Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO
LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH
ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN
DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY
CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER
WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
Cloud computing has attracted users due to high speed and bandwidth of the internet. The e-commerce systems are best utilizing the cloud computing. The cloud can be accessed by a password and username and is completely dependent upon the internet. The threats to confidentiality, integrity, authentication and other vulnerabilities that are associated with the internet are also associated with cloud. The internet and cloud can be secured from threats by ensuring proper security and authorization. The channel between user and cloud server must be secured with a proper authorization mechanism. The research has been carried out and different models have been proposed by the authors to ensure the security of clouds. In this paper, we have critically analyzed the already published literature on the security and authorization of the internet and cloud.
Because the ability of Distributed Denial of Service (DDoS) attack creates huge
volume of unwanted traffic so it is widely regarded as a major threat for the current
Internet. A flooding-based DDoS attack is a very common way in which a victim machine is
attacked by sending a large amount of malicious traffic. Because of these attacks,existing
network-level congestion control mechanisms are inadequate for preventing service quality
from deteriorating. Although a number of techniques have been proposed to defeat DDoS
attacks but still It is very hard to detect and respond to DDoS attacks due to large and
complex network environments, the use of source-address spoofing, and moreover its
difficult to make difference between legitimate and attack traffic. To measure the impact of
DDoS attack on FTP services, repeated research in cyber security that is important to the
scientific advancement of the field is required. To fullfill this requirement, the cyber-
DEfense Technology Experimental Research (DETER) testbed has been developed. In this
paper, we have created one dumb-bell topology and generated background traffic as FTP
traffic. We have launched different types of DDoS attacks along with FTP traffic by using
attack tools available in DETER testbed. Finally we have measured impact of DDoS attack
on FTP server in terms of metrics such as throughput, percentage link utilization, and
normal packet survival ratio (NPSR).
Distributed reflection denial of service attack: A critical review IJECEIAES
As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO
LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH
ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN
DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY
CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER
WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
Cloud computing has attracted users due to high speed and bandwidth of the internet. The e-commerce systems are best utilizing the cloud computing. The cloud can be accessed by a password and username and is completely dependent upon the internet. The threats to confidentiality, integrity, authentication and other vulnerabilities that are associated with the internet are also associated with cloud. The internet and cloud can be secured from threats by ensuring proper security and authorization. The channel between user and cloud server must be secured with a proper authorization mechanism. The research has been carried out and different models have been proposed by the authors to ensure the security of clouds. In this paper, we have critically analyzed the already published literature on the security and authorization of the internet and cloud.
Because the ability of Distributed Denial of Service (DDoS) attack creates huge
volume of unwanted traffic so it is widely regarded as a major threat for the current
Internet. A flooding-based DDoS attack is a very common way in which a victim machine is
attacked by sending a large amount of malicious traffic. Because of these attacks,existing
network-level congestion control mechanisms are inadequate for preventing service quality
from deteriorating. Although a number of techniques have been proposed to defeat DDoS
attacks but still It is very hard to detect and respond to DDoS attacks due to large and
complex network environments, the use of source-address spoofing, and moreover its
difficult to make difference between legitimate and attack traffic. To measure the impact of
DDoS attack on FTP services, repeated research in cyber security that is important to the
scientific advancement of the field is required. To fullfill this requirement, the cyber-
DEfense Technology Experimental Research (DETER) testbed has been developed. In this
paper, we have created one dumb-bell topology and generated background traffic as FTP
traffic. We have launched different types of DDoS attacks along with FTP traffic by using
attack tools available in DETER testbed. Finally we have measured impact of DDoS attack
on FTP server in terms of metrics such as throughput, percentage link utilization, and
normal packet survival ratio (NPSR).
Distributed reflection denial of service attack: A critical review IJECEIAES
As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks.
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetIDES Editor
A System state in HTTP botnet uses HTTP protocol
for the creation of chain of Botnets thereby compromising
other systems. By using HTTP protocol and port number 80,
attacks can not only be hidden but also pass through the
firewall without being detected. The DPR based detection
leads to better analysis of botnet attacks [3]. However, it
provides only probabilistic detection of the attacker and also
time consuming and error prone. This paper proposes a Genetic
algorithm based layered approach for detecting as well as
preventing botnet attacks. The paper reviews p2p firewall
implementation which forms the basis of filtering.
Performance evaluation is done based on precision, F-value
and probability. Layered approach reduces the computation
and overall time requirement [7]. Genetic algorithm promises
a low false positive rate.
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...IJNSA Journal
Technology has developed so fast that we feel both safe as well as unsafe in both ways. Systems used today are always prone to attack by malicious users. In most cases, services are hindered because these systems cannot handle the amount of over loads the attacker provides. So, proper service load measurement is necessary. The tool that is being described in this paper for developments is based on the Denial of Service methodologies. This tool, XDoser will put a synthetic load on the servers for testing purpose. The HTTP Flood method is used which includes an HTTP POST method as it forces the website to gather the maximum resources possible in response to every single request. The tool developed in this paper will focus on overloading the backend with multiple requests. So, the tool can be implemented for servers new or old for synthetic test endurance testing.
Single Sign-on Authentication Model for Cloud Computing using KerberosDeepak Bagga
ABSTRACT
In today’s organizations need for several new resources and storage requirements for terabytes of data is generated every day. Cloud computing provides solution for this in a cost effective and efficient manner. Cloud computing provides on demand resources as services to clients. Cloud is highly scalable and flexible. Although it is benefiting the clients in several ways but as data is stored remotely it has many security loopholes like attacks, data lose, other security and authentication issues. In this paper we are proposing an authentication model for cloud computing based on the Kerberos protocol to provide single sign-on and to prevent against DDOS attacks. This model can benefit by filtering against unauthorized access and to reduce the burden, computation and memory usage of cloud against authentication checks for each client. It acts as a third party between cloud servers and clients to allow secure access to cloud services. In this paper we will see some of the related work for cloud security issues and attacks. Then in next section we will discuss the proposed architecture, its working and sequential process of message transmission. Next we will see how it can prevent against DDOS attacks, some benefits and how it provides single sign-on.
Distributed Digital Artifacts on the Semantic WebEditor IJCATR
Distributed digital artifacts incorporate cryptographic hash values to URI called trusty URIs in a distributed environment
building good in quality, verifiable and unchangeable web resources to prevent the rising man in the middle attack. The greatest
challenge of a centralized system is that it gives users no possibility to check whether data have been modified and the communication
is limited to a single server. As a solution for this, is the distributed digital artifact system, where resources are distributed among
different domains to enable inter-domain communication. Due to the emerging developments in web, attacks have increased rapidly,
among which man in the middle attack (MIMA) is a serious issue, where user security is at its threat. This work tries to prevent MIMA
to an extent, by providing self reference and trusty URIs even when presented in a distributed environment. Any manipulation to the
data is efficiently identified and any further access to that data is blocked by informing user that the uniform location has been
changed. System uses self-reference to contain trusty URI for each resource, lineage algorithm for generating seed and SHA-512 hash
generation algorithm to ensure security. It is implemented on the semantic web, which is an extension to the world wide web, using
RDF (Resource Description Framework) to identify the resource. Hence the framework was developed to overcome existing
challenges by making the digital artifacts on the semantic web distributed to enable communication between different domains across
the network securely and thereby preventing MIMA.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
The Cloud based services provide much efficient
and seamless ways for data sharing across the cloud. The fact
that the data owners no longer possess data makes it very
difficult to assure data confidentiality and to enable secure
data sharing in the cloud. Despite of all its advantages this
will remain a major limitation that acts as a barrier to the
wider deployment of cloud based services. One of the possible
ways for ensuring trust in this aspect is the introduction of
accountability feature in the cloud computing scenario. The
Cloud framework requires promotion of distributed
accountability for such dynamic environment[1]. In some
works, there‘s an accountable framework suggested to ensure
distributed accountability for data sharing by the generation
of only a log of data access, but without any embedded feedback
mechanism for owner permission towards data
protection[2].The proposed system is an enhanced client
accountability framework which provides an additional client
side verification for each access towards enhanced security of
data. The integrity of content of data which resides in the
cloud service provider is also maintained by secured
outsourcing. Besides, the authentication of JAR(Java Archive)
files are done to ensure file protection and to maintain a safer
environment for data sharing. The analysis of various
functionalities of the framework depicts both the
accountability and security feature in an efficient manner.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
CREDIT BASED METHODOLOGY TO DETECT AND DISCRIMINATE DDOS ATTACK FROM FLASH CR...IJNSA Journal
The latest trend in the field of computing is the migration of organizations and offloading the tasks to
cloud. The security concerns hinder the widespread acceptance of cloud. Of various, the DDoS in cloud is
found to be the most dangerous. Various approaches are there to defend DDoS in cloud, but have lots of
pitfalls. This paper proposes a new reputation-based framework for mitigating the DDoS in cloud by
classifying the users into three categories as well-reputed, reputed and ill-reputed based on credits. The
fact that attack is fired by malicious programs installed by the attackers in the compromised systems and
they exhibit similar characteristics used for discriminating the DDoS traffic from flash crowds. Credits of
clients who show signs of similarity are decremented. This reduces the computational and storage
overhead. This proposed method is expected to take the edge off DDoS in a cloud environment and ensures
full security to cloud resources. CloudSim simulation results also proved that the deployment of this
approach improved the resource utilization with reduced cost.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEMcscpconf
DDoS attack is a distributed source but coordinated Internet security threat that attackers either degrade or disrupt a shared service to legitimate users. It uses various methods to inflict damages on limited resources. It can be broadly classified as: flood and semantic (logic) attacks. DDoS attacking mechanisms vary from time to time and simple but powerful attacking tools are freely available on the Internet. There have been many trials on defending victims from DDoS attacks. However, many of the previous attack prevention systems lack effective handling of various attacking mechanisms and protecting legitimate users from collateral damages during detection and protection. In this paper, we proposed a distributed but synchronized DDoS defense architecture by using multiple agents, which are autonomous systems that perform their assigned mission in other networks on behalf of the victim. The major assignments of defense agents are IP spoofing verification, high traffic rate limitation, anomaly packet detection, and attack source detection.These tasks are distributed through four agents that are deployed on different domain networks. The proposed solution was tested through simulation with sample attack scenarios on the model Internet topology. The experiments showed encouraging results. A more comprehensive attack protection and legitimate users prevention from collateral damages makes this system more effective than other previous works.
