This document presents a dissertation on cooperative defense mechanisms against distributed denial of service (DDoS) attacks. It discusses DDoS attacks, existing defense techniques, and proposes a multi-level defense approach. The proposed approach involves four steps: 1) detecting DDoS attacks, 2) challenging attacking sources, 3) suppressing malicious packets, and 4) diverting traffic floods. It also describes an algorithm that uses client puzzles to defend against DDoS attacks by generating puzzles when traffic volumes rise above certain thresholds.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
IRJET- A Study of DDoS Attacks in Software Defined NetworksIRJET Journal
This document discusses DDoS attacks in software defined networks. It begins with an overview of SDN architecture and its vulnerabilities. It then describes different types of DDoS attacks, categorizing them as attacks on the data plane or control plane. Volumetric attacks aim to overwhelm the victim with traffic, while protocol exploitation attacks exhaust system resources. The document reviews approaches for detecting and mitigating DDoS attacks in SDN, such as using thresholds to detect sudden traffic increases or inspecting packets for abnormal values. Machine learning algorithms can also be used to classify packets and detect attacks. Specific studies that implemented detection and mitigation techniques using SDN controllers and tools are also summarized.
This document summarizes a research paper that evaluates the performance of Byzantine flood rushing attacks in ad hoc networks. The paper implements a flood rushing attack in an AODV-enabled ad hoc network using a network simulator. It analyzes the effects of the attack on network throughput, latency, and packet delivery ratio. The results show that as more adversarial nodes carry out the flood rushing attack, the network throughput decreases and latency increases, degrading network performance.
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
This document summarizes a survey on distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANETs). It begins by introducing MANETs and some of the key security issues they face, including DDoS attacks. It then discusses different types of DDoS attacks like flooding and amplification/reflection attacks. The document proposes a new defense scheme against amplification attacks, which exploit protocols like DNS and NTP to amplify traffic. It describes using the Network Security Simulator to model and simulate DDoS attacks with master, zombie, and server entities to evaluate defense techniques and compare the impact of protocols like DNS and NTP.
Risk Assessment for Identifying Intrusion in ManetIOSR Journals
This document presents a risk assessment approach for identifying intrusions in mobile ad hoc networks (MANETs). It proposes using Dempster-Shafer theory to combine evidence from an intrusion detection system and routing table changes to assess the risk of attacks and countermeasures. An adaptive decision module then determines the response based on the risk assessment. The approach is evaluated experimentally and shown to effectively mitigate attack damages in MANETs.
Region Based Time Varying Addressing Scheme For Improved Mitigating Various N...theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The papers for publication in The International Journal of Engineering& Science are selected through rigorous peer reviews to ensure originality, timeliness, relevance, and readability.
This document summarizes a research paper that analyzes the performance of two routing protocols for mobile ad hoc networks (MANETs) - AODV and TORA - under distributed denial of service (DDoS) attacks. The paper simulates DDoS attacks on networks using the AODV and TORA protocols and compares their performance based on metrics like throughput, delay, network load, and packet delivery ratio. The simulation results indicate that while both protocols are affected by DDoS attacks, AODV experiences less severe performance degradation and is therefore more resilient to such attacks compared to TORA.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
IRJET- A Study of DDoS Attacks in Software Defined NetworksIRJET Journal
This document discusses DDoS attacks in software defined networks. It begins with an overview of SDN architecture and its vulnerabilities. It then describes different types of DDoS attacks, categorizing them as attacks on the data plane or control plane. Volumetric attacks aim to overwhelm the victim with traffic, while protocol exploitation attacks exhaust system resources. The document reviews approaches for detecting and mitigating DDoS attacks in SDN, such as using thresholds to detect sudden traffic increases or inspecting packets for abnormal values. Machine learning algorithms can also be used to classify packets and detect attacks. Specific studies that implemented detection and mitigation techniques using SDN controllers and tools are also summarized.
This document summarizes a research paper that evaluates the performance of Byzantine flood rushing attacks in ad hoc networks. The paper implements a flood rushing attack in an AODV-enabled ad hoc network using a network simulator. It analyzes the effects of the attack on network throughput, latency, and packet delivery ratio. The results show that as more adversarial nodes carry out the flood rushing attack, the network throughput decreases and latency increases, degrading network performance.
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
This document summarizes a survey on distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANETs). It begins by introducing MANETs and some of the key security issues they face, including DDoS attacks. It then discusses different types of DDoS attacks like flooding and amplification/reflection attacks. The document proposes a new defense scheme against amplification attacks, which exploit protocols like DNS and NTP to amplify traffic. It describes using the Network Security Simulator to model and simulate DDoS attacks with master, zombie, and server entities to evaluate defense techniques and compare the impact of protocols like DNS and NTP.
Risk Assessment for Identifying Intrusion in ManetIOSR Journals
This document presents a risk assessment approach for identifying intrusions in mobile ad hoc networks (MANETs). It proposes using Dempster-Shafer theory to combine evidence from an intrusion detection system and routing table changes to assess the risk of attacks and countermeasures. An adaptive decision module then determines the response based on the risk assessment. The approach is evaluated experimentally and shown to effectively mitigate attack damages in MANETs.
Region Based Time Varying Addressing Scheme For Improved Mitigating Various N...theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The papers for publication in The International Journal of Engineering& Science are selected through rigorous peer reviews to ensure originality, timeliness, relevance, and readability.
This document summarizes a research paper that analyzes the performance of two routing protocols for mobile ad hoc networks (MANETs) - AODV and TORA - under distributed denial of service (DDoS) attacks. The paper simulates DDoS attacks on networks using the AODV and TORA protocols and compares their performance based on metrics like throughput, delay, network load, and packet delivery ratio. The simulation results indicate that while both protocols are affected by DDoS attacks, AODV experiences less severe performance degradation and is therefore more resilient to such attacks compared to TORA.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
Survey of Clustering Based Detection using IDS Technique IRJET Journal
This document discusses intrusion detection systems (IDS) and different techniques used for IDS, including clustering-based detection. It first provides background on IDS, describing their purpose of detecting intruders and protecting systems. It then outlines various IDS types, including mobile agent-based, cluster-based, cryptography-based, and others. The document also summarizes related work from other papers applying data mining techniques like clustering to improve IDS detection rates and reduce false alarms. Finally, it discusses problems with current and traditional IDS, such as threshold detection leading to false positives, and false negatives where attacks are missed.
A COMBINATION OF TEMPORAL SEQUENCE LEARNING AND DATA DESCRIPTION FOR ANOMALYB...IJNSA Journal
Through continuous observation and modelling of normal behavior in networks, Anomaly-based Network Intrusion Detection System (A-NIDS) offers a way to find possible threats via deviation from the normal model. The analysis of network traffic based on time series model has the advantage of exploiting the relationship between packages within network traffic and observing trends of behaviors over a period of time. It will generate new sequences with good features that support anomaly detection in network traffic and provide the ability to detect new attacks. Besides, an anomaly detection technique, which focuses on the normal data and aims to build a description of it, will be an effective technique for anomaly detection in imbalanced data. In this paper, we propose a combination model of Long Short Term Memory (LSTM) architecture for processing time series and a data description Support Vector Data Description (SVDD) for anomaly detection in A-NIDS to obtain the advantages of them. This model helps parameters in LSTM and SVDD are jointly trained with joint optimization method. Our experimental results with KDD99 dataset show that the proposed combined model obtains high performance in intrusion detection, especially DoS and Probe attacks with 98.0% and 99.8%, respectively.
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
This document proposes a scalable framework using SDN and machine learning techniques to detect and mitigate DDoS attacks in large-scale networks. The framework uses a lightweight detection layer implemented across multiple controllers to detect anomalies locally using entropy calculations. It also includes a heavyweight detection layer in a centralized system that employs machine learning for more accurate detection. The goal is to provide robust intrusion detection that can quickly detect network attacks efficiently in large networks.
The Impact on Security due to the Vulnerabilities Existing in the network a S...IJAEMSJORNAL
Software Defined Networking, the emerging technology is taking the network sector to a new variant. Networking sector completely focused on hardware infrastructure is now moving towards software programming. Due to an exponential growth in the number of user and the amount of information over wires, there arises a great risk with the existing IP Network architecture. Software Defined Networking paves a platform identifying a feasible solution to the problem by virtualization. Software Defined Networking provides a viable path in virtualization and managing the network resources in an “On Demand Manner”. This study is focused on the drawbacks of the existing technology and a fine grained introduction to Software Defined Networking. Further adding to the above topic, this study also passes over the current steps taken in the industrial sector in implementing Software Defined Networking. This study makes a walkthrough about the security features of Software Defined Networking, its advantages, limitations and further scope in identifying the loopholes in the security.
