The document describes a tool called XDoser that was developed to test system load capacity using denial of service features. XDoser uses HTTP flood attacks by continuously sending HTTP POST requests to a server, overloading it with processing-intensive requests. Testing showed XDoser was more effective at overwhelming a test server than other DoS tools, with the server failing over 80% of XDoser requests within a set time frame. However, XDoser's effectiveness decreased with longer testing durations and it had issues maintaining connections.
This document summarizes research analyzing the impact of distributed denial of service (DDoS) attacks on file transfer protocol (FTP) services. The researchers created a test network topology in the DETER cybersecurity testbed to simulate FTP traffic between clients and a server. They launched various DDoS attack types against the FTP server to measure the impact on network performance metrics like throughput, link utilization, and packet survival ratio. The attacks were found to degrade these metrics and disrupt the FTP services. The study provides insights into how DDoS attacks negatively impact network services like FTP.
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
Distributed Denial of Service (DDoS) attacks today
have been amplified into gigabits volume with
broadband Internet access; at the same time, the us
e of more powerful botnets and common DDoS
mitigation and protection solutions implemented in
small and large organizations’ networks and servers
are no longer effective. Our survey provides an in-
depth study on the current largest DNS reflection a
ttack
with more than 300 Gbps on Spamhaus.org. We have re
viewed and analysed the current most popular
DDoS attack types that are launched by the hacktivi
sts. Lastly, effective cloud-based DDoS mitigation
and
protection techniques proposed by both academic res
earchers and large commercial cloud-based DDoS
service providers are discussed
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO
LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH
ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN
DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY
CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER
WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Augmented split –protocol; an ultimate d do s defenderijcsa
Distributed Denials of Service (DDoS) attacks have become the daunting problem for businesses, state
administrator and computer system users. Prevention and detection of a DDoS attack is a major research
topic for researchers throughout the world. As new remedies are developed to prevent or mitigate DDoS
attacks, invaders are continually evolving new methods to circumvent these new procedures. In this paper,
we describe various DDoS attack mechanisms, categories, scope of DDoS attacks and their existing
countermeasures. In response, we propose to introduce DDoS resistant Augmented Split-protocol (ASp).
The migratory nature and role changeover ability of servers in Split-protocol architecture will avoid
bottleneck at the server side. It also offers the unique ability to avoid server saturation and compromise
from DDoS attacks. The goal of this paper is to present the concept and performance of (ASp) as a
defensive tool against DDoS attacks.
Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEMcscpconf
DDoS attack is a distributed source but coordinated Internet security threat that attackers either degrade or disrupt a shared service to legitimate users. It uses various methods to inflict damages on limited resources. It can be broadly classified as: flood and semantic (logic) attacks. DDoS attacking mechanisms vary from time to time and simple but powerful attacking tools are freely available on the Internet. There have been many trials on defending victims from DDoS attacks. However, many of the previous attack prevention systems lack effective handling of various attacking mechanisms and protecting legitimate users from collateral damages during detection and protection. In this paper, we proposed a distributed but synchronized DDoS defense architecture by using multiple agents, which are autonomous systems that perform their assigned mission in other networks on behalf of the victim. The major assignments of defense agents are IP spoofing verification, high traffic rate limitation, anomaly packet detection, and attack source detection.These tasks are distributed through four agents that are deployed on different domain networks. The proposed solution was tested through simulation with sample attack scenarios on the model Internet topology. The experiments showed encouraging results. A more comprehensive attack protection and legitimate users prevention from collateral damages makes this system more effective than other previous works.
This document summarizes research analyzing the impact of distributed denial of service (DDoS) attacks on file transfer protocol (FTP) services. The researchers created a test network topology in the DETER cybersecurity testbed to simulate FTP traffic between clients and a server. They launched various DDoS attack types against the FTP server to measure the impact on network performance metrics like throughput, link utilization, and packet survival ratio. The attacks were found to degrade these metrics and disrupt the FTP services. The study provides insights into how DDoS attacks negatively impact network services like FTP.