Our world today relies heavily on informatics and the internet, as computers and communications networks have increased day by day. In fact, the increase is not limited to portable devices such as smartphones and tablets, but also to home appliances such as: televisions, refrigerators, and controllers. It has made them more vulnerable to electronic attacks. The denial of service (DoS) attack is one of the most common attacks that affect the provision of services and commercial sites over the internet. As a result, we decided in this paper to create a smart model that depends on the swarm algorithms to detect the attack of denial of service in internet networks, because the intelligence algorithms have flexibility, elegance and adaptation to different situations. The particle swarm algorithm and the bee colony algorithm were used to detect the packets that had been exposed to the DoS attack, and a comparison was made between the two algorithms to see which of them can accurately characterize the DoS attack.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetIDES Editor
A System state in HTTP botnet uses HTTP protocol
for the creation of chain of Botnets thereby compromising
other systems. By using HTTP protocol and port number 80,
attacks can not only be hidden but also pass through the
firewall without being detected. The DPR based detection
leads to better analysis of botnet attacks [3]. However, it
provides only probabilistic detection of the attacker and also
time consuming and error prone. This paper proposes a Genetic
algorithm based layered approach for detecting as well as
preventing botnet attacks. The paper reviews p2p firewall
implementation which forms the basis of filtering.
Performance evaluation is done based on precision, F-value
and probability. Layered approach reduces the computation
and overall time requirement [7]. Genetic algorithm promises
a low false positive rate.
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVI...IJNSA Journal
Technology has developed so fast that we feel both safe as well as unsafe in both ways. Systems used today are always prone to attack by malicious users. In most cases, services are hindered because these systems cannot handle the amount of over loads the attacker provides. So, proper service load measurement is necessary. The tool that is being described in this paper for developments is based on the Denial of Service methodologies. This tool, XDoser will put a synthetic load on the servers for testing purpose. The HTTP Flood method is used which includes an HTTP POST method as it forces the website to gather the maximum resources possible in response to every single request. The tool developed in this paper will focus on overloading the backend with multiple requests. So, the tool can be implemented for servers new or old for synthetic test endurance testing.
Single Sign-on Authentication Model for Cloud Computing using KerberosDeepak Bagga
ABSTRACT
In today’s organizations need for several new resources and storage requirements for terabytes of data is generated every day. Cloud computing provides solution for this in a cost effective and efficient manner. Cloud computing provides on demand resources as services to clients. Cloud is highly scalable and flexible. Although it is benefiting the clients in several ways but as data is stored remotely it has many security loopholes like attacks, data lose, other security and authentication issues. In this paper we are proposing an authentication model for cloud computing based on the Kerberos protocol to provide single sign-on and to prevent against DDOS attacks. This model can benefit by filtering against unauthorized access and to reduce the burden, computation and memory usage of cloud against authentication checks for each client. It acts as a third party between cloud servers and clients to allow secure access to cloud services. In this paper we will see some of the related work for cloud security issues and attacks. Then in next section we will discuss the proposed architecture, its working and sequential process of message transmission. Next we will see how it can prevent against DDOS attacks, some benefits and how it provides single sign-on.
Distributed Digital Artifacts on the Semantic WebEditor IJCATR
Distributed digital artifacts incorporate cryptographic hash values to URI called trusty URIs in a distributed environment
building good in quality, verifiable and unchangeable web resources to prevent the rising man in the middle attack. The greatest
challenge of a centralized system is that it gives users no possibility to check whether data have been modified and the communication
is limited to a single server. As a solution for this, is the distributed digital artifact system, where resources are distributed among
different domains to enable inter-domain communication. Due to the emerging developments in web, attacks have increased rapidly,
among which man in the middle attack (MIMA) is a serious issue, where user security is at its threat. This work tries to prevent MIMA
to an extent, by providing self reference and trusty URIs even when presented in a distributed environment. Any manipulation to the
data is efficiently identified and any further access to that data is blocked by informing user that the uniform location has been
changed. System uses self-reference to contain trusty URI for each resource, lineage algorithm for generating seed and SHA-512 hash
generation algorithm to ensure security. It is implemented on the semantic web, which is an extension to the world wide web, using
RDF (Resource Description Framework) to identify the resource. Hence the framework was developed to overcome existing
challenges by making the digital artifacts on the semantic web distributed to enable communication between different domains across
the network securely and thereby preventing MIMA.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
The Cloud based services provide much efficient
and seamless ways for data sharing across the cloud. The fact
that the data owners no longer possess data makes it very
difficult to assure data confidentiality and to enable secure
data sharing in the cloud. Despite of all its advantages this
will remain a major limitation that acts as a barrier to the
wider deployment of cloud based services. One of the possible
ways for ensuring trust in this aspect is the introduction of
accountability feature in the cloud computing scenario. The
Cloud framework requires promotion of distributed
accountability for such dynamic environment[1]. In some
works, there‘s an accountable framework suggested to ensure
distributed accountability for data sharing by the generation
of only a log of data access, but without any embedded feedback
mechanism for owner permission towards data
protection[2].The proposed system is an enhanced client
accountability framework which provides an additional client
side verification for each access towards enhanced security of
data. The integrity of content of data which resides in the
cloud service provider is also maintained by secured
outsourcing. Besides, the authentication of JAR(Java Archive)
files are done to ensure file protection and to maintain a safer
environment for data sharing. The analysis of various
functionalities of the framework depicts both the
accountability and security feature in an efficient manner.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
CREDIT BASED METHODOLOGY TO DETECT AND DISCRIMINATE DDOS ATTACK FROM FLASH CR...IJNSA Journal
The latest trend in the field of computing is the migration of organizations and offloading the tasks to
cloud. The security concerns hinder the widespread acceptance of cloud. Of various, the DDoS in cloud is
found to be the most dangerous. Various approaches are there to defend DDoS in cloud, but have lots of
pitfalls. This paper proposes a new reputation-based framework for mitigating the DDoS in cloud by
classifying the users into three categories as well-reputed, reputed and ill-reputed based on credits. The
fact that attack is fired by malicious programs installed by the attackers in the compromised systems and
they exhibit similar characteristics used for discriminating the DDoS traffic from flash crowds. Credits of
clients who show signs of similarity are decremented. This reduces the computational and storage
overhead. This proposed method is expected to take the edge off DDoS in a cloud environment and ensures
full security to cloud resources. CloudSim simulation results also proved that the deployment of this
approach improved the resource utilization with reduced cost.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEMcscpconf
DDoS attack is a distributed source but coordinated Internet security threat that attackers either degrade or disrupt a shared service to legitimate users. It uses various methods to inflict damages on limited resources. It can be broadly classified as: flood and semantic (logic) attacks. DDoS attacking mechanisms vary from time to time and simple but powerful attacking tools are freely available on the Internet. There have been many trials on defending victims from DDoS attacks. However, many of the previous attack prevention systems lack effective handling of various attacking mechanisms and protecting legitimate users from collateral damages during detection and protection. In this paper, we proposed a distributed but synchronized DDoS defense architecture by using multiple agents, which are autonomous systems that perform their assigned mission in other networks on behalf of the victim. The major assignments of defense agents are IP spoofing verification, high traffic rate limitation, anomaly packet detection, and attack source detection.These tasks are distributed through four agents that are deployed on different domain networks. The proposed solution was tested through simulation with sample attack scenarios on the model Internet topology. The experiments showed encouraging results. A more comprehensive attack protection and legitimate users prevention from collateral damages makes this system more effective than other previous works.