A Distributed Approach to Defend Web Service from DDoS AttacksCSCJournals
Most of the business applications on the Internet are dependent on web services for their transactions. Distributed denial of service (DDoS) attacks either degrade or completely disrupt web services by sending flood of packets and requests towards the victim web servers. An array of defense schemes are proposed but still defending web service from DDoS attacks is largely an unsolvable problem so far. In this paper, DDoS defense schemes are classified into centralized and distributed and their relative advantages and disadvantages are explored. An ISP based distributed approach is a pragmatic solution to defend from DDoS attacks due to its autonomous control, more resources, and incremental scope. Traffic cluster entropy is conceptualized from source address entropy and the combination is used to detect various types of DDoS attacks against the web service. A framework is proposed which can detect the attack, characterize attack sources, and filter the attack packets as early as possible so as to minimize the collateral damage
This document proposes a trust count based validation method to lessen internal attacks in mobile ad hoc networks. The key aspects of the proposed method are:
1. The network is divided into hierarchical clusters, each with a fully trusted cluster head.
2. Each node holds a certificate from an offline certificate authority that includes the node's access policy and expiration time.
3. A trust count is periodically calculated for each node based on its access policy evaluations.
4. Cluster heads renew or reject member nodes' certificates based on their trust count values, aiming to mitigate internal attacks like node capture attacks.
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET Journal
This document presents a review of using recurrent neural networks for network intrusion detection. It begins with an introduction to intrusion detection systems and the types of attacks they aim to detect. It then discusses previous research on machine learning approaches for intrusion detection, including the use of autoencoders, support vector machines, and other classifiers. The proposed approach uses a recurrent neural network for feature selection and classification of network data. The framework involves data collection, preprocessing including feature selection, training the recurrent neural network classifier, and then using the trained model to detect attacks in new data. Experimental results on benchmark intrusion detection datasets are presented and compared to other machine learning methods.
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
Wireless Sensor Network (WSNs) are deployed at aggressive environments which are vulnerable to various security attacks such as Wormholes, Denial of Attacks and Sybil Attacks. There are various intrusion detection techniques that are used to identify attacks in a network with high accuracy level. This paper has focused on Denial of Service attack, since it is the most common attack that affects the environment severely. Therefore a new hybrid technique combining Hidden Markov Model with Ant Colony Optimization (HMM+ACO) has been
proposed that gives improved performance than the other techniques.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Self Adaptive Automatch Protocol for Batch Identification Mechanism in Wirele...IRJET Journal
This document discusses a self-adaptive automatch protocol for batch identification in wireless mobile networks. It proposes two algorithms, Condensed Binary Identification (CBI) and Multiple Rounds Identification (MRI), to improve the performance of identifying invalid signatures when batch verification fails at the receiver or sink node. The system forms nodes, transmits encrypted messages through intermediate nodes which may include attackers, and uses the sink node to perform batch verification and identify invalid signatures using the most suitable identification algorithm based on the transaction history of attackers.
IRJET- Software Defined Network: DDOS Attack DetectionIRJET Journal
This document discusses software defined networks (SDNs) and detecting distributed denial-of-service (DDoS) attacks in SDNs. It provides background on SDN architecture and how DDoS attacks work. The paper aims to address risks of DDoS attacks in SDNs and focuses on detection. It describes existing DDoS attack techniques and solutions. The document proposes using algorithms like TCM-KNN and DPTCM-KNN for detection of attacks in network traffic flows, and compares the two algorithms using parameters like packet length and response time.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
This paper proposes a system called FireCol for detecting and preventing distributed denial-of-service (DDoS) attacks. FireCol uses a distributed architecture of multiple intrusion prevention systems (IPS) forming protective rings around subscribed users. The IPS devices collaborate by exchanging traffic information to calculate scores for potential attacks. If a high score indicates a potential DDoS attack, the protective rings use parallel communication to verify the attack near the source before it reaches the victim. Simulation results show FireCol can effectively detect DDoS attacks while imposing low overhead and supporting scalability.
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
Sniffing is one of the most prominent causes for most of the attacks in the digitized computing environment. Through various packet analyzers or sniffers available free of cost, the network packets can be captured and analyzed. The sensitive information of the victim like user credentials, passwords, a PIN which is of more considerable interest to the assailants’ can be stolen through sniffers. This is the primary reason for most of the variations of DDoS attacks in the network from a variety of its catalog of attacks. An effective and trusted framework for detecting and preventing these sniffing has greater significance in today’s computing. A counter hack method to avoid data theft is to encrypt sensitive information. This paper provides an analysis of the most prominent sniffing attacks. Moreover, this is one of the most important strides to guarantee system security. Also, a Lattice structure has been derived to prove that sniffing is the prominent activity for DoS or DDoS attacks.
A NOVEL TWO-STAGE ALGORITHM PROTECTING INTERNAL ATTACK FROM WSNSIJCNC
Wireless sensor networks (WSNs) consists of small nodes with constrain capabilities. It enables numerous
applications with distributed network infrastructure. With its nature and application scenario, security of
WSN had drawn a great attention. In malicious environments for a functional WSN, security mechanisms
are essential. Malicious or internal attacker has gained attention as the most challenging attacks to
WSNs. Many works have been done to secure WSN from internal attacks but most of them relay on either
training data set or predefined thresholds. It is a great challenge to find or gain knowledge about the
Malicious. In this paper, we develop the algorithm in two stages. Initially, Abnormal Behaviour
Identification Mechanism (ABIM) which uses cosine similarity. Finally, Dempster-Shafer theory (DST)is
used. Which combine multiple evidences to identify the malicious or internal attacks in a WSN. In this
method we do not need any predefined threshold or tanning data set of the nodes.
A comparative study of black hole attack in manet 2IAEME Publication
This document discusses security issues in mobile ad hoc networks (MANETs) and compares solutions to the black hole attack. It begins by defining MANETs and explaining that they rely on cooperation between nodes, making security an important concern. It then discusses different types of routing attacks against MANETs, focusing on the black hole, wormhole, and rushing attacks. Finally, it surveys existing solutions that have been proposed to detect and prevent black hole attacks in MANETs.
This document discusses evaluating the performance of a DMZ (demilitarized zone) network configuration. It begins with an introduction to DMZs and their purpose of adding an additional layer of network security. It then reviews related work that has evaluated DMZ performance and firewall performance but not specifically DMZ performance. The document aims to explore evaluating DMZ performance using network simulation software. It provides background on common firewall types - packet filtering, stateful inspection, and application-proxy gateways - before discussing ways to test DMZ configurations and analyze the effects on network performance.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A Survey Paper on Jamming Attacks and its Countermeasures in Wireless NetworksIRJET Journal
The document discusses jamming attacks in wireless networks and game theoretic approaches to model the interaction between attackers and networks. It analyzes different types of jamming attacks and various anti-jamming techniques. Furthermore, it formulates the interaction as a game using game theory and analyzes Nash equilibriums to determine optimal strategies for both networks and attackers.
Cybersecurity Threat Detection of Anomaly Based DDoS Attack Using Machine Lea...IRJET Journal
This document discusses machine learning techniques for detecting distributed denial of service (DDoS) attacks. It reviews related work applying methods like decision trees, support vector machines, naive Bayes, and deep learning to identify DDoS attacks based on network traffic patterns. The document evaluates these algorithms based on accuracy metrics and processing time. It also explores feature selection and parameter tuning to optimize model performance and training efficiency for detecting DDoS attacks.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
This document proposes a system called FireCol, which stands for a collaborative protection network for detecting flooding DDoS attacks. FireCol uses a distributed network of intrusion prevention systems located at internet service providers that form virtual protection rings around hosts. These systems collaborate by exchanging selected traffic information to detect DDoS attacks close to the source. The document outlines the architecture of FireCol and experimental results showing its effectiveness at detecting attacks with low overhead. Future work is mentioned to extend FireCol's capabilities.