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
Distributed Denial of Service (DDoS) attacks today
have been amplified into gigabits volume with
broadband Internet access; at the same time, the us
e of more powerful botnets and common DDoS
mitigation and protection solutions implemented in
small and large organizations’ networks and servers
are no longer effective. Our survey provides an in-
depth study on the current largest DNS reflection a
ttack
with more than 300 Gbps on Spamhaus.org. We have re
viewed and analysed the current most popular
DDoS attack types that are launched by the hacktivi
sts. Lastly, effective cloud-based DDoS mitigation
and
protection techniques proposed by both academic res
earchers and large commercial cloud-based DDoS
service providers are discussed
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO
LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH
ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN
DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY
CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER
WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Augmented split –protocol; an ultimate d do s defenderijcsa
Distributed Denials of Service (DDoS) attacks have become the daunting problem for businesses, state
administrator and computer system users. Prevention and detection of a DDoS attack is a major research
topic for researchers throughout the world. As new remedies are developed to prevent or mitigate DDoS
attacks, invaders are continually evolving new methods to circumvent these new procedures. In this paper,
we describe various DDoS attack mechanisms, categories, scope of DDoS attacks and their existing
countermeasures. In response, we propose to introduce DDoS resistant Augmented Split-protocol (ASp).
The migratory nature and role changeover ability of servers in Split-protocol architecture will avoid
bottleneck at the server side. It also offers the unique ability to avoid server saturation and compromise
from DDoS attacks. The goal of this paper is to present the concept and performance of (ASp) as a
defensive tool against DDoS attacks.
Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEMcscpconf
DDoS attack is a distributed source but coordinated Internet security threat that attackers either degrade or disrupt a shared service to legitimate users. It uses various methods to inflict damages on limited resources. It can be broadly classified as: flood and semantic (logic) attacks. DDoS attacking mechanisms vary from time to time and simple but powerful attacking tools are freely available on the Internet. There have been many trials on defending victims from DDoS attacks. However, many of the previous attack prevention systems lack effective handling of various attacking mechanisms and protecting legitimate users from collateral damages during detection and protection. In this paper, we proposed a distributed but synchronized DDoS defense architecture by using multiple agents, which are autonomous systems that perform their assigned mission in other networks on behalf of the victim. The major assignments of defense agents are IP spoofing verification, high traffic rate limitation, anomaly packet detection, and attack source detection.These tasks are distributed through four agents that are deployed on different domain networks. The proposed solution was tested through simulation with sample attack scenarios on the model Internet topology. The experiments showed encouraging results. A more comprehensive attack protection and legitimate users prevention from collateral damages makes this system more effective than other previous works.
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...cscpconf
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. Recently,
there are an increasing number of DDoS attacks against online services and Web applications.
These attacks are targeting the application level. Detecting application layer DDOS attack is
not an easy task. A more sophisticated mechanism is required to distinguish the malicious flow
from the legitimate ones. This paper proposes a detection scheme based on the information
theory based metrics. The proposed scheme has two phases: Behaviour monitoring and
Detection. In the first phase, the Web user browsing behaviour (HTTP request rate, page
viewing time and sequence of the requested objects) is captured from the system log during nonattack
cases. Based on the observation, Entropy of requests per session and the trust score for
each user is calculated. In the detection phase, the suspicious requests are identified based on
the variation in entropy and a rate limiter is introduced to downgrade services to malicious
users. In addition, a scheduler is included to schedule the session based on the trust score of the
user and the system workload.
This document is a dissertation submitted by Ameya Vashishth in partial fulfillment of a Bachelor of Technology degree. It discusses denial of service (DoS) attacks and mitigation techniques. The dissertation provides an overview of DoS attacks, describes different types of attacks like Smurf, ping flood, TCP SYN flood and UDP flood. It also discusses distributed DoS attacks and recommended tools to perform DDoS attacks. The document concludes with discussing various countermeasures that can be used to mitigate DoS and DDoS attacks.
This document summarizes DDoS threat trends from 2013 to early 2014 based on attacks seen by Incapsula. Key findings include:
- 81% of network attacks in the last 90 days used multiple vectors simultaneously, with over a third employing 3 or more vectors. This multi-vector approach allows attackers to bypass defenses.
- Large SYN floods combined with regular SYN floods ("SYN combo attacks") accounted for around 75% of large-scale network attacks above 20Gbps.
- NTP amplification attacks increased significantly in early 2014 and became the most common vector for large attacks in February 2014.