Our world today relies heavily on informatics and the internet, as computers and communications networks have increased day by day. In fact, the increase is not limited to portable devices such as smartphones and tablets, but also to home appliances such as: televisions, refrigerators, and controllers. It has made them more vulnerable to electronic attacks. The denial of service (DoS) attack is one of the most common attacks that affect the provision of services and commercial sites over the internet. As a result, we decided in this paper to create a smart model that depends on the swarm algorithms to detect the attack of denial of service in internet networks, because the intelligence algorithms have flexibility, elegance and adaptation to different situations. The particle swarm algorithm and the bee colony algorithm were used to detect the packets that had been exposed to the DoS attack, and a comparison was made between the two algorithms to see which of them can accurately characterize the DoS attack.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
Deep learning approach to DDoS attack with imbalanced data at the application...TELKOMNIKA JOURNAL
A distributed denial of service (DDoS) attack is where one or more computers attack or target a server computer, by flooding internet traffic to the server. As a result, the server cannot be accessed by legitimate users. A result of this attack causes enormous losses for a company because it can reduce the level of user trust, and reduce the company’s reputation to lose customers due to downtime. One of the services at the application layer that can be accessed by users is a web-based lightweight directory access protocol (LDAP) service that can provide safe and easy services to access directory applications. We used a deep learning approach to detect DDoS attacks on the CICDDoS 2019 dataset on a complex computer network at the application layer to get fast and accurate results for dealing with unbalanced data. Based on the results obtained, it is observed that DDoS attack detection using a deep learning approach on imbalanced data performs better when implemented using synthetic minority oversampling technique (SMOTE) method for binary classes. On the other hand, the proposed deep learning approach performs better for detecting DDoS attacks in multiclass when implemented using the adaptive synthetic (ADASYN) method.
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology
Augmented split –protocol; an ultimate d do s defenderijcsa
Distributed Denials of Service (DDoS) attacks have become the daunting problem for businesses, state
administrator and computer system users. Prevention and detection of a DDoS attack is a major research
topic for researchers throughout the world. As new remedies are developed to prevent or mitigate DDoS
attacks, invaders are continually evolving new methods to circumvent these new procedures. In this paper,
we describe various DDoS attack mechanisms, categories, scope of DDoS attacks and their existing
countermeasures. In response, we propose to introduce DDoS resistant Augmented Split-protocol (ASp).
The migratory nature and role changeover ability of servers in Split-protocol architecture will avoid
bottleneck at the server side. It also offers the unique ability to avoid server saturation and compromise
from DDoS attacks. The goal of this paper is to present the concept and performance of (ASp) as a
defensive tool against DDoS attacks.
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
Abstract Today, Internet is the primary medium for communication which is used by number of users across the Network. At the same time, its commercial nature is causing increase vulnerability to enhance cyber crimes and there has been an enormous increase in the number of DDOS (distributed denial of service attack) attacks on the internet over the past decade. Whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. Network resources such as network bandwidth, web servers and network switches are mostly the victims of DDoS attacks. In this paper different types of DDoS attacks has been studied, a dumb-bell topology have been created and effect of UDP flooding attacks has been analyzed on web service by using attack tools available in DETER testbed. Throughput of web server is analyzed with and without DDoS attacks.
RTL-DL: A HYBRID DEEP LEARNING FRAMEWORK FOR DDOS ATTACK DETECTION IN A BIG D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of
Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to
prevent DDoS attacks. However, their performance is greatly affected by a large class imbalance nature of
the training datasets as well as the presence of redundant and irrelevant features in them. This study
proposes RTL-DL, a new framework for an effective intrusion detection model based on the random
oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data
imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3%
accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current
approaches, the suggested model has demonstrated promising results in identifying network threats in
imbalanced data sets.
RTL-DL: A Hybrid Deep Learning Framework for DDoS Attack Detection in a Big D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to prevent DDoS attacks. However, their performance is greatly affected by a large class mbalance nature of the training datasets as well as the presence of redundant and irrelevant features in them. This study proposes RTL-DL, a new framework for an effective intrusion detection model based on the random oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3% accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current approaches, the uggested model has demonstrated romising results in identifying network threats in imbalanced data sets.
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...IJNSA Journal
Defending against Distributed Denial of Service (DDoS) in the Internet of Things (IoT) computing environment is a challenging task. DDoS attacks are type of collective attack in which attackers work together to compromise internet security and services. The resource-constrained devices used in IoT deployments have made it even easier for an attacker to break, because of the vast number of vulnerable IoT devices with significant compute power. This paper proposed an ensemble machine learning (ML) model using the bagging technique to detect and prevent DDoS attacks in the IoT computing environment. We carried out an Machine Learning experiment and evaluated our proposed model with the most recent DDoS attacks (CICDoS2019) dataset. We use seven validation metrics (classification accuracy, precision rate, recall rate, f1-score, Matthews Correlation Coefficient, false negative rate and false positive rate) to evaluate the performance of the proposed model. The results obtained in our experiment shows an improved performance with an overall maximum classification accuracy of 99.75%, precision rate of 99.99%, recall rate of 99.76%, f1-score of 99.87%, Matthews Correlation Coefficient of 0.000000214, false negative rate of 0.24% and 4.42% false positive rate.
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...ClaraZara1
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in detecting abnormal content in the traffic data during information passing from one node to another and also detects known attack signature and unknown attack. This approach is tested by running the artificial network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of nodes that interrelate with each other for switch over the information. This information is necessary for that node is reserved confidentially. Attacker in the system may capture this private information and distorted. So security is the major issue. There are several security attacks in network. One of the major intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two different behaviors they may happen obviously or it may due to some attackers .Various schemes are developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
Similar to Do s and d dos attacks at osi layers (20)
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Do s and d dos attacks at osi layers
1. International Journal of Multidisciplinary Research and Publications
ISSN (Online): 2581-6187
1
Hadeel S. Obaid and Esamaddin H. Abeed, ―DoS and DDoS Attacks at OSI Layers,‖ International Journal of Multidisciplinary Research and
Publications (IJMRAP), Volume 2, Issue 8, pp. 1-9, 2020.
DoS and DDoS Attacks at OSI Layers
Hadeel S. Obaid1
, Esamaddin H. Abeed2
1
College of engineering, University of Information Technology and Communications, Baghdad, Iraq
2
Civil Aviation Authority, Baghdad International Airport, Baghdad, Iraq
Abstract— Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve efficient countermeasures.
Keywords— DoS, DDoS, OSI Layers, OPNET.
I. INTRODUCTION
The Internet has changed the style of communication, the way
of running a business [1]. And it provides many services for
various fields such as education, entertainment, banking
transactions, medicine, research, etc. Development of the
network technologies allows intruders and hackers to discover
illegitimate methods to enter a system.
Network security is frequently discussed as part of
computational infrastructure [2]. The commitment of
safeguarding critical data, information and services placed on
internet and computer networks is a key focus of research
today. Many new threats have appeared and defences against
them are constantly being developed. Computational threats
can be classified into four classes: password attack, malware,
denial of service (DoS) attacks and reconnaissance attacks.