Survey of Clustering Based Detection using IDS Technique IRJET Journal
This document discusses intrusion detection systems (IDS) and different techniques used for IDS, including clustering-based detection. It first provides background on IDS, describing their purpose of detecting intruders and protecting systems. It then outlines various IDS types, including mobile agent-based, cluster-based, cryptography-based, and others. The document also summarizes related work from other papers applying data mining techniques like clustering to improve IDS detection rates and reduce false alarms. Finally, it discusses problems with current and traditional IDS, such as threshold detection leading to false positives, and false negatives where attacks are missed.
A COMBINATION OF TEMPORAL SEQUENCE LEARNING AND DATA DESCRIPTION FOR ANOMALYB...IJNSA Journal
Through continuous observation and modelling of normal behavior in networks, Anomaly-based Network Intrusion Detection System (A-NIDS) offers a way to find possible threats via deviation from the normal model. The analysis of network traffic based on time series model has the advantage of exploiting the relationship between packages within network traffic and observing trends of behaviors over a period of time. It will generate new sequences with good features that support anomaly detection in network traffic and provide the ability to detect new attacks. Besides, an anomaly detection technique, which focuses on the normal data and aims to build a description of it, will be an effective technique for anomaly detection in imbalanced data. In this paper, we propose a combination model of Long Short Term Memory (LSTM) architecture for processing time series and a data description Support Vector Data Description (SVDD) for anomaly detection in A-NIDS to obtain the advantages of them. This model helps parameters in LSTM and SVDD are jointly trained with joint optimization method. Our experimental results with KDD99 dataset show that the proposed combined model obtains high performance in intrusion detection, especially DoS and Probe attacks with 98.0% and 99.8%, respectively.
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
This document proposes a scalable framework using SDN and machine learning techniques to detect and mitigate DDoS attacks in large-scale networks. The framework uses a lightweight detection layer implemented across multiple controllers to detect anomalies locally using entropy calculations. It also includes a heavyweight detection layer in a centralized system that employs machine learning for more accurate detection. The goal is to provide robust intrusion detection that can quickly detect network attacks efficiently in large networks.
The Impact on Security due to the Vulnerabilities Existing in the network a S...IJAEMSJORNAL
Software Defined Networking, the emerging technology is taking the network sector to a new variant. Networking sector completely focused on hardware infrastructure is now moving towards software programming. Due to an exponential growth in the number of user and the amount of information over wires, there arises a great risk with the existing IP Network architecture. Software Defined Networking paves a platform identifying a feasible solution to the problem by virtualization. Software Defined Networking provides a viable path in virtualization and managing the network resources in an “On Demand Manner”. This study is focused on the drawbacks of the existing technology and a fine grained introduction to Software Defined Networking. Further adding to the above topic, this study also passes over the current steps taken in the industrial sector in implementing Software Defined Networking. This study makes a walkthrough about the security features of Software Defined Networking, its advantages, limitations and further scope in identifying the loopholes in the security.
A Distributed Approach to Defend Web Service from DDoS AttacksCSCJournals
Most of the business applications on the Internet are dependent on web services for their transactions. Distributed denial of service (DDoS) attacks either degrade or completely disrupt web services by sending flood of packets and requests towards the victim web servers. An array of defense schemes are proposed but still defending web service from DDoS attacks is largely an unsolvable problem so far. In this paper, DDoS defense schemes are classified into centralized and distributed and their relative advantages and disadvantages are explored. An ISP based distributed approach is a pragmatic solution to defend from DDoS attacks due to its autonomous control, more resources, and incremental scope. Traffic cluster entropy is conceptualized from source address entropy and the combination is used to detect various types of DDoS attacks against the web service. A framework is proposed which can detect the attack, characterize attack sources, and filter the attack packets as early as possible so as to minimize the collateral damage
This document proposes a trust count based validation method to lessen internal attacks in mobile ad hoc networks. The key aspects of the proposed method are:
1. The network is divided into hierarchical clusters, each with a fully trusted cluster head.
2. Each node holds a certificate from an offline certificate authority that includes the node's access policy and expiration time.
3. A trust count is periodically calculated for each node based on its access policy evaluations.
4. Cluster heads renew or reject member nodes' certificates based on their trust count values, aiming to mitigate internal attacks like node capture attacks.
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET Journal
This document presents a review of using recurrent neural networks for network intrusion detection. It begins with an introduction to intrusion detection systems and the types of attacks they aim to detect. It then discusses previous research on machine learning approaches for intrusion detection, including the use of autoencoders, support vector machines, and other classifiers. The proposed approach uses a recurrent neural network for feature selection and classification of network data. The framework involves data collection, preprocessing including feature selection, training the recurrent neural network classifier, and then using the trained model to detect attacks in new data. Experimental results on benchmark intrusion detection datasets are presented and compared to other machine learning methods.
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
Wireless Sensor Network (WSNs) are deployed at aggressive environments which are vulnerable to various security attacks such as Wormholes, Denial of Attacks and Sybil Attacks. There are various intrusion detection techniques that are used to identify attacks in a network with high accuracy level. This paper has focused on Denial of Service attack, since it is the most common attack that affects the environment severely. Therefore a new hybrid technique combining Hidden Markov Model with Ant Colony Optimization (HMM+ACO) has been
proposed that gives improved performance than the other techniques.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Self Adaptive Automatch Protocol for Batch Identification Mechanism in Wirele...IRJET Journal
This document discusses a self-adaptive automatch protocol for batch identification in wireless mobile networks. It proposes two algorithms, Condensed Binary Identification (CBI) and Multiple Rounds Identification (MRI), to improve the performance of identifying invalid signatures when batch verification fails at the receiver or sink node. The system forms nodes, transmits encrypted messages through intermediate nodes which may include attackers, and uses the sink node to perform batch verification and identify invalid signatures using the most suitable identification algorithm based on the transaction history of attackers.
IRJET- Software Defined Network: DDOS Attack DetectionIRJET Journal
This document discusses software defined networks (SDNs) and detecting distributed denial-of-service (DDoS) attacks in SDNs. It provides background on SDN architecture and how DDoS attacks work. The paper aims to address risks of DDoS attacks in SDNs and focuses on detection. It describes existing DDoS attack techniques and solutions. The document proposes using algorithms like TCM-KNN and DPTCM-KNN for detection of attacks in network traffic flows, and compares the two algorithms using parameters like packet length and response time.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
This paper proposes a system called FireCol for detecting and preventing distributed denial-of-service (DDoS) attacks. FireCol uses a distributed architecture of multiple intrusion prevention systems (IPS) forming protective rings around subscribed users. The IPS devices collaborate by exchanging traffic information to calculate scores for potential attacks. If a high score indicates a potential DDoS attack, the protective rings use parallel communication to verify the attack near the source before it reaches the victim. Simulation results show FireCol can effectively detect DDoS attacks while imposing low overhead and supporting scalability.
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
Sniffing is one of the most prominent causes for most of the attacks in the digitized computing environment. Through various packet analyzers or sniffers available free of cost, the network packets can be captured and analyzed. The sensitive information of the victim like user credentials, passwords, a PIN which is of more considerable interest to the assailants’ can be stolen through sniffers. This is the primary reason for most of the variations of DDoS attacks in the network from a variety of its catalog of attacks. An effective and trusted framework for detecting and preventing these sniffing has greater significance in today’s computing. A counter hack method to avoid data theft is to encrypt sensitive information. This paper provides an analysis of the most prominent sniffing attacks. Moreover, this is one of the most important strides to guarantee system security. Also, a Lattice structure has been derived to prove that sniffing is the prominent activity for DoS or DDoS attacks.
A NOVEL TWO-STAGE ALGORITHM PROTECTING INTERNAL ATTACK FROM WSNSIJCNC
Wireless sensor networks (WSNs) consists of small nodes with constrain capabilities. It enables numerous
applications with distributed network infrastructure. With its nature and application scenario, security of
WSN had drawn a great attention. In malicious environments for a functional WSN, security mechanisms
are essential. Malicious or internal attacker has gained attention as the most challenging attacks to
WSNs. Many works have been done to secure WSN from internal attacks but most of them relay on either
training data set or predefined thresholds. It is a great challenge to find or gain knowledge about the
Malicious. In this paper, we develop the algorithm in two stages. Initially, Abnormal Behaviour
Identification Mechanism (ABIM) which uses cosine similarity. Finally, Dempster-Shafer theory (DST)is
used. Which combine multiple evidences to identify the malicious or internal attacks in a WSN. In this
method we do not need any predefined threshold or tanning data set of the nodes.
