Usenix Security Symposium,August 2001.
[9] R. Pang, V. Yegneswaran, P. Barford, V. Paxson, and L. Peterson. Characteristics of internet
background radiation. In Proceedings of ACM Internet Measurement Conference, October 2004.
[10] M. Dalal. Improving TCP's robustness to blind in-window attacks. Internet Draft, May 2005.
Work in Progress.
[11] J. Stewart. DNS cache poisoning - the next generation. Technical report, LURHQ, January 2003.
9. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
257
[12] J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang. SAVE: source address validity
enforcement protocol. In INFOCOM, June 2002.
[13] Bremler-Barr and H. Levy. Spooling prevention method. In Proc. IEEE INFOCOM, Miami, FL,
March 2005.
[14] K. Park and H. Lee. On the effectiveness of route-based packet filtering for distributed DoS
attack prevention in power-law internets. In Proc. ACM SIGCOMM, San Diego, CA, August
2001.
[15] F. Baker. Requirements for IP version 4 routers. RFC 1812, June 1995.
[16] C. Jin, H. Wang, and K. Shin. Hop-count filtering: an effective defense against spoofed ddos
traffic. In Proceedings of the 10th ACM conference on Computer and communications security,
October 2003.
[17] Team Cymru. The team cymru bogon route server project. http: //www.cymru.com/BGP/bogon-
rs.html.
[18] “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service
Attack” by Kihong Park, Heejo Lee, Network Systems Lab, Department of Computer Sciences,
Purdue University.
[19] Lee Garber, “Denial-of-service attacks rip the Internet,” Computer, pp.12–17, Apr. 2000.
[20] John Elliott, “Distributed denial of service attack and the zombie ant effect,” IT Professional, pp.
55–57, March/April 2000.
[21] Jari Hautio and Tom Weckstrom, “Denial of service attacks,” Mar. 1999,
http://www.hut.fi/u/tweckstr/hakkeri/DoS paper.html.
[22] John D. Howard, An Analysis of Security Incidents on the Internet, Ph.D. thesis, Carnegie
Mellon University, Aug. 1998.
[23] Night Axis and Rain Forest Puppy, “Purgatory 101: Learning to cope with the SYNs of the
Internet,” 2000, some practical approaches to introducing accountability and responsibility on
publicinternet,http://packetstorm.securify.com/papers/contest/RFP.doc.
[24] Computer Emergency Response Team, “Denial of service,” Feb. 1999, Tech Tips,
http://www.cert.org/tech tips/denial of service.html.
[25] Computer Emergency Response Team (CERT), “CERT Advisory CA-2000-01 Denial-of-service
developments,” Jan. 2000, http://www.cert.org/advisories/CA-2000-01.html.
Authors
1. Dr.K.Kuppusamy is working as an Associate Professor in the Department of
Computer Science and Engineering, Alagappa University, Karaikukdi, Tamilnadu,
India. He received his Ph.D in Computer Science and Engineering from Alagappa
University, Karaikudi, Tamilnadu in the year 2007. He has 23 years of teaching
experience at PG level in the field of Computer Science. He has published many papers
in International & National Journals and presented in National and International
conferences. His areas of research interests include Information/Network Security,
Algorithms, Neural Networks, Fault Tolerant Computing, Software Engineering and Optimization
Techniques.
2. Mrs.S.Malathi is working as a Lecturer and Head in the Department of Computer
Science, Rabiammal Ahamed Maideen College, Tiruvarur, Tamilnadu, India. She has
12 years of teaching experience in the field of Computer Science. She has guided
around 10 M.Phil., scholars. She has published one book and one research paper. Her
area of interest is Network Security.