For the DoS type of threat, securing the network from a denial
of service attack becomes critical, because this attack is very
easy to perform.
Since 1995, San Francisco Federal Bureau of Investigation
(FBI) and Computer Security Institute (CSI) are produced an
annual survey [3]. This survey found that, the third most
significant attack that causes computer crime losses is the DoS
attack, which comes after unauthorized access to information
and Virus attacks. The total approximate loss of DoS attack is
more than 7 million dollars for 639 respondents that wanted
and capable of estimation losses in 2005.
Annually, Distributed Denial of Service attack (DDoS)
costs businesses about $3.5 million as reported by Ponemon
Institute‘s research [2]. 54 minutes is the average downtime
after a DDoS attack and each minute of downtime cost
approximately $22,000. Estimations from the Yankee Group,
IDC and Forrester expect the 24 hours for a big E-commerce
business outage cost about $30 million.
Today, many network facility and application servers can
be under DoS and DDoS attacks [4]. The major aim of these
two attacks is to block legitimate users from online services.
The users may have to pay for these services. An assailant
does not distinguish due to the fee of the service. The purpose
behind DoS attacks is not to abuse or take data, but the
purpose is to flood the server by sending a huge amount of
traffic. In general, the attacker prevents legal users from using
an online service by draining the server resources. In addition,
the Internet of Things (IoT) has recently been presented as the
next revolution and a part of the internet of the future [29].
DoS can be also used to pull down any IoT network as well
[30].
The rest of the paper is ordered as following: in section 2
includes the related work. Section 3 explains the DoS attacks.
section 4 presents DDoS attacks. OSI layers and their attacks
are in Section 5. Finally, the Conclusion in section 6.
II. RELATED WORK
Koc and Carswelll have implemented experiments using
Naïve Bayesian (NB), KDD99 dataset, and its variables; Tree
(NBTree), Averaged One-Dependence Estimators (AODE),
Weightily AODE (WAODE), Tree-Augmented Naïve
Bayesian (TAN), Decision DTNB, and Hidden Naïve
Bayesian (HNBNB) [5]. The results of their experiments
indicate that Proportion K-Interval discretization techniques,
along with HNB, offer high accuracy to detect DDoS attack.
Machine learning (ML) is a known area of computer
science that mainly deals with the discovery of data patterns
and data-related irregularities [31]. Lohit Barki et al. have
proposed an IDS to detect DDoS attack in Software Defined
Network (SDN) using machine learning algorithms such as K-
Nearest neighbour, Naive Bayes, K-medoids and K-means to
categorise incoming traffic into regular and irregular
categories [6]. The detection rate and efficiency parameters are
used to measure these algorithms. The algorithm has more
accuracy in choosing to implement Signature IDS; its results
are then processed by Advanced IDS, where the intent is to
detect anomalous behaviour using open connections. This
helps to provide accurate results of the hosts involved in the
DDOS attack.
Katkar and Bhatia have performed an experiment for
intrusion detection using REPTree classifier and assess the
variation in its performance when it is combined with different
data pre-processing and feature selection techniques [7].
Experiment results show that the accuracy of REPTree
classifier in detecting intrusion is better when used with
Numeric to Binary pre-processing technique on the data set of
KDD99.
Zhiyuan Tan et al. have presented detection system to
detect DoS attack using multivariate correlation analysis
(MCA) [8]. By extracting geometrical correlations between
different features of network traffic, MCA can be used for
network characterization. Such a detection system uses
2. International Journal of Multidisciplinary Research and Publications
ISSN (Online): 2581-6187
2
Hadeel S. Obaid and Esamaddin H. Abeed, ―DoS and DDoS Attacks at OSI Layers,‖ International Journal of Multidisciplinary Research and
Publications (IJMRAP), Volume 2, Issue 8, pp. 1-9, 2020.
anomaly based detection in its attack recognition. The
advantage is it makes the solution able to detect identified and
unidentified DoS attacks through learning normal patterns of
the network traffic. Additionally, to improve and to accelerate
MCA processes, a triangle-area-based method is suggested.
The efficiency of this suggested detection system is assessed
using the data set of the KDD Cup 99. The effects of both
regulated and non-regulated data on the performance of the
proposed detection system are tested.
Detection methods such as Client Puzzle Protocol (CPP)
and Ingress filtering are used to detect DoS and DDoS attacks
at the Application layer [4]. In internet communication, CPP
algorithm is used and aims to stop misuse of server resources.
CPP requires that all clients that want to connect to the server
to resolve a mathematical puzzle before the connection is to be
established. When the puzzle is solved, the client passes the
solution of the puzzle to the server. If the client failed to solve
the puzzle, the server refuses the connection. The puzzle is not
hard to solve but the attacker attempt to establish a huge
number of connections with the target and this will be difficult
because of the time delay. The Ingress filtering technique is
used to ensure that the arrival packets do not have fake source
IP addresses in their header. Every packet is sent with the IP
source address in the header. If this IP address is fake, this is
considered as an attack. In Ingress filtering, packets are
examined based on the information from the past so that the
server will not be allowed to respond to packets from possible
attacking IP addresses.
III. DENIAL OF SERVICE ATTACKS
Availability, Confidentiality and Integrity are the main
aims of computer security [9]. Availability is defined as the
capability of using the desired resources or information. DoS
attacks threaten the resource‘s availability in the network.
DoS attacks can happen when an attacker attempts to make
Internet-based applications or a website and other services
unreachable to legitimate users. Also, DoS attacks can be
defined as an attack which aims to prevent the users form
using an internet-based service by disturbing the usual
functionality of a server that hosts an application [10]. DoS
attacks include an attacker sending messages to take
advantage of particular vulnerabilities which lead to anomaly
or disability in the network systems or sending a large amount
of messages quickly to a single node to consume the resources
of the system that cause a crash in the system see Fig. 1 [11].
Fig. 1. DoS Attack
IV. DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK
DoS attack results from many distributed sources is called
a Distributed Denial of Service attack (DDoS) [11]. In this
type of attack, multiple bots called zombies are used to send a
huge amount of traffic to the victim sever.
DDoS attack aims to expand the Dos attack strength by
using more than one computer [4]. DDoS attacks are
considered to be more efficient than DoS attacks because they
raise the attack density through the use of many computers
simultaneously. DDoS attacks are a repeated disorder to
services in web servers of high profile sites such as insurance
companies, credit card payment gateways, banks, etc. DDoS
happens when many computers overflow the resources of a
victim, making DoS attack further effective and difficult to
find the attack creator or origin. DDoS attacks are able to
cause a big harm to online services. Because they are able to
quickly damage the network performance and make the
detection hard. DDoS attacks are considered to be a dangerous
security threats to the present Intrusion detection schemes.
Discovering DDoS attacks in adequate time would minimize
the damage that the attack can cause. Until now, no efficient
solutions to overcome all DDoS attacks‘ characteristics. Thus,
detection of DDoS attacks represent an attractive domain for
researches. DDoS is typically executed in a logical structure as
shown in Fig. 2:
Fig. 2. Structure of DDoS Attack
The structure of DDoS includes a client, who represents
the attacker and is connected to a number of cooperated
systems called handlers [4]. The handlers direct commands to
a number of zombie agents that ease the DDoS onto the victim
system. Each handler is able to dominate thousands of zombie
agents.
Internet Relay Channel (IRC) is used by the attacker to
communicate with agents [12]. The attacker can use (Internet
Relay Channel) IRC to communicate with agents rather than
installing a handler program on a network server. The IRC
channel enables the attacker to use genuine IRC ports to
forward instructions to agents. Using genuine ports prevent
distributed denial of service command requests to be tracked.
Also, IRC servers have huge amount of traffic, allowing
3. International Journal of Multidisciplinary Research and Publications
ISSN (Online): 2581-6187
3
Hadeel S. Obaid and Esamaddin H. Abeed, ―DoS and DDoS Attacks at OSI Layers,‖ International Journal of Multidisciplinary Research and
Publications (IJMRAP), Volume 2, Issue 8, pp. 1-9, 2020.
attackers to hide their existence. A malicious node does not
need to preserve agents listing, as he is able to directly access
the IRC server and check the existing agents. In the IRC
network, the agent software sends and receives messages via
an IRC channel, where information about the operational is
available for the attacker [13].