- Application layer attacks increased 240% from 2013, with over half originating from India, China, and Iran
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET Journal
This document proposes a method to detect HTTP GET flooding DDoS attacks in cloud computing environments using MapReduce processing. It involves integrating abnormal HTTP request detection rules analyzed through statistical analysis and thresholds into MapReduce. Suspected IP addresses are sent challenge values, and IP addresses that provide normal responses are initially allowed while abnormal responses are filtered for a period of time. MapReduce is used to analyze packet data and detect abnormal GET requests based on factors like the IP, port, and URI to identify malicious traffic patterns characteristic of DDoS attacks. The goal is to ensure availability of target systems and reliable detection of HTTP GET flooding attacks in cloud services.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Impact of Flash Crowd Attack in Online Retail ApplicationsIJEACS
This document discusses flash crowd attacks on online retail applications. It begins by introducing denial of service (DoS) and distributed denial of service (DDoS) attacks. It then explains that flash crowd attacks are a type of DDoS attack that aims to overwhelm servers with legitimate-looking requests. The document outlines the network model used to simulate flash crowd attacks and presents results analyzing the impact on server energy levels. It finds that as the number of requests increases, servers experience decreased energy and lifetime. The study aims to minimize these attacks by having servers identify real clients to prioritize sending responses.
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTIONIJNSA Journal
In the study of network intrusion, much attention has been drawn to on-time detection of intrusion to safeguard public and private interest and to capture the law-breakers. Even though various methods have been found in literature, some situations warrant us to determine intrusions of network in real-time to prevent further undue harm to the computer network as and when they occur. This approach helps detect the intrusion and has a greater potential to apprehend the law-breaker. The purpose of this article is to formulate a method to this effect that is based on the statistical quality control techniques widely used in the manufacturing and production processes.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
This document discusses using an enhanced support vector machine (ESVM) to detect and classify distributed denial of service (DDoS) attacks. The ESVM is trained on normal user access behavior attributes and then tests samples of application layer attacks like HTTP flooding and network layer attacks like TCP flooding. It aims to classify these attacks with high accuracy, over 99%. An interactive detection and classification system architecture is proposed that takes DDoS attack samples as input for the ESVM and cross-validates them against normal traffic training samples to identify anomalies.
The document discusses distributed denial of service (DDoS) attacks, including how they work, common tools and methods used, and examples of recent large-scale DDoS attacks. It provides details on how botnets are used to overwhelm websites and infrastructure with malicious traffic. Specific DDoS attack types like UDP floods, SYN floods, and reflection attacks are outlined. Recent large attacks are described, such as those targeting bitcoin exchanges, social trading platforms, and Hong Kong voting sites ahead of a civil referendum.
Detection of the botnets’ low-rate DDoS attacks based on self-similarity IJECEIAES
An article presents the approach for the botnets’ low-rate a DDoS-attacks detection based on the botnet’s behavior in the network. Detection process involves the analysis of the network traffic, generated by the botnets’ low-rate DDoS attack. Proposed technique is the part of botnets detection system–BotGRABBER system. The novelty of the paper is that the low-rate DDoS-attacks detection involves not only the network features, inherent to the botnets, but also network traffic self-similarity analysis, which is defined with the use of Hurst coefficient. Detection process consists of the knowledge formation based on the features that may indicate low-rate DDoS attack performed by a botnet; network monitoring, which analyzes information obtained from the network and making conclusion about possible DDoS attack in the network; and the appliance of the security scenario for the corporate area network’s infrastructure in the situation of low-rate attacks.
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
When service system is under DDoS attacks, it is important to detect anomaly signature at starting time of attack for timely applying prevention solutions. However, early DDoS detection is difficult task because the velocity of DDoS attacks is very high. This paper proposes a DDoS attack detection method by modeling service system as M/G/R PS queue and calculating monitoring parameters based on the model in odder to
early detect symptom of DDoS attacks. The proposed method is validated by experimental system and it gives good results.
A Distributed Approach to Defend Web Service from DDoS AttacksCSCJournals
Most of the business applications on the Internet are dependent on web services for their transactions. Distributed denial of service (DDoS) attacks either degrade or completely disrupt web services by sending flood of packets and requests towards the victim web servers. An array of defense schemes are proposed but still defending web service from DDoS attacks is largely an unsolvable problem so far. In this paper, DDoS defense schemes are classified into centralized and distributed and their relative advantages and disadvantages are explored. An ISP based distributed approach is a pragmatic solution to defend from DDoS attacks due to its autonomous control, more resources, and incremental scope. Traffic cluster entropy is conceptualized from source address entropy and the combination is used to detect various types of DDoS attacks against the web service. A framework is proposed which can detect the attack, characterize attack sources, and filter the attack packets as early as possible so as to minimize the collateral damage
DDOS Attacks-A Stealthy Way of Implementation and DetectionIJRES Journal
Cloud Computing is a new paradigm provides various host service [paas, saas, Iaas over the internet.