A comparative study of black hole attack in manet 2IAEME Publication
This document discusses security issues in mobile ad hoc networks (MANETs) and compares solutions to the black hole attack. It begins by defining MANETs and explaining that they rely on cooperation between nodes, making security an important concern. It then discusses different types of routing attacks against MANETs, focusing on the black hole, wormhole, and rushing attacks. Finally, it surveys existing solutions that have been proposed to detect and prevent black hole attacks in MANETs.
This document discusses evaluating the performance of a DMZ (demilitarized zone) network configuration. It begins with an introduction to DMZs and their purpose of adding an additional layer of network security. It then reviews related work that has evaluated DMZ performance and firewall performance but not specifically DMZ performance. The document aims to explore evaluating DMZ performance using network simulation software. It provides background on common firewall types - packet filtering, stateful inspection, and application-proxy gateways - before discussing ways to test DMZ configurations and analyze the effects on network performance.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A Survey Paper on Jamming Attacks and its Countermeasures in Wireless NetworksIRJET Journal
The document discusses jamming attacks in wireless networks and game theoretic approaches to model the interaction between attackers and networks. It analyzes different types of jamming attacks and various anti-jamming techniques. Furthermore, it formulates the interaction as a game using game theory and analyzes Nash equilibriums to determine optimal strategies for both networks and attackers.
Cybersecurity Threat Detection of Anomaly Based DDoS Attack Using Machine Lea...IRJET Journal
This document discusses machine learning techniques for detecting distributed denial of service (DDoS) attacks. It reviews related work applying methods like decision trees, support vector machines, naive Bayes, and deep learning to identify DDoS attacks based on network traffic patterns. The document evaluates these algorithms based on accuracy metrics and processing time. It also explores feature selection and parameter tuning to optimize model performance and training efficiency for detecting DDoS attacks.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
This document proposes a system called FireCol, which stands for a collaborative protection network for detecting flooding DDoS attacks. FireCol uses a distributed network of intrusion prevention systems located at internet service providers that form virtual protection rings around hosts. These systems collaborate by exchanging selected traffic information to detect DDoS attacks close to the source. The document outlines the architecture of FireCol and experimental results showing its effectiveness at detecting attacks with low overhead. Future work is mentioned to extend FireCol's capabilities.
An Efficient Hybrid-DNN for DDoS Detection and Classification in Software-Def...OKOKPROJECTS
https://okokprojects.com/
IEEE PROJECTS 2023-2024 TITLE LIST
WhatsApp : +91-8144199666
From Our Title List the Cost will be,
Mail Us: okokprojects@gmail.com
Website: : https://www.okokprojects.com
: http://www.ieeeproject.net
Support Including Packages
=======================
* Complete Source Code
* Complete Documentation
* Complete Presentation Slides
* Flow Diagram
* Database File
* Screenshots
* Execution Procedure
* Video Tutorials
* Supporting Softwares
Support Specialization
=======================
* 24/7 Support
* Ticketing System
* Voice Conference
* Video On Demand
* Remote Connectivity
* Document Customization
* Live Chat Support
IMPROVING DDOS DETECTION IN IOT DEVICESIRJET Journal
This document discusses improving detection of distributed denial of service (DDoS) attacks in internet of things (IoT) devices. It proposes a DDoS detection model that includes decision tree models tailored for different classes of IoT devices. Four classes of devices are defined based on their typical traffic patterns - high, raised, medium, and low consistency. Testing showed the approach can accurately detect DDoS traffic for these device classes, with accuracy ranging from 99.92% to 99.99%. The approach leverages device classes to more precisely identify DDoS traffic.
WEB-BASED APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACKS: A DATA-DRI...indexPub
DDoS attacks, which aim to overwhelm a system with requests, are commonplace in the cyber world. In this type of assault, bandwidth and processing resources are deliberately clogged in order to disrupt the interactions of legitimate users. These attacks operate by inundating the victim's system with a deluge of packets, rendering it inaccessible. Diverging from the singular source of Denial of Service (DoS) attacks, DDoS attacks emanate from a multitude of servers, magnifying their impact. Over the last decade, a concentrated effort has been invested in comprehending the orchestration and authentication of DDoS attacks, resulting in valuable insights into discerning attack patterns and suspicious activities. Currently, the focus has shifted towards real-time detection within the stream of network transactions, constituting a critical research domain. Yet, this focus often sidelines the importance of benchmarking DDoS attack assertions within the streaming data framework. As a remedy, the Anomaly-based Real-Time Prevention (ARTP) framework has been formulated, designed specifically to combat application layer DDoS attacks, particularly targeting web applications. Employing advanced machine learning techniques, ARTP offers adaptable methodologies to swiftly and accurately pinpoint application-layer DDoS attacks. Rigorous testing on a representative LLDoS (Low Level DoS) benchmark dataset has affirmed the resilience and efficiency of the proposed ARTP model, underscoring its capacity to achieve the research objectives set forth.
This document is a dissertation submitted by Ameya Vashishth in partial fulfillment of a Bachelor of Technology degree. It discusses denial of service (DoS) attacks and mitigation techniques. The dissertation provides an overview of DoS attacks, describes different types of attacks like Smurf, ping flood, TCP SYN flood and UDP flood. It also discusses distributed DoS attacks and recommended tools to perform DDoS attacks. The document concludes with discussing various countermeasures that can be used to mitigate DoS and DDoS attacks.
DDOS DETECTION IN SOFTWARE-DEFINED NETWORK (SDN) USING MACHINE LEARNINGIJCI JOURNAL
In recent years, the concept of cloud computing and the software-defined network (SDN) have spread
widely. The services provided by many sectors such as medicine, education, banking, and transportation
are being replaced gradually with cloud-based applications. Consequently, the availability of these
services is critical. However, the cloud infrastructure and services are vulnerable to attackers who aim to
breach its availability. One of the major threats to any system availability is a Denial-of-Service (DoS)
attack, which is intended to deny the legitimate user from accessing cloud resources. The Distributed
Denial-of-Service attack (DDoS) is a type of DoS attack which is considerably more effective and
dangerous. A lot of efforts have been made by the research community to detect DDoS attacks, however,
there is still a need for further efforts in this germane field. In this paper, machine learning techniques are
utilized to build a model that can detect DDoS attacks in Software-Defined Networks (SDN). The used ML
algorithms have shown high performance in the earliest studies; hence they have been used in this study
along with feature selection technique. Therefore, our model utilized these algorithms to detect DDoS
attacks in network traffic. The outcome of this experiment shows the impact of feature selection in
improving the model performance. Eventually, The Random Forest classifier has achieved the highest
accuracy of 0.99 in detecting DDoS attack.
Examining the emerging threat of Phishing and DDoS attacks using Machine Lear...IRJET Journal
This document examines using machine learning models to detect phishing and DDoS attacks. It proposes using algorithms like logistic regression, decision trees, k-nearest neighbors, naive Bayes, random forest, and support vector classification to predict outcomes based on user input parameters extracted from website URLs. Phishing involves tricking users into revealing sensitive information, while DDoS aims to overwhelm websites with traffic. The study aims to enhance cybersecurity by extracting features from URLs to identify these attacks using machine learning techniques.
RTL-DL: A HYBRID DEEP LEARNING FRAMEWORK FOR DDOS ATTACK DETECTION IN A BIG D...IJCNCJournal
The document presents a new framework called RTL-DL for detecting DDoS attacks using a hybrid deep learning approach. It aims to address issues with existing datasets like class imbalance and irrelevant features. The proposed model uses random oversampling and TomekLinks under-sampling (RTL) to handle class imbalance in the CICIDS2017 dataset. It also uses an information gain feature selection technique to select important features. The model achieves high performance metrics in detecting DDoS attacks compared to other approaches. It is more computationally efficient due to reduced processing time from using the RTL algorithm. The framework makes an important contribution to addressing DDoS detection challenges in big data environments.