V. OSI MODEL IN BRIEF
Open System Interconnection (OSI) is a framework to
define the agreements and functions required for
communications between network systems [14]. Working on
the OSI model started in the late of 1970s by Telephone
Consultative Committee or (CCITT) and International
Organization for Standardization (ISO). The OSI model
applies a structuring technique that is called layering. This
partitions communication into a set of vertical layers, where
each layer performs functions that apply and enhance the layer
that is immediately at a lower level. Fig. 3 shows the OSI
Model Layers:
Fig. 3. OSI Model Layers
There are seven layers to the OSI model. The first, Layer
7, is the Application layer that permits access to resources on
the network. It helps to send and receive data between
different applications [15]. Message/data are the main
communication unit (PDU) at this layer. Layer 6 is the
Presentation layer, which is responsible for data formatting to
exchange between communication‘s points such as translation,
data compression and encryption. Layer 5 is the session layer,
where the layer provides termination, governing and
establishing sessions through the network. Layer 4 is the
Transport layer, which is responsible for providing reliable
data delivery from one procedure to another. It guarantees to
have an orderly sequence, being error free and having no
repetition of the transmission of packets. Segments, datagrams
or packets are the (PDU) or unit of communication this layer
is based on. Layer 3 is the Network layer, which is responsible
for packets‘ movement between source and destination. It
offers routing and addressing to the packets. The packet is the
PDU at this layer. Layer 2 is the Data link layer; it ensures
error free of data transmission over physical media. The frame
is the PDU at this layer. Layer 1 is the physical layer, which
manages the transmission of binary data (0s and 1s) through
the transmission media. It translates bits into signals, where
the bit is the PDU at this layer. The table displays the most
common DoS attacks types at different OSI model layers.
A. Denial of Service Attack at the Application Layer
DoS attacks at the application layer are more complex
[11]. They incapacitate features or functions as dissenting to
the entire network. Application layer protocols have two main
categories: user protocols and support protocols. User
protocols provide services to users directly, such as through
HTTP, SMTP/POP, FTP, IMAP, XMPP, SSH, IRC, etc.
Support protocols aim to provide common system functions.
Such as DNS, NTP, SNMP, BOOTP/DHCP, TLS/SSL, RTP,
SIP, etc [9]. Any of these protocols can be a means or an
object to launching a DoS attack. Most protocols at the
application layer are structured in a client-server model. A
server is a procedure to implement a particular service, such as
email or file transfer services. A client is a procedure to
request services from a server. Clients can be classified to
make them legitimate or not, that is those who do not have
malicious logic and malicious clients who do have malicious
logic.
DoS attacks at the Application layer are more disturbing
than other layers‘ attacks because of [11]: -
High obscurity: these attacks use legitimate UDP or TCP
connections, making it hard to distinguish them from
legitimate users.
Highly efficient: DoS attacks at the Application layer
require fewer numbers of connections.
Multiple effects: they can directly or indirectly impact
many victims. For instance, DNS attacks at one DNS
provider can affect all its users.
Normal traffic rules: these attacks follow the rules of
normal traffic and complete the process of the TCP
handshake so that traffic in those attacks look like
legitimate traffic.
Affect multiple applications: they affect different
applications because any one of the protocols mentioned
above can be used to launch a DoS attack.
Simplicity in exploitation: they take advantage of the
simplicity in Layer 7; for instance, a server may collapse
by simultaneously refreshing the browsers by thousands
of users.
Limited resources requirement: they require limited
resources. An attacker can achieve a successful attack by
a limited investment.
Highly targeted: These attacks aim at a specific
application such as web servers running applications in
Java, PHP5, and ASP.NET. Targets are crafted using
HTTP requests; there could be collisions with the web
server´s hashing operation as non-unique and
overlapping responses are returned.
An attacker may exhaust memory or CPU of a victim by
sending a vast number of service requests [9]. Each request
can cause the victim to execute memory and/or CPU intensive
operations. For instance, an attacker may order malicious
agents to send HTTP requests to a server for downloading a
large file. As the server must read the huge file from the hard
disk into the memory and send it to a significant number of
packets to the malicious user, a single HTTP request can cause
4. International Journal of Multidisciplinary Research and Publications
ISSN (Online): 2581-6187
4
Hadeel S. Obaid and Esamaddin H. Abeed, ―DoS and DDoS Attacks at OSI Layers,‖ International Journal of Multidisciplinary Research and
Publications (IJMRAP), Volume 2, Issue 8, pp. 1-9, 2020.
substantial resource depletion on the server in regarding, CPU,
I/O, bandwidth and memory.
HTTP GET, Slowloris and HTTP POST Attacks are
examples of DoS attacks in Application Layer. HTTP POST
and HTTP GET protocols are usually misused in HTTP or
HTTPS [4]. An HTTP GET flood attack can be implemented
by the exploitation of a weakness in the HTTP protocol. In
this attack, the attacker sends a large number of pernicious
attacks using the HTTP protocol. The attacker sends a huge
number of malicious HTTP GET requests to the victim.
Because of the HTTP payloads of these packets is legitimate,
the victim server cannot differentiate the malicious HTTP
GET requests from normal requests. Therefore, the server has
to treat all requests as legitimate requests, where this process
then consumes its resources.
Another type of DoS attack at the application layer is when
the attacker executes a Slowloris attack or what is called a
Slow Header Attack [16].
The weakness of the HTTP GET request is also used in
this attack, but it exploits the time delay in HTTP GET
headers rather than flooding the server with spoofed requests.
The attacker does not send an HTTP GET request one at a
time, however the lines of the header are separated and sent.
The connection is built by the web server with the attacker and
waits for the request header to finish, where this can take a
long time. The malicious request for the request is detained for
a long time. A default threshold is setup, indicating a
maximum timeout for the next header to arrive, where
anything over that time will lead to a closed connection. The
default threshold of the Apache web server is 300s. This is put
as a pause time to send the next line of the header of the
attacker‘s request. As a result, the attacker can consume the
resources of the web server by creating multiple connections
with the victim‘s server [4]. An attacker also can take
advantage of the weakness in the HTTP POST request also
called a Slow Message Body attack [39]. A message body is
included in a POST request which can use any encoding. The
HTTP Header includes a filed Content-Length that informs the
web server about the message‘s body size. The HTTP Header
portion is sent by the attacker to the web server in full. Then
the attacker directs the HTTP message body as 1 Byte per 110
seconds sequentially. Simply the web servers follow the
Content-Length that is on the header field while waiting for
the remainder of the message. By waiting for the whole
message body to be sent allows web servers to backing users
with sporadic or slow connections. The server will be under
DoS attack, if there are some such connections.
B. Denial of Service Attack at the Presentation Layer
DoS attacks at the presentation layer include deformed
Secure Socket Layer (SSL) requests. SSL or TLS offers
security for web services such as online shopping, online
banking, etc [15]. Because of security advantages, many well-
known organizations utilize SSL for securing their services
[9]. Currently, most transactions are secured by SSL.
However, SSL also has attracted attackers. The TCP protocol
and TCP handshake is a frequent victim of DoS attacks. After
completing the TCP handshake, the exchange of messages
starts to authorize the authenticity of communicating entities.
Afterwards, the encryption key for communication is built
[15]. Several attacks take advantage of the SSL handshake to
consume server resources. The Pushdo botnet performs this by
sending incompressible data to the SSL server. The SSL
protocol needs sufficient computation time and to produce
additional workload on the server to treat the un-useful data as
a normal handshake. At this stage, the server may stop
processing SSL connections or restart them. Firewalls may fail
in such a scenario, as both entities have ended the TCP
handshake. Attackers often use SSL to tunnel their HTTP-
based DoS attacks, as they appear to be a secure request.
SSL DDoS Attacks can be divided into two classes: -
1- Protocol misuse attacks
These attacks exploit the protocol being used. A DoS attack
is mounted without completing the secure connection,
potentially lacking the need for secure keys. As one example,
THC-SSL-DOS, which can be used to ‗renegotiate‘ in the
connection, can be applied without the benefit of a secure
channel. Mitigation techniques, such as IPS signatures, help to
detect these attacks.