According to a self-service,on-demand and pay as you use business model,the customers will obtain the cloud
resources and services.It is a virtual shared service.Cloud Computing has three basic abstraction layers System
layer(Virtual Machine abstraction of a server),Platform layer(A virtualized operating system, database and
webserver of a server and Application layer(It includes Web Applications).Denial of Service attack is an attempt
to make a machine or network resource unavailable to the intended user. In DOS a user or organization is
deprived of the services of a resource they would normally expect to have.A Successful DOS attack is a highly
noticeable event impacting the entire online user base.DOS attack is found by First Mathematical Metrical
Method (Rate Controlling,Timing Window,Worst Case and Pattern Matching)DOS attack not only affect the
Quality of the service and also affect the performance of the server. DDOS attacks are launched from Botnet-A
large Cluster of Connected device(cellphone,pc or router) infected with malware that allow remote control by an
attacker. Intruder using SIPDAS in DDOS to perform attack.SIPDAS attack strategies are detected using Heap
Space Monitoring Algorithm.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Distributed reflection denial of service attack: A critical review IJECEIAES
As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
This document summarizes a survey on distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANETs). It begins by introducing MANETs and some of the key security issues they face, including DDoS attacks. It then discusses different types of DDoS attacks like flooding and amplification/reflection attacks. The document proposes a new defense scheme against amplification attacks, which exploit protocols like DNS and NTP to amplify traffic. It describes using the Network Security Simulator to model and simulate DDoS attacks with master, zombie, and server entities to evaluate defense techniques and compare the impact of protocols like DNS and NTP.
This document summarizes methods for protecting against distributed denial of service (DDoS) attacks. It discusses traditional DDoS attack methods like ICMP floods and SYN floods. It also describes more advanced distributed techniques used by botsnets, including Trinoo, Tribe Flood Network, Stacheldraht, Shaft, and TFN2K. The document recommends ways to safeguard a network, such as using load balancing across multiple servers, increasing bandwidth capacity, and securing the DNS server. Protecting the network requires understanding various DDoS attack types and deployment of appropriate defenses.
This document presents a case study on the impact of denial of service (DoS) attacks on cloud applications. It begins with an introduction to cloud computing and discusses how DoS and distributed DoS (DDoS) attacks are major security threats. The paper then reviews DoS and DDoS attacks, including their objectives to overwhelm resources or exploit vulnerabilities. Next, it discusses defense strategies against such attacks. Finally, the document describes how the case study will measure the stability of a questionnaire using Cronbach's alpha and determine the impact of related variables on the results using stepwise multiple linear regression analysis and Spearman correlation.
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of nodes that interrelate with each other for switch over the information. This information is necessary for that node is reserved confidentially. Attacker in the system may capture this private information and distorted. So security is the major issue. There are several security attacks in network. One of the major intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two different behaviors they may happen obviously or it may due to some attackers .Various schemes are developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...cscpconf
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. Recently,
there are an increasing number of DDoS attacks against online services and Web applications.
These attacks are targeting the application level. Detecting application layer DDOS attack is
not an easy task. A more sophisticated mechanism is required to distinguish the malicious flow
from the legitimate ones. This paper proposes a detection scheme based on the information
theory based metrics. The proposed scheme has two phases: Behaviour monitoring and
Detection. In the first phase, the Web user browsing behaviour (HTTP request rate, page
viewing time and sequence of the requested objects) is captured from the system log during nonattack
cases. Based on the observation, Entropy of requests per session and the trust score for
each user is calculated. In the detection phase, the suspicious requests are identified based on
the variation in entropy and a rate limiter is introduced to downgrade services to malicious
users. In addition, a scheduler is included to schedule the session based on the trust score of the
user and the system workload.
This document is a dissertation submitted by Ameya Vashishth in partial fulfillment of a Bachelor of Technology degree. It discusses denial of service (DoS) attacks and mitigation techniques. The dissertation provides an overview of DoS attacks, describes different types of attacks like Smurf, ping flood, TCP SYN flood and UDP flood. It also discusses distributed DoS attacks and recommended tools to perform DDoS attacks. The document concludes with discussing various countermeasures that can be used to mitigate DoS and DDoS attacks.