RTL-DL: A Hybrid Deep Learning Framework for DDoS Attack Detection in a Big D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to prevent DDoS attacks. However, their performance is greatly affected by a large class mbalance nature of the training datasets as well as the presence of redundant and irrelevant features in them. This study proposes RTL-DL, a new framework for an effective intrusion detection model based on the random oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3% accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current approaches, the uggested model has demonstrated romising results in identifying network threats in imbalanced data sets.
ddo-s attacks in cloud computing issued taxonomy and future directionmoataz82
This document summarizes research on DDoS attacks in cloud computing. It begins with an introduction to the issues of DDoS attacks in cloud environments and the need for cloud-specific solutions. The document then presents a survey of contributions related to characterization, prevention, detection and mitigation of DDoS attacks in clouds. It develops a taxonomy to classify different solution approaches and identifies weaknesses that need to be addressed. It concludes by outlining design aspects for effective cloud-based DDoS attack solutions and provides evaluation metrics for comparing solutions.
This document describes a proposed SDN-based scheme for detecting and mitigating distributed denial-of-service (DDoS) attacks mounted by botnets. The scheme involves a DDoS blocking application running on an SDN controller that monitors network traffic flows and detects attacks. When an attack is detected, the application installs rules on SDN switches to block traffic from botnet sources while still allowing legitimate traffic. The target server implements CAPTCHA to differentiate legitimate and bot traffic during attacks. The scheme is implemented using the POX SDN controller and OpenFlow standards and tested on the Mininet emulator.
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...IJNSA Journal
Defending against Distributed Denial of Service (DDoS) in the Internet of Things (IoT) computing environment is a challenging task. DDoS attacks are type of collective attack in which attackers work together to compromise internet security and services. The resource-constrained devices used in IoT deployments have made it even easier for an attacker to break, because of the vast number of vulnerable IoT devices with significant compute power. This paper proposed an ensemble machine learning (ML) model using the bagging technique to detect and prevent DDoS attacks in the IoT computing environment. We carried out an Machine Learning experiment and evaluated our proposed model with the most recent DDoS attacks (CICDoS2019) dataset. We use seven validation metrics (classification accuracy, precision rate, recall rate, f1-score, Matthews Correlation Coefficient, false negative rate and false positive rate) to evaluate the performance of the proposed model. The results obtained in our experiment shows an improved performance with an overall maximum classification accuracy of 99.75%, precision rate of 99.99%, recall rate of 99.76%, f1-score of 99.87%, Matthews Correlation Coefficient of 0.000000214, false negative rate of 0.24% and 4.42% false positive rate.
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET Journal
This document proposes an Internal Intrusion Detection and Protection System (IIDPS) to detect insider attacks by analyzing system calls (SCs) using data mining and forensic techniques. The IIDPS creates personal profiles for each user to track their computer usage behaviors over time. When a user logs in, the IIDPS compares their current behaviors to the patterns in their personal profile to determine if they are the legitimate account holder or an unauthorized insider attacker. The IIDPS aims to more accurately authenticate users and detect insider threats compared to existing systems that rely only on usernames and passwords.
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
This document discusses using an enhanced support vector machine (ESVM) to detect and classify distributed denial of service (DDoS) attacks. The ESVM is trained on normal user access behavior attributes and then tests samples of application layer attacks like HTTP flooding and network layer attacks like TCP flooding. It aims to classify these attacks with high accuracy, over 99%. An interactive detection and classification system architecture is proposed that takes DDoS attack samples as input for the ESVM and cross-validates them against normal traffic training samples to identify anomalies.
Our world today relies heavily on informatics and the internet, as computers and communications networks have increased day by day. In fact, the increase is not limited to portable devices such as smartphones and tablets, but also to home appliances such as: televisions, refrigerators, and controllers. It has made them more vulnerable to electronic attacks. The denial of service (DoS) attack is one of the most common attacks that affect the provision of services and commercial sites over the internet. As a result, we decided in this paper to create a smart model that depends on the swarm algorithms to detect the attack of denial of service in internet networks, because the intelligence algorithms have flexibility, elegance and adaptation to different situations. The particle swarm algorithm and the bee colony algorithm were used to detect the packets that had been exposed to the DoS attack, and a comparison was made between the two algorithms to see which of them can accurately characterize the DoS attack.
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...IRJET Journal
This document summarizes research on using machine learning techniques to detect distributed denial-of-service (DDoS) attacks. It discusses how DDoS attacks have become more sophisticated over time. The document examines using naïve Bayes, multilayer perceptron, and other machine learning classifiers on a new dataset containing modern DDoS attack types like HTTP floods and SQL injection DDoS. According to the experimental results, multilayer perceptron achieved the highest accuracy for detecting these modern DDoS attacks.
Early Detection and Prevention of Distributed Denial Of Service Attack Using ...IRJET Journal
The document describes a proposed mechanism for early detection and prevention of distributed denial of service (DDoS) attacks using software-defined networking (SDN). The mechanism uses an SDN controller and Mininet network simulator. It calculates entropy values from network traffic to identify anomalous patterns indicating potential DDoS attacks. Once detected, the SDN controller dynamically reconfigures network paths to divert malicious traffic away from the target. The mechanism is evaluated using statistical metrics and shows superior performance over existing methods in detection rate, false positives, and response time. It provides a practical solution for safeguarding network services against DDoS attacks.
This document provides an overview of trusted computing and the Trusted Platform Module (TPM). It describes the components and functions of the TPM chip, including the endorsement key (EK), storage root key (SRK), platform configuration registers (PCRs), and operational states. The TPM uses cryptographic functions like RSA and SHA-1 to securely store keys and platform measurements within the chip. It maintains a hash-based integrity measurement of the software/firmware components executed during boot to enable remote attestation of the platform's state.
The United Nations uses a risk management process that involves assessing the criticality of programs to balance security risks. It uses a risk matrix to determine risk levels and requires a program criticality assessment for activities with high or very high residual risks. The assessment evaluates the contribution of activities to strategic results and their likelihood of implementation against criteria to designate them as Priority 1 activities that are lifesaving or directed by the Secretary-General. Risk level and program criticality are determined separately without consideration of each other.
This document discusses security models for mobile platforms and detecting malware in the Google Play Store. It describes the security models of iOS and Android platforms, including sandboxing of apps, permissions, and code signing. It then covers different techniques for detecting malware in the Play Store, such as signature-based detection, behavior-based detection, permission analysis, and cloud-based scanning using services like Bouncer.
This document provides an overview of various internet security threats including malicious webpages, malware, viruses, spyware, and keyloggers. It defines these threats and describes how they infect systems and collect sensitive information without consent. The document also outlines approaches for detecting and preventing these threats, such as using antivirus software, practicing safe browsing habits, and implementing full-featured security solutions.
Network defenses include tools like firewalls, VPNs, and intrusion detection systems that help secure networks and protect them from cyber attacks. Firewalls act as barriers that control incoming and outgoing network traffic according to security policies. VPNs extend private networks over public networks through secure tunnels. Intrusion detection systems monitor network traffic and detect suspicious activity. Denial of service attacks aim to make network services unavailable by overwhelming them with malicious traffic. Distributed denial of service attacks use multiple compromised systems to launch large-scale attacks.
The document provides an overview of network infrastructure components including networking hardware, software, and services. It then discusses several key network protocols including TCP, IP, routing protocols, and DNS. It provides details on the OSI model and describes each layer including typical functions, protocols, and vulnerabilities. For TCP and IP, it outlines the basic operation including packet formatting, connection establishment, flow control, congestion control, and error handling.
The document discusses various topics related to web application security including authenticating users, SSL protocol, padlock icons, user interface attacks, and Pretty Good Privacy (PGP). It provides details on cookie-based and token-based authentication, how SSL works to establish encrypted links, different padlock icons and what they indicate, types of user interface attacks like clickjacking and cursorjacking, and how PGP provides authentication, confidentiality, compression and compatibility for securing emails.
This document discusses various web application security topics including SQL injection, cross-site request forgery (CSRF), cross-site scripting (XSS), session tokens, and cookies. It provides examples of each type of attack, how they work, their impact, and strategies for prevention. Specific topics covered include SQL injection examples using single quotes, comments, and dropping tables; CSRF examples using bank transfers and router configuration; and XSS examples using persistent, reflected, and DOM-based techniques.
The document discusses the basic web security model, including browser content, the document object model (DOM), and the same origin policy. It provides details on how HTTP works with requests and responses between clients and servers. It also explains how web browsers function to display web pages and render HTML content. The DOM is described as an API that allows programs to interact with HTML documents and define their structure as a hierarchical tree of objects. Event handling and the same origin policy, which restricts interactions between pages from different origins, are also summarized.