2- SSL Traffic Floods
These attacks send a large amount of traffic over an
established secure channel that results in depleting the
bandwidth and other resources. Without additional
information, mitigation devices are not able to differentiate
between normal connections and malicious connections. Such
attacks cannot issue a web challenge in attempting to assess
source legitimacy. You are prone to false actions because you
have either nothing to connect to a rate limit.
C. Denial of Service Attack at the Session Layer
The session layer includes the synchronisation and
termination of connections over the network [10]. An attacker
takes advantage of log-in and log-off protocols to launch DoS
attacks in the session layer; for instance, launching a Telnet
DoS attack [15]. A Telnet application permits a terminal to
communicate remotely with the counterpart. The Telnet uses
the network to send and receive data via a port (e.g.23).
The attacker may execute the DoS attack at this level so
that defects in Telnet are misused at the switch level, making
the services of the switch unobtainable, whereby the
administrator will be prevented from controlling the switch
[10].
Attacks in Telnet can be classified into three classes [15]: -
1) Telnet brute force attack: in this attack, the attacker uses
a list of frequently used passwords and a program is designed
to attempt to create a Telnet session by using each word in the
list;
2) Telnet communication sniffing: the lack of encryption is
the most serious problem in a Telnet protocol. The
transmissions between parties over the network are sent
without any encryption. This vulnerability is exploited by the
attacker for frame sniffing. It can be easy for the attacker to
sniff the plain text that flows over the network.
3) Telnet DoS: this attack is a way to damage the
communication between two devices over the network by
consuming the bandwidth of their connection. To implement
this, the attacker sends a large number of irrelevant and useful
data frames, thereby stifling the connection. As a result, a
5. International Journal of Multidisciplinary Research and Publications
ISSN (Online): 2581-6187
5
Hadeel S. Obaid and Esamaddin H. Abeed, ―DoS and DDoS Attacks at OSI Layers,‖ International Journal of Multidisciplinary Research and
Publications (IJMRAP), Volume 2, Issue 8, pp. 1-9, 2020.
legitimate communication cannot use this connection. This
attack is also used to stop administrators from using Telnet in
their devices.
D. Denial of Service Attack at Transport Layer
Layer 4 DoS attacks are based on transmission and
generation of an enormous volume of traffic to deactivate or
totally block the availability of services or resources in the
network for legal clients [15]. These attacks usually include
misuse of TCP and UDP protocols for flooding resources in
the network.
DoS attacks at Transport layer classified into flooding
attacks and de-synchronization attack [17]:
- Flooding
If an attacker is iterating to make a new connection with
the same server, which wants to retain status at each end of the
connection, the resources that are needed for each one of these
connections will be consumed [17]. As a result, any further
connections from any other users cannot be served, where they
may even be dropped.
- De-synchronization
De-synchronization attack is the disturbance of a current
connection [17]. For example, the attacker can spoof messages
continually to a node and this causes the node to retransmit the
lost frames. End hosts may not be able to exchange data
effectively, if the attack is done promptly, where the resources
are then wasted in the connection.
To understand DoS attacks at the transport layer, a brief
explanation of the TCP/IP protocol is needed [18]. The USA
military Defense Department was the first to implement the
TCP/IP protocol suite. The Internet, at that time, was very
limited and the TCP/IP protocol was capable of providing the
required security. However, by time the Internet started to
mature, the TCP/IP protocol had not improved. Today, the
TCP/IP suite is neither considered secure nor resistant to
attacks. An Internet protocol (IP) is defined as a service with
packet delivery [19]:
Delivery without assurances of acknowledgements.
IP Protocol is connection less i.e. each packet is
handled individually from all other packets.
The Internet makes a reasonable effort to deliver
packets to the best of its abilities. Fig. 4 represents the
IP header:
Fig. 4. IP Header
Transmission Control Protocol (TCP) is a process to
process protocol [19]. TCP protocol uses port numbers to
provide program to program communication. TCP is a
connection-oriented; for program A to communicate with
program B, there must be a connection has been set up
between A and B. This connection allows the sending and
receiving processes to deliver and receive data as a stream of
bytes. TCP is part of the transport layer above the Network
layer; variable length data streams can be sent and received.
Fig. 5 shows the TCP header:
Fig. 5. TCP Header
TCP is a connection-oriented, stream protocol which offers
full duplex service where the data can flow over the internet in
both directions [20]. To establish the connection, TCP uses the
three-way handshake process. In Fig. 6, the illustration shows
a three-way handshake process between a TCP server and a
TCP client.
Fig. 6. TCP Three Way Handshake
First, the client sends a packet marked with SYN to the
server.
After the SYN packet is received from the client, the
server sends a SYN+ACK packet to the client.
The client reply with an ACK packet and the
connection is established with the server. Now, the
client is able to send the data messages.
A TCP SYN flood attack represents easiest and most
dangerous ways to launch DDoS attacks [21]. This attack uses
the weaknesses in the TCP protocol, but it was not considered
a weakness when the protocol was developed. In 1994, Steve
Bellovin and Bill Cheswick discovered the weakness in the
6. International Journal of Multidisciplinary Research and Publications
ISSN (Online): 2581-6187
6
Hadeel S. Obaid and Esamaddin H. Abeed, ―DoS and DDoS Attacks at OSI Layers,‖ International Journal of Multidisciplinary Research and
Publications (IJMRAP), Volume 2, Issue 8, pp. 1-9, 2020.
TCP protocol (TCP SYN flood attack).
In such TCP SYN attacks, a synchronize flag in TCP
headers is utilized in messages sent [22]. This flag is set when
the system sends a packet in a TCP connection; there is an
indication that the receipt system has to store the sequence
number contained in this packet.
The characteristics of the TCP SYN flood attack are [21]:
A huge number of server connections are generated by the
attacker.
SYN sets up a RECEIVED state. Then the victim receives
a request to form a connection that allocates memory to it.
The server leaves this half-open connection in the backlog
queue and a reply packet to the client with SYN and ACK
flags after the server receives a request for connection,
which is a packet with SYN flag.
The server sends the SYN ACK packet again until a
timeout finishes when it does not receive any reply from
the client. It removes this half-opened connection from
the backlog queue.
The whole procedure of SYN requests may take about
three minutes for operating systems.
TCP SYN flood attack produces a huge amount of half-
open connections that the server cannot handle; new
requests cannot be received.
Connections remain at a SYN RECEIVED status until the
backlog queue becomes full.
The operating system is able to serve only some of the
half opened connections, depending on the size of the
backlog. As an example, 2048 bytes is the default size of
the backlog queue of the Debian Squeeze. If it reaches
this size, the server cannot receive any connection
requests. Fig.7. shows TCP SYN Flood DoS attack
network:
Fig. 7. TCP SYN Flood DoS Attack
If the malicious client quickly sends SYN packets without
using the spoofing technique to spoof the IP source address, in
this case the attack is called a direct attack [22]. This attack
can be implemented by simply sending many TCP connection
requests. The operating system of the attacker may not reply to
the SYN-ACKs, where RSTs, ICMP, or ACKs messages may
move the Transmission Control Block (TCB) from the SYN-
RECEIVED state. The attacker can avoid responding to the
SYN-ACK packets by setting some of the firewall
configurations by which the firewall can filter leaving packets
to the listener (i.e., only permitting SYN packets out); the
firewall can filter arriving packets so that the SYN-ACK
packets are dropped before approaching the processing code
of the local TCP.
The source IP address is also can be spoofed to perform
the TCP SYN attack; this is more complicated than the direct
attack [22]. In such attack, the attacker changes firewall rules,
generates and send IP packets that have legal TCP and IP
headers. Furthermore, IP address spoofing techniques can be
classified into various categories, depending on what spoofed
IP source address is used in the attack packet.
The DDoS TCP SYN flood attack is very dangerous to the
victim server because it raises the amount of the traffic that is
sent to the victim [21]. Chasing the distributed attack is a
tough task, which is the major reason that makes the defense
against a TCP SYN DDoS attack very hard. User Datagram
Protocol (UDP) is a protocol in the transport layer and the
application layer uses this protocol widely, including DNS
servers [23]. UDP is not like TCP; this protocol is
connectionless and there is no guarantee that data reach their
destination. Fig.8 represents the UDP header.
Fig. 8. UDP Header
In UDP flood DoS attacks, the attacker uses the UDP to
perform this type of attack [18]. Using the UDP protocol to
launch DoS attacks is not as simple as using the TCP protocol.