This document summarizes DDoS threat trends from 2013 to early 2014 based on attacks seen by Incapsula. Key findings include:
- 81% of network attacks in the last 90 days used multiple vectors simultaneously, with over a third employing 3 or more vectors. This multi-vector approach allows attackers to bypass defenses.
- Large SYN floods combined with regular SYN floods ("SYN combo attacks") accounted for around 75% of large-scale network attacks above 20Gbps.
- NTP amplification attacks increased significantly in early 2014 and became the most common vector for large attacks in February 2014.
- Application layer attacks increased 240% from 2013, with over half originating from India, China, and Iran
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET Journal
This document proposes a method to detect HTTP GET flooding DDoS attacks in cloud computing environments using MapReduce processing. It involves integrating abnormal HTTP request detection rules analyzed through statistical analysis and thresholds into MapReduce. Suspected IP addresses are sent challenge values, and IP addresses that provide normal responses are initially allowed while abnormal responses are filtered for a period of time. MapReduce is used to analyze packet data and detect abnormal GET requests based on factors like the IP, port, and URI to identify malicious traffic patterns characteristic of DDoS attacks. The goal is to ensure availability of target systems and reliable detection of HTTP GET flooding attacks in cloud services.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Impact of Flash Crowd Attack in Online Retail ApplicationsIJEACS
This document discusses flash crowd attacks on online retail applications. It begins by introducing denial of service (DoS) and distributed denial of service (DDoS) attacks. It then explains that flash crowd attacks are a type of DDoS attack that aims to overwhelm servers with legitimate-looking requests. The document outlines the network model used to simulate flash crowd attacks and presents results analyzing the impact on server energy levels. It finds that as the number of requests increases, servers experience decreased energy and lifetime. The study aims to minimize these attacks by having servers identify real clients to prioritize sending responses.
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTIONIJNSA Journal
In the study of network intrusion, much attention has been drawn to on-time detection of intrusion to safeguard public and private interest and to capture the law-breakers. Even though various methods have been found in literature, some situations warrant us to determine intrusions of network in real-time to prevent further undue harm to the computer network as and when they occur. This approach helps detect the intrusion and has a greater potential to apprehend the law-breaker. The purpose of this article is to formulate a method to this effect that is based on the statistical quality control techniques widely used in the manufacturing and production processes.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
This document discusses using an enhanced support vector machine (ESVM) to detect and classify distributed denial of service (DDoS) attacks. The ESVM is trained on normal user access behavior attributes and then tests samples of application layer attacks like HTTP flooding and network layer attacks like TCP flooding. It aims to classify these attacks with high accuracy, over 99%. An interactive detection and classification system architecture is proposed that takes DDoS attack samples as input for the ESVM and cross-validates them against normal traffic training samples to identify anomalies.
The document discusses distributed denial of service (DDoS) attacks, including how they work, common tools and methods used, and examples of recent large-scale DDoS attacks. It provides details on how botnets are used to overwhelm websites and infrastructure with malicious traffic. Specific DDoS attack types like UDP floods, SYN floods, and reflection attacks are outlined. Recent large attacks are described, such as those targeting bitcoin exchanges, social trading platforms, and Hong Kong voting sites ahead of a civil referendum.
Detection of the botnets’ low-rate DDoS attacks based on self-similarity IJECEIAES
An article presents the approach for the botnets’ low-rate a DDoS-attacks detection based on the botnet’s behavior in the network. Detection process involves the analysis of the network traffic, generated by the botnets’ low-rate DDoS attack. Proposed technique is the part of botnets detection system–BotGRABBER system. The novelty of the paper is that the low-rate DDoS-attacks detection involves not only the network features, inherent to the botnets, but also network traffic self-similarity analysis, which is defined with the use of Hurst coefficient. Detection process consists of the knowledge formation based on the features that may indicate low-rate DDoS attack performed by a botnet; network monitoring, which analyzes information obtained from the network and making conclusion about possible DDoS attack in the network; and the appliance of the security scenario for the corporate area network’s infrastructure in the situation of low-rate attacks.