Least privilege, access control, operating system securityG Prachi
The document discusses principles of least privilege and access control concepts in operating system security. It defines security goals of confidentiality, integrity and availability known as the CIA triad. The principle of least privilege aims to limit a process's privileges to only those necessary for its execution. Access control concepts include discretionary access control where owners control access, and mandatory access control defined by security labels. A reference monitor provides complete mediation, is tamperproof, and verifiable to securely enforce access policies.
This document discusses various techniques for sandboxing untrusted code, including chroot jails, system call interposition, virtual machines, and software fault isolation. It notes that completely isolating applications is often inappropriate, as they need controlled ways to communicate. The key challenges are implementing reference monitors to enforce isolation policies and specifying the right policy for each application to define what behavior is allowed.
The document discusses fuzzing techniques for finding software vulnerabilities. It defines fuzzing as automatically feeding malformed data to a program to trigger flaws. It describes generating fuzzed test cases, delivering them to targets, and monitoring for crashes. The document outlines dumb and smart fuzzing approaches, and steps for basic fuzzing like generating test cases, monitoring targets, and determining exploitability of found issues.
This document discusses control hijacking attacks that aim to take control of a victim's machine by exploiting vulnerabilities in programs. It covers different types of attacks like buffer overflow attacks, integer overflow attacks, and format string vulnerabilities. These attacks work by injecting attack code or parameters to abuse vulnerabilities and modify memory to redirect the control flow. The document also discusses defenses like choosing programming languages with strong typing and automatic checks, auditing software, and adding runtime checks using techniques like stack canaries to detect exploits and prevent code execution.
This document provides an overview of key concepts in computer and information security. It discusses cyber security, data security, network security, and authentication, authorization and accounting (AAA). It also covers the NIST FIPS 199 standard for categorizing information systems based on potential impact, and different methodologies for modeling assets and threats such as STRIDE, PASTA, Trike and VAST. The key topics are introduced at a high level with definitions and examples to provide the essential information about common computer security concepts and frameworks.
This document discusses various legal, privacy, and ethical issues related to computer security. It begins by explaining the differences between legal and ethical issues, noting that legal issues have definitive answers determined by others, while ethical issues require determining your own course of action. The document then provides overviews of intellectual property rights like copyrights, patents, and trademarks. It explains what types of works copyright protects, how long copyright lasts, and what constitutes infringement. It also discusses how patents protect inventions and processes, not ideas. Finally, the document compares key aspects of copyright, patent, and trade secret protection.
Database security and security in networksG Prachi
The document discusses database security and network security, including security requirements for databases like reliability, integrity and access control, threats in networks like firewalls and intrusion detection systems, and issues around sensitive data in databases like inference where sensitive data can be deduced from aggregate queries and statistical databases. It also covers security models for databases including discretionary access control using views, roles and privileges and mandatory access control using security labels.
Protection in general purpose operating systemG Prachi
The document provides an overview of general purpose operating system protection. It discusses various file protection mechanisms including all-none protection, group protection, and individual permissions. It also covers user authentication methods such as passwords, biometrics, and one-time passwords. The document then examines security policies, models, and the design of trusted operating systems. It analyzes features like access control, identification, authentication, and auditing that are important for a trusted OS.
The document discusses various types of program security issues including:
1) Buffer overflow errors which occur when a program tries to store more data in a buffer than it was designed for, potentially allowing attackers to insert malicious code.
2) Incomplete mediation where programs do not properly check all user inputs, enabling attacks such as changing price values.
3) Time-of-check to time-of-use errors where access checks become out of date due to delays between the check and actual use.
The document provides an overview of elementary cryptography concepts including:
- Substitution and transposition ciphers such as Caesar cipher, Playfair cipher and Vigenère cipher. Frequency analysis and other cryptanalysis techniques are also discussed.
- The Data Encryption Standard (DES) which encrypts data in 64-bit blocks using a 56-bit key and 16 rounds of processing.
- Triple DES and issues with DES key length that led to it being broken. Linear cryptanalysis is also introduced.
- Public key encryption techniques that use asymmetric keys allowing encryption and decryption with different keys.
This document provides an introduction to computer security. It defines key security concepts like threats, vulnerabilities, and controls. It discusses common attacks like interception, interruption, and modification. It also outlines security goals of confidentiality, integrity and availability. The document examines security risks for hardware, software, data and networks, and categorizes types of computer criminals. It concludes that security aims to prevent, deter, deflect, detect and recover from harm through various defense methods.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Programming Foundation Models with DSPy - Meetup Slides
Master's Thesis
1. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
Presented by:
Prachi Gulihar
Roll No- 31603216
DEPARTMENT OF COMPUTER ENGINEERING
NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRA
Under the Supervision of:
Dr. B.B. Gupta
Assistant Professor, Department of
Computer Engineering, NIT Kurukshetra
Master of Technology Dissertation
2. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
2NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Presentation Layout
• Introduction
• Present Statistics
• Motivation
• Research Issues and Challenges
• Existing Techniques
• Proposed Methodology
• Simulation Analysis
• Results and Discussion
• Conclusions
• Future Scope
• References
3. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
3NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Introduction
• Recently, the study of economics of Internet has emerged as a fast emerging field of study
for cyber defense.
• Security professionals have realized that while designing any security mechanism it is
vital to keep in consideration the “theory of mind”.
• The concept of “tragedy of commons” and a sustainable pricing strategy is the one which
is able to cater to the competitive advantage plays an important role in distributing the
limited Internet resources.
NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
4. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
4NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
• DDoS attack is one of the biggest challenges faced by the Internet today, the largest
reported DDoS attack was of volume 400 Gpbs in year 2014.
• Nowadaysthe Internetplaysavital rolein the growthof the economyforany nation. DDoS
attacks areoneof the majorthreat that hurting this growthasit affectsthesystemsandnetwork
which usesthe Internetfortheir business work.
• Thevictims bandwidth is flooded with the excessiveamountof malicious orfaketraffic dueto
which, the victim is unableto servethe legitimate users.
Distributed Denial of Service
5. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
5NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
DoS vs DDoS Attack
6. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
6NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
30
16
8 7 6
12
4 2
10
0
10
20
30
40
DDoS attackvector frequency
Present Statistics
Types of DDoS attacks
7. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
7NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Motivation
• A very large volume of malicious traffic is produced by misbehaving users who either knowingly or unknowingly launch flooding
Distributed Denial of Service attacks from their systems.
• The ability of DDoS attack to generate massive volumes of unwanted traffic has made it one of the biggest threats the Internet is vulnerable
to , the primest marks of DDoS attack which went on for two days can be traced back to year 1999 .
Evolution of DDoS attacks
and Defense mechanisms
8. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
8NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
• There are two main characteristics because of which the DDoS defense mechanisms have been unable to provide
reliable protection.
a) inability to distinguish between the malicious traffic and benign traffic.
b) attack sources are distributed across different sites, difficult to trace them.
• The reasons for failure of security in any system are two-fold. First is the poor design and second is the poor
incentive.
• The innovative concept of online auctions as a reputation system has motivated the researchers to explore more
such options. A striking example of economic analysis was shown in January 2005 when the power of online music
sharing shifted from music vendors to individual publishers.
Motivation (Contd.)
9. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
9NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
IRC model of DDoS attack network
10. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
10NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Reflector model of DDoS
attack network
machine.
11. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
11NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Direct vs Reflective flooding mechanism
12. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
12NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
DNS Amplification Attack
13. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
13NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Smurf vs DNS Amplification
14. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
14NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
DDoS Action Cycle
15. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
15NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
e based.• order.
Local
Cache
Sibling
Cache
Parent
CacheRegional
ISPs
Backbone
ISPs
Local
ISPs
Sibling
Cache
Parent
Cache
Sibling
Cache
Hierarchy of caches in the Internet Chain of incentives in Internet
16. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
16NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Low priority
traffic
High
priority
traffic
Services
Services distribution Architecture of Policy Based Networking
17. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
17NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
e based.
Classification of Incentive Schemes
18. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
18NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Research Issues and Challenges
• Algorithm Mechanism- cheat-proof strategy based mechanisms which ensure that the illegitimate
behavior is avoided at the design level instead of rectifying after deployment.
• Fair Allocation- The issue already in scarce network resources is the exponential growth in the
number of bits used for communication which causes complexity issues even for a small group.
• Network Analysis- Conflict dynamics of any network is strongly influenced by its topology
because the robustness properties of different topologies are different.
19. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
19NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Research Issues and Challenges (Contd.)
• Degree Distribution- Focusses on why the networks with individual costs of link connectivity
which outweigh the overall community benefit are created. leads us to the open research issue of
degree distribution.
• Project Failures- Although better computer systems management tools are available to work with
larger systems, but still the failure rate remains 30%.
• Human Psychology- Designing any policy for charging the internet use is based on human
psychology in many ways. First factor is the degree of difficulty, second is the usability and third
is deception.
20. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
20NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Existing Techniques
Approach Advantages Limitations
Router based Pushback with
Client Puzzles [5]
Puzzle work load is transferred to the upstream path
routers which decreases work load of processing on
the path routers.
It is not effective in performing rate-limiting defense on the
malicious traffic inside the aggregate.
Fails to mitigate the attack traffic which is distributed within the
inbound links in a uniform manner.
Software Puzzle [6]
Attackers cannot inflate their puzzle-solving
capabilities using GPU.
Can be easily integrated with the data puzzle
schemes existing on the server side because it is
made upon a data puzzle.
Easily deployed.
Generation of puzzle at the server side makes it a time consuming
process as the victim server only has to put in time for construction
of the puzzle.
No provision for construction of the software puzzle at the client-
side.
Bitcoin Blockchain [7]
Fair client puzzles are computed independent of
power of client machine’s computing resources.
Client cannot save the puzzles to respond afterwards
at a later stage with an overwhelming count of
correct puzzle solutions at a single point of time.
Blocks in a bitcoin blockchain are generated approximately every
ten minutes which is makes it impractical for client puzzle
applications.
Outsourced puzzles [8]
Robust puzzle distribution mechanism.
Offline computation of puzzles
One server is able to compute tokens associated with other servers
resulting in diffusion of trust across other participants.
21. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
21NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Existing Techniques (Contd.)
Approach Advantages Limitations
Game Theory with Nash equilibrium
[9]
Applicable in defending both distributed and
single-source attacks.
Does not support larger payoffs to be feasible in the game.
Standard Model Client Puzzles [10]
Less number of modular multiplication
operations for puzzle generation by defending
server.
Faster cumulative verification time.
Slower puzzle generation time.
Slower solution verification time as compared to hash based
puzzles.
Aggregate congestion control
and Pushback [11] ACC rate limits the aggregates rather than IP sources Not effective against uniformly distributed attack sources
Passport [12]
Makes use of symmetric key cryptography to put
tokens on packets that verify the source
• Attackers may get capabilities from colluders
• It only prevents the hosts in one AS from spoofing the IP addresses
of other ASs
Defensive Cooperative
Overlay Mesh [13] Defense nodes collaborate and cooperate together
• Classifier nodes require an inline deployment.
• Unable to handle attacks from legacy networks.
Stateless Internet Flow Filter [14] Capability-based mechanism
• Always active
• Processing and memory costs overheads
22. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
22NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Proposed Defense Scheme
Proposed a multi-level defense approach using congestion level control and anomaly based techniques
can be explained by the following four steps which are executed in a consecutive manner of
execution:
• Detection of DDOS attack.
• Challenging the attacking sources.
• Suppression of malicious packets.
• Diverting the traffic flood.
23. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
23NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Description of the Algorithm
• In the incoming traffic, every incoming packet is placedinto its respectivemodule, accordingto the volume of
the attack traffic – normal,caution,peak.
• Ifthis volumeis lessthan the normal level then the defense mechanism is not activated and the traffic is sent to
the destination machine.
• If the volume destined towards the victim rises above the caution level, then the puzzlegenerationmoduleis
activatedwhichchecksthepacketsforPoWasauthoritytosendrequeststotheserver.Onlytheauthorizedclient
requestsareforwarded.
• Ifthevolumeoftheincomingtrafficrisesabovethepeaklevel,thenallofthetrafficisdivertedIn the incoming traffic,
every incoming packet is placedinto its respectivemodule, accordingto the volume of the attack traffic –
normal,caution,peak.
24. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
24NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
DDoS Defense using Client Puzzles
25. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
25NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer EngineeringDepartment of Computer Engineering
Input: Incoming traffic Xin
Start Vin = null;
//set initial volume metric as null
Fetch (Xin[t], Vin[t]);
If (Vin[t] < V[tx ]) //no defense
{Forward_ISP (Xin[t])}
//client puzzle P
ElseIf (V[tx] < Vin[t] < V[ty])
{
S : Generate(P);
S -> C : Send(P);
C : S=Solve(P);
C->S : Send(S);
If (S==Solution[P])
{Forward_ISP (Xin[t]);}
Else
{Forward_Garbage(Xin[t]);}}
//dynamic provisioning
Else
{Forward_DPM(Xin[t]);}
Forward_ISP (Xin[t])
{Handle (Xin[t]);}
//diversion
Forward_DPM(Xin[t])
{
Send(Xin[t]) -> PolicyHandler;
Forward(Xin[t]) -> HelpingServers;
}
//blacklisting
Forward_Garbage(Xin[t])
{Discard(Xin[t]);
SourceIP(Xin[t]) -> logServer; }
End
Pseudo Code
26. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
26NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Resource Allocation Policy
The resource allocation policy used by ORA module can be explained by the
following three phases which are executed in a consecutive manner of
execution.
• Cache server selection
• Resource allocation
• Iterative pricing
27. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
27NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Resource Allocation Policy (Contd.)
28. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
28NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Dynamic Provisioning System
29. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
29NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
ORA Module
Input: Cache servers Csi, configuration(u,m,t) Where, u= server utilization, m= free cache, t= throughput
Start WOA(u, m, t);
fitness = u + (-m) + (-b);
If m_reqd> m
m = -infinity;
Else m = absolute(m_reqd - m);
If t_reqd> t
t = -infinity;
Else t = absolute(t_reqd - t);
Add Csi ->winnerlist;
Send[winnerlist] ->Auction();
Auction() {
Fetch(Rank, winnerlist);
Utility= (bid_price – incurred_price) * 1/Rank;
Disperse_traffic[Xin] -> Max(Utility[Csi])}
For all Csi
If (Cache_NotAllocated)
{
P[next_round]=P[previousround]+Incentive[current_round];
Send(Participation_Credit P)->Csi
Update_bid()
{
New_bid= old_bid – P;
Proceed(new_bid);
}}
Else
{ Incentive[current_round]=NULL;
Proceed(old_bid); }
Stop
30. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
30NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Advantages
• Lineal Deployment: The PoW ensures easy deployment on the existing infrastructure without
any major modifications on server machine.
• On-Demand DDoS Mitigation: Defense comes under action only when the attack is happening
else remains inactive which lowers the maintenance costs.
• Non-distinguishable DDoS Defense: Proof-of-Work (PoW) scheme prioritises the connection
requests reducing the collateral damage done to the legitimate traffic due to non-filteration of
malicious traffic.
• Risk Transfer: The Risk Transfer mechanism is well suited for the securing network layer
attacks as even if the internal devices are unsecure, dynamic provisioning is enough to prevent
DDoS attacks.
31. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
31NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Advantages (Contd.)
• Combination of services: The marketplace mechanism should allow the users to express
complementary requirements
• Flexibility and predictability: The buyer desires an anticipated deal which can be modified and
adjusted with changing needs.
• Economic efficiency: The policy design should maximize the gains of the participating parties
and should minimize the wastage of the resource.
• Double-sided competition: The prices should solely depend on the condition of supply and
demand and should neither be biased to seller nor to buyer.
• Functional constraints : Socio-economic objective function needs to be combined with
constraints of the network for optimal results.
32. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
32NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Simulation Analysis
• Basic network to test flooding attack is set up with the help of Network
Simulator 2.
• Anticipation of mitigation rate of the proposed framework is done under two
conditions, firstly when the defense mechanism is in place and secondly,
without it.
• A heterogeneous network comprising of different types of traffic is taken, and
defense is done under three attack load condition of the network traffic.
33. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
33NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Simulation Analysis (Contd.)
• Simulation of the model is tested under the two types of DDoS attack: TCP flood and
UDP flood.
• In Dynamic Provisioning Module simulation, minimum charge policy in kept in policy
handler.
• The schedule of workflows is preprocessed in MATLAB R2013a and is fed to the whale
algorithm and the results are stored in a CSV file which is inputted to the AA using
Engine API.
34. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
34NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
MATLAB screenshot
35. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
35NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
AA screenshot
36. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
36NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
NS2 screenshot
37. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
37NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Detection Rate vs. Number if Iterations
Results and Discussions
84
86
88
90
92
94
96
98
100
100 200 300 400 500 600 700 800 900 1000
DetectionRate(%)
No. Of Iterations
38. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
38NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Throughput vs. Number of Iterations
Results and Discussions (Contd.)
0
100
200
300
400
500
600
700
800
900
1,000
100 200 300 400 500 600 700 800 900 1000
Throughput(kbps)
No. Of Iterations
39. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
39NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
ure 4.4. Optimization results of the proposed approach
Balanced sharing of diverted traffic
0
500
1,000
1,500
2,000
2,500
-200 -160 -120 -80 -40 0 40 80 120 160 200
CacheTraded(inmb)
Difference in number of servers and clients
Balanced
Excess
Shortage
Results and Discussions (Contd.)
40. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
40NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Auction results of the proposed approach
ure 4.4. Optimization results of the proposed approach
Results and Discussions (Contd.)
41. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
41NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
0
100
200
300
400
500
600
700
0 1 2 3 4 5 6 7 8 9 10
VolumeofPackets
Simulation Time
Benign Packets
After Defense
Before Defense
Volume of Packets vs Simulation Time for Benign Packets
Results and Discussions (Contd.)
42. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
42NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Volume of Packets vs Simulation Time for Malicious Packets
0
100
200
300
400
500
600
700
800
900
1000
1 2 3 4 5 6 7 8 9 10
VolumeofPackets
Simulation Time
Malicious Packets
After Defense
Before Defense
Results and Discussions (Contd.)
43. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
43NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Conclusions
• This method authenticates and permits only the authoritative clients to gain access to the services offered by the
server using client puzzles as Proof-of-Work (PoW).
• This volume based activation of defense scheme ensures the design goal of on-demand mitigation.
• The proposed resource allocation mechanism distributes the free cache resource fairly, efficiently and with
incentives to participate in collaborative defense mechanism.
• Whale optimization algorithm finds out the cache servers in best position to help and makes the allocation optimal.
• Continuous double auction scheme ensures fair collaboration by allowing the both victim server and helping servers
to offers bids.
44. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
44NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Future Scope
• Our future work will be focused on testing the proposed approach in the
real-time environment, as well with more attack scenarios.
• The research problem of helping servers allowing others to use their
machine in DDoS defense for money is an interesting part to investigate.
45. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
45NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
1. Prachi Gulihar and B.B. Gupta, “Anomaly based Mitigation of Volumetric DDoS Attack Using Client Puzzle as
Proof-of-Work” in the Proceedings of IEEE 3rd International Conference on Recent Trends in Electronics,
Information & Communication Technology (RTEICT), Bangalore, May 2018.
2. Prachi Gulihar and B.B. Gupta, “Cooperative Mitigation of DDoS Attacks Using an Optimized Auction Scheme
on Cache Servers” in the Proceedings of the 2nd International Conference on Advanced Informatics for Computing
Research (ICAICR), Springer, Shimla, July 2018.
3. Prachi Gulihar and B.B. Gupta, “Taxonomy of Payment Structures and Economic Incentive Schemes in
Internet” in the Journal of Information Technology Research (JITR), 2019.
4. Prachi Gulihar and B.B. Gupta, “Classification of Cooperative Distributed Denial of Service Defense (DDoS)
Schemes” in the Handbook of Computer Networks and Cyber Security (CNCS): Principles and Paradigms,
Multimedia Systems and Applications, Springer, 2019.
List of Publications
NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
46. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
46NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
References
[1] Gupta, B. B., Joshi, R. C., &Misra, M. (2009). Defending against distributed denial of service attacks: issues and challenges. Information Security
Journal: A Global Perspective, 18(5), 224-247.
[2] Khor, S. H.. “Deployable Mechanisms for Distributed Denial-of-Service (DDoS) Attack Mitigation” , 2010.
[3] Kumarasamy, Saravanan, and R. Asokan. "Distributed Denial of Service (DDoS) Attacks Detection Mechanism." arXiv preprint
arXiv:1201.2007 , 2012.
[4] Wu, Yongdong, et al. "Software puzzle: A countermeasure to resource-inflated denial-of-service attacks." IEEE Transactions on Information
forensics and security 10.1, 2015: 168-177.
[5] Boyd, Colin, and Christopher Carr. "Fair client puzzles from the bitcoin blockchain." Australasian Conference on Information Security and
Privacy. Springer, Cham, 2016.
[6] Wu, Y., Zhao, Z., Bao, F., & Deng, R. H. (2015). Software puzzle: A countermeasure to resource-inflated denial-of-service attacks. IEEE
Transactions on Information forensics and security, 10(1), 168-177.
[7] Rodrigues, B., Bocek, T., & Stiller, B. (2017). Enabling a Cooperative, Multi-domain DDoS Defense by a Blockchain Signaling System
(BloSS). Semantic Scholar.
[8] Waters, Brent, et al. "New client puzzle outsourcing techniques for DoS resistance." Proceedings of the 11th ACM conference on Computer and
communications security. ACM, 2004.
47. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
47NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
[9] Fallah, M. (2010). A puzzle-based defense strategy against flooding attacks using game theory. IEEE transactions on dependable and secure
computing, 7(1), 5-19.
[10] Kuppusamy, Lakshmi, et al. "Practical client puzzles in the standard model." Proceedings of the 7th ACM Symposium on Information,
Computer and Communications Security. ACM, 2012
[11] R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, Controlling high bandwidth aggregates in the network,
presented at Computer Communication Review, pp.62-73, 2002.
[12] S. Kandula, D. Katabi, M. Jacob, and A. W. BergerBotz-4-sale: Surviving organized ddos attacks that mimic flash crowds, in Proc. Of
Symposium on Networked Systems Design and Implementation (NSDI), Boston, May 2005.
[13] J. Mirkovic, P. Reiher, and M. Robinson, Forming Alliance for DDoS Defense, in Proc. of New Security Paradigms Workshop, Centro
Stefano Francini, Ascona, Switzerland, 2003.
[14] B. K. Szymanski, "Auction as a Dynamic Pricing Mechanism for E-Services", Service Enterprise Integration, Chapter 5, Edited by Cheng
Hsu, Springer Science and Business Media, LLC, New York, 2006.
[15] Kalkan, K., &Alagöz, F. (2016). A distributed filtering mechanism against DDoS attacks: ScoreForCore. Computer Networks, 108, 199-209.
[16] Shuai, C., Jiang, J., & Ouyang, X. (2012). A lightweight cooperative detection framework of DDoS/DoS attacks based on counting bloom
filter. Journal of Theoretical & Applied Information Technology, 45(1).
References (Contd.)
48. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
48NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
References (Contd.)
[17] Fortier, D., Spradlin, J. C., Sigroha, P., & Fulton, A. (2014). U.S. Patent No. 8,909,751. Washington, DC: U.S. Patent and
Trademark Office
[18] Mirjalili, S., & Lewis, A. (2016). The whale optimization algorithm. Advances in Engineering Software, 95-100.
[19] Jang, M. W. (2004). The actor architecture manual. Department of Computer Science, University of Illinois at Urbana-Champaign.
[20] A. Iosup, H. Li, M. Jan, S. Anoep, C. Dumitrescu, L. Wolters, and D. H. J. Epem (2008). “The grid workloads archive,” FGCS,
vol. 24, no. 7, pp. 672–686.
[21] Fallah, Mehran. "A puzzle-based defense strategy against flooding attacks using game theory." IEEE transactions on dependable
and secure computing 7.1 , 2010: 5-19.
[22] Fujiwara, I. (2012). Study on combinatorial auction mechanism for resource allocation in cloud computing
[23] Britton T., Liu-Johnston I., Cugnière I., Gupta S., Rodriguez D., Barbier J., & Tricaud, S. Analysis of 24 Hours Internet Attacks.
environment.
NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
49. Cooperative Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks
INTRODUCTION LITERATURE REVIEW PROPOSED METHODOLOGY RESULT ANALYSIS CONCLUSION FUTURE WORK REFERENCES<<
49NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering
Thank You for
Your Attention!
Q/A
NATIONAL INSTITUTE OF TECHNOLOGY, KURUKSHETRADepartment of Computer Engineering