However, the UDP flood attack is executed by sending many
UDP packets to random ports of the victim [10].
Consequently, the target server will:
Examine the application which listens at the port.
On that port, if there is no application listening, the server
responds with an ICMP packet Destination Unreachable
message. Fig.9 shows the UDP Flood Attack.
Fig. 9. UDP Flood Attack
7. International Journal of Multidisciplinary Research and Publications
ISSN (Online): 2581-6187
7
Hadeel S. Obaid and Esamaddin H. Abeed, ―DoS and DDoS Attacks at OSI Layers,‖ International Journal of Multidisciplinary Research and
Publications (IJMRAP), Volume 2, Issue 8, pp. 1-9, 2020.
E. Denial of Service Attack at the Network Layer
Layer 3 of the OSI model is responsible for data packets‘
routing and switching to various networks and LANs. It
depends on IP, ARP, RIP and ICMP protocols, relying on
routers [10]. DoS attacks at the Network layer include
injecting the victim‘s network with a large amount of traffic
that it cannot handle. As a result, the victim network begins to
respond slowly or it neglects some packets. The loss of some
packets can cause an overflow of retransmitted packets and
causes extra traffic. Increasing the network traffic overfeeds
the network, and it becomes inaccessible for the legitimate
users [15]. There are several attacks at the Network Layer:
1- Smurf Attack
Smurf Attack is an old DoS attack where the attacker
sends an echo packet to a routing machine in the network, and
the source of the data is concealed. By using a broadcast
address, the request is sent to all machines over the network.
All machines that receive the echo packet send a reply to the
sender, which is the victim [6]. Smurfing considers internet
control message protocols (ICMP) and Internet protocols. A
network administrator uses an ICMP protocol for data
exchange, the network status, and pinging devices to define
their operational state. The machines that are operative send
back an echo packet as a response to ping requests. The Smurf
program generates a network packet that seems to have
originated from another address; this is called IP spoofing.
The packet includes an ICMP ping message, which is sent to
all IP addresses in the network by using an IP broadcast. Thus,
the echo responses are sent to the IP address of the victim.
Many ping requests and echo replies make the network
unavailable for real traffic [12]. Fig. 10 shows the Smurf
Attack Smurf attack Steps:
1- The attacker determines IP address of the victim.
2- The attacker identifies the intermediate site to help in
increasing attack.
3- The attacker sends a huge amount of traffic to the
broadcast address at specific intermediate sites.
4- Intermediate sites offer broadcast to all hosts in a
subnet.
5- Hosts reply to the victim‘s address.
Fig. 10. Smurf Attack
2- ICMP Flood Attack
In ICMP Flood, also called a Ping flood, where the
attacker sends an enormous number of ICMP Echo packets to
the victim server in order to exhaust all existing bandwidth
and prevent legitimate users [24]. The ping command is one
example of this attack. The ping command is mainly used for
testing the connectivity of the network by examining whether
a device can send and receive messages over the network. Fig.
11 represents the ICMP Flood Attack.
Fig. 11. ICMP Flood Attack
F. Denial of Service Attack at the Data Link Layer
Layer 2 ensures that the data is effectively handed over to
the physical layer [10]. The media access control (MAC) or
link layer offers channel settlement neighbor-to-neighbor
transmission. Cooperative systems, which depend on carrier
sense and allows nodes to sense other nodes are
communicating, are particularly susceptible to DoS attacks.
Attacks such us Collision, Unfairness and Exhaustion are
based on attacking data frame detection, medium access
control, multiplexing of data-streams and error control [17].
There are well-known attacks at Data Link Layer.
1- Unfairness Attack
Misusing a cooperating MAC layer priority system or
sporadic application of those attacks can result in an
Unfairness Attack, which is a weak format type of DoS attack
[26]. This menace may not completely block legal entry to the
channel, however this can reduce service by making clients
miss their deadlines in a real time MAC protocol. One
mechanism to prevent this menace is using small frames so
that a node may access the channel only for a short time. But,
this technique can increase framing overhead if the network
sends long messages. In addition, an attacker can fail this
defense by deception, where competing for access, for
example, by replying fast, whilst others delay in a random
way.
2- Collision Attack
A collision in one octet may only be needed for a
transmission to cause disruption [26]. Any change in the data
part may cause a mismatch in the checksum at the receiver
end. In some MAC protocols, a distorted ACK control
message can produce expensive exponential back off. At any
8. International Journal of Multidisciplinary Research and Publications
ISSN (Online): 2581-6187
8
Hadeel S. Obaid and Esamaddin H. Abeed, ―DoS and DDoS Attacks at OSI Layers,‖ International Journal of Multidisciplinary Research and
Publications (IJMRAP), Volume 2, Issue 8, pp. 1-9, 2020.
layer, error-correcting codes offer a good method for bearing
changing levels of distortion in messages. These codes can
function best as counters to probabilistic or environmental
errors. In one encoding, attackers may distort more data than
the system can correct at a considerabl cost to the system.
Codes for correcting errors themselves can cause further
communication and processing overhead. A network may
employ collision detection to detect the attacking collisions,
but it generates a link layer jamming process and no efficient
defense is known. Appropriate communication still need
cooperation between machines, which are predictable to
prevent distortion of others‘ packets. Access may be denied
through the subservient node, where less energy is expended
in fulltime jamming.
3- Exhaustion Attack
A simple implementation of link layer is attempting to
retransmit frequently, while even having been produced by a
late collision, including such a collision near the end of the
frame [26]. An Exhaustion attack is an active DoS attack that
can exhaust the resources of the battery in neighboring
devices. The attack compromises availableness at little
expense to the attacker. The likelihood of unintended
collision, can be reduced by random back-offs; therefore, they
could not help in stopping such an attack. Each node is offered
a slot to broadcast without needing adjudication for each
frame by using Time Division Multiplexing Technique. The
unlimited delay issue in a back-off algorithm could be
resolved by using such a technique, however, it is still
vulnerable to collisions. A self-sacrificing node can take
advantage of the cooperating nature of most protocols at the
MAC layer in an interrogation attack. For instance, Request-
to-Send, Data/Ack and Clear-to-Send messages are used by
IEEE 802.11 MAC protocols to detain data transmission and
channel access. A node could frequently request to access the
channel by sending RTS, obtaining a CTS reply from the
targeted neighbor. The energy resources of both nodes can be
consumed by continuous transmission. The MAC admission
can monitor the rate limit as a solution, thus additional
requests are disregard on the network without sending costly
radio transmissions. This limit should not be less than the
predictable maximum data rate that the network can support.
Limiting the inessential replies that the protocol needs is an
approach to prevent battery exhaustion attack. Engineers often
code this ability into the system for generic effectiveness;
however, extra logic is needed for coding to deal with possible
attacks.
G. Denial of Service Attack at the Physical layer
Jamming attacks are one of the most significant attacks in
denial of service attacks [27]. Because wireless networks are
dependent on radio channels, jamming attacks overlap with
the transmission channels by transmitting semi-valid packets
to interrupt the transmission between genuine nodes.
DoS attacks that target the network infrastructure have
become more prevalent because of the increase in the number
of wireless networks and the importance of such networks
[28]. Wireless transmissions are constantly very sensitive to
interference. As an example, Microsoft's Xbox is able to
interfere with 802.11n networks because they both use 2.4
GHz bands. This interference can be performed using a
jammer. Outside the United States, it is legal to use frequency
jammers. For example, in France, they allow using frequency
jammers to ban cell phone communications in restaurants and
theatres. In Italy, jammers are used to decrease the probability
of academic dishonesty in exam rooms. In Mexico, jammers
are used to maintain the sacredness of religious occasions. In
distributed networks, Miniature jammers are used in malicious
and intentional disruptions of wireless communication.
Nowadays low-power tiny, jammers can be build using Nano
Electro Mechanical Systems (NEMS) and Micro Electro
Mechanical Systems (MEMS) which can be spread like ―dust‖
constructing a distributed jammer network. Such a jammer has
a simple function in comparison to sensors (i.e., transmitting
noise signals rather than: filtering, complex modulation, or
various other type of signal processing functions). In Iraq, in
the second Gulf War, the United States used these techniques
[25]. At the Physical layer, there are two types of DoS attacks
[26]:
Jamming attack: - which is a well-known attack on
wireless communication. The attack frequencies interfere with
the regular frequencies that the nodes of the network used. An
attacker may interrupt the whole network with jamming nodes,
placing the network nodes out of service.
Tampering attack: - A One cannot realistically expect
access to many or hundreds of nodes that are spread over a
wide area. These networks can be under true brute-force
destruction. An attacker may replace or damage sensor and
computation hardware; important information could be
hacked. Cryptographic keys can be used to obtain unlimited
entree to higher levels of communication, where node
destruction could become difficult to be differentiated from
fail silent behaviour.
VI. CONCLUSION
Attackers attempt to launch DoS and DDoS attacks from
different OSI model layers. They take advantage of the
security issues involves in this model. Engineers did not
consider security when they first developed the OSI model
layers. DoS attacks at Application layer are complex and
disturbing than the other layers DoS attacks. HTTP GET and
HTTP POST Attacks are the most popular DoS attacks at the
Application layer. They misuse the HTTP GET and HTTP
POST protocols.
DoS attack at the presentation Layer includes the misuse of
the Secure Socket Layer (SSL) protocol. While DoS attacks at
the Session Layer abuse the of log-on and log-off protocols
such as Telnet DoS attack. DoS attacks at the Transport layer
often involve misuse of TCP and UDP protocols. Layer 4 DoS
attacks can be classified into flooding attacks and de-
synchronization attack. The most common DoS and DDoS
attacks at the Transport layer are TCP SYN flood and UDP
flood attacks. TCP SYN flood uses the weaknesses in the TCP
protocol. While UDP flood attacks use the UDP to perform
this type of attack but is not as simple as using the TCP
protocol. They can be executed by sending many UDP packets
to random ports of the target victim. Network layer DoS
attacks involve injecting the victim‘s network with a large
9. International Journal of Multidisciplinary Research and Publications
ISSN (Online): 2581-6187
9
Hadeel S. Obaid and Esamaddin H. Abeed, ―DoS and DDoS Attacks at OSI Layers,‖ International Journal of Multidisciplinary Research and
Publications (IJMRAP), Volume 2, Issue 8, pp. 1-9, 2020.
amount of traffic that it cannot handle. Smurf Attack, ICMP
Flood and Ping of Death are the most common attacks at this
layer. All these attacks based on the ICMP protocol
weaknesses. Data Link Layer includes attacks such as
Collision, Unfairness and Exhaustion which are based on
attacking data frame detection, medium access control,
multiplexing of data-streams and error control.
REFERENCES
[1] Razak, T.A.: ‗A study on IDS for preventing denial of service attack
using outliers‘ techniques‘, (IEEE, 2016), pp. 768-775.
[2] Luo, S., Wu, J., Li, J., and Pei, B.: ‗A defense mechanism for distributed
denial of service attack in software-defined networks‘ (IEEE, 2015), pp.
325-329.
[3] Loukas, G.: ‗Defence against denial of service in self-aware networks‘,
2006.
[4] Durcekova, V., Schwartz, L., and Shahmehri, N.: ‗Sophisticated denial
of service attacks aimed at application layer‘ (IEEE, 2012), pp. 55-60
[5] Koc, L., and Carswell, A.D.: ‗Network intrusion detection using a hnb
binary classifier‘, (IEEE, 2015.), pp. 81-85.
[6] Barki, L., Shidling, A., Meti, N., Narayan, D., and Mulla, M.M.:
‗Detection of distributed denial of service attacks in software defined
networks‘ (IEEE, 2016), pp. 2576-2581.
[7] Katkar, V.D., and Bhatia, D.S.: ‗Experiments on detection of Denial of
Service attacks using REPTree‘, (IEEE, 2013), pp. 713-718.
[8] Tan, Z., Jamdagni, A., He, X., Nanda, P., and Liu, R.P.: ‗A system for
denial-of-service attack detection based on multivariate correlation
analysis‘, IEEE transactions on parallel and distributed systems, 2013,
25, (2), pp. 447-456.
[9] Abliz, M.: ‗Internet denial of service attacks and defense mechanisms‘,
University of Pittsburgh, Department of Computer Science, Technical
Report, 2011, pp. 1-50.
[10] Muharish, E.Y.M.: ‗Packet filter approach to detect denial of service
attacks‘, 2016.
[11] Kumar, G.: ‗Understanding denial of service (DoS) attacks using OSI
reference model‘, International Journal of Education and Science
Research, 2014, 1, (5).
[12] Sandeep, R.: ‗A study of DoS & DDoS-smurf attack and preventive
measures‘, International Journal of Computer Science and Information
Technology Research, 2014, 2, pp. 1-6.
[13] Panicker, A.: ‗Botnets and Distributed Denial of Service Attacks‘, 2008.
[14] Kumar, S., Dalal, S., and Dixit, V.: ‗The OSI model: Overview on the
seven layers of computer networks‘, International Journal of Computer
cience and Information Technology Research, 2014, 2, (3), pp. 461-466.
[15] Kumar, G.: ‗Denial of service attacks–an updated perspective‘, Systems
science & control engineering, 2016, 4, (1), pp. 285-294.
[16] Tripathi, N., Hubballi, N., and Singh, Y.: ‗How secure are web servers?
An empirical study of slow HTTP DoS attacks and detection‘, (IEEE,
2016), pp. 454-463.
[17] Xia, Y.: ‗Selective Dropping of Rate Limiting Against Denial of Service
Attacks‘, University of Dayton, 2016.
[18] Shah, M., Soni, V., Shah, H., and Desai, M.: ‗TCP/IP network
protocols—security threats, flaws and defense methods‘ (IEEE, 2016),
pp. 2693-2699.
[19] Maregeli, C.N.: ‗A study on TCP-SYN attacks and their effects on a
network infrastructure‘, 2010.
[20] Rana, D.S., Garg, N., and Chamoli, S.K.: ‗A Study and Detection of
TCP SYN Flood Attacks with IP spoofing and its Mitigations‘,
International Journal of Computer Technology and Applications, 2012,
3, (4), pp. 1476-1480
[21] Bogdanoski, M., Toshe.vski, A., Bogatinov, D., and Bogdanoski, M.: ‗A
novel approach for mitigating the effects of the TCP SYN flood DDoS
attacks‘, World Journal of Modelling and Simulation, 2016, 12, (3), pp.
217-230.
[22] Bogdanoski, M., Suminoski, T., and Risteski, A.: ‗Analysis of the SYN
flood DoS attack‘, International Journal of Computer Network and
Information Security (IJCNIS), 2013, 5, (8), pp. 1-11.
[23] Saied, A.: ‗Distributed denial of service (ddos) attack detection and
mitigation‘, King's College London, 2015.
[24] Gupta, N., Jain, A., Saini, P., and Gupta, V.: ‗DDoS attack algorithm
using ICMP flood‘, (IEEE, 2016), pp. 4082-4084.
[25] Shaker, K.: ‗Analyzing DoS and DDos Attacks to Identify Effective
Mitigation Techniques‘, American International University-Bangladesh
(AIUB), 2014.
[26] Wood, A.D., and Stankovic, J.A.: ‗Denial of service in sensor networks‘,
computer, 2002, 35, (10), pp. 54-62.
[27] Bandaru, S.: ‗Investigating the Effect of Jamming Attacks on Wireless
LANS‘, International Journal of Computer Applications, 2014, 99, (14),
pp. 5-9.
[28] Akhter, S., Myers, J., Bowen, C., Ferzetti, S., Belko, P., and Hnatyshin,
V.: ‗Modeling DDoS Attacks with IP Spoofing and Hop-Count Defense
Measure Using OPNET Modeler‘, (2013).
[29] Sabry, S.S., Qarabash, N.A., and Obaid, H.S.: ‗The Road to the Internet
of Things: a Survey‘, (IEEE, 2019), pp. 290-296.
[30] Anirudh, M., Thileeban, S.A., and Nallathambi, D.J.: ‗Use of honeypots
for mitigating DoS attacks targeted on IoT networks‘, pp. 1-4.
[31] Obaid, H.S., Dheyab, S.A., and Sabry, S.S.: ‗The Impact of Data Pre-
Processing Techniques and Dimensionality Reduction on the Accuracy
of Machine Learning‘, (IEEE, 2019), pp. 279-283.