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
When service system is under DDoS attacks, it is important to detect anomaly signature at starting time of attack for timely applying prevention solutions. However, early DDoS detection is difficult task because the velocity of DDoS attacks is very high. This paper proposes a DDoS attack detection method by modeling service system as M/G/R PS queue and calculating monitoring parameters based on the model in odder to
early detect symptom of DDoS attacks. The proposed method is validated by experimental system and it gives good results.
A Distributed Approach to Defend Web Service from DDoS AttacksCSCJournals
Most of the business applications on the Internet are dependent on web services for their transactions. Distributed denial of service (DDoS) attacks either degrade or completely disrupt web services by sending flood of packets and requests towards the victim web servers. An array of defense schemes are proposed but still defending web service from DDoS attacks is largely an unsolvable problem so far. In this paper, DDoS defense schemes are classified into centralized and distributed and their relative advantages and disadvantages are explored. An ISP based distributed approach is a pragmatic solution to defend from DDoS attacks due to its autonomous control, more resources, and incremental scope. Traffic cluster entropy is conceptualized from source address entropy and the combination is used to detect various types of DDoS attacks against the web service. A framework is proposed which can detect the attack, characterize attack sources, and filter the attack packets as early as possible so as to minimize the collateral damage
DDOS Attacks-A Stealthy Way of Implementation and DetectionIJRES Journal
Cloud Computing is a new paradigm provides various host service [paas, saas, Iaas over the internet.
According to a self-service,on-demand and pay as you use business model,the customers will obtain the cloud
resources and services.It is a virtual shared service.Cloud Computing has three basic abstraction layers System
layer(Virtual Machine abstraction of a server),Platform layer(A virtualized operating system, database and
webserver of a server and Application layer(It includes Web Applications).Denial of Service attack is an attempt
to make a machine or network resource unavailable to the intended user. In DOS a user or organization is
deprived of the services of a resource they would normally expect to have.A Successful DOS attack is a highly
noticeable event impacting the entire online user base.DOS attack is found by First Mathematical Metrical
Method (Rate Controlling,Timing Window,Worst Case and Pattern Matching)DOS attack not only affect the
Quality of the service and also affect the performance of the server. DDOS attacks are launched from Botnet-A
large Cluster of Connected device(cellphone,pc or router) infected with malware that allow remote control by an
attacker. Intruder using SIPDAS in DDOS to perform attack.SIPDAS attack strategies are detected using Heap
Space Monitoring Algorithm.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Distributed reflection denial of service attack: A critical review IJECEIAES
As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
This document summarizes a survey on distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANETs). It begins by introducing MANETs and some of the key security issues they face, including DDoS attacks. It then discusses different types of DDoS attacks like flooding and amplification/reflection attacks. The document proposes a new defense scheme against amplification attacks, which exploit protocols like DNS and NTP to amplify traffic. It describes using the Network Security Simulator to model and simulate DDoS attacks with master, zombie, and server entities to evaluate defense techniques and compare the impact of protocols like DNS and NTP.
This document summarizes methods for protecting against distributed denial of service (DDoS) attacks. It discusses traditional DDoS attack methods like ICMP floods and SYN floods. It also describes more advanced distributed techniques used by botsnets, including Trinoo, Tribe Flood Network, Stacheldraht, Shaft, and TFN2K. The document recommends ways to safeguard a network, such as using load balancing across multiple servers, increasing bandwidth capacity, and securing the DNS server. Protecting the network requires understanding various DDoS attack types and deployment of appropriate defenses.
This document presents a case study on the impact of denial of service (DoS) attacks on cloud applications. It begins with an introduction to cloud computing and discusses how DoS and distributed DoS (DDoS) attacks are major security threats. The paper then reviews DoS and DDoS attacks, including their objectives to overwhelm resources or exploit vulnerabilities. Next, it discusses defense strategies against such attacks. Finally, the document describes how the case study will measure the stability of a questionnaire using Cronbach's alpha and determine the impact of related variables on the results using stepwise multiple linear regression analysis and Spearman correlation.
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of nodes that interrelate with each other for switch over the information. This information is necessary for that node is reserved confidentially. Attacker in the system may capture this private information and distorted. So security is the major issue. There are several security attacks in network. One of the major intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two different behaviors they may happen obviously or it may due to some attackers .Various schemes are developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
This document discusses Akamai's cloud security solutions for web, DNS, and infrastructure security. It outlines the changing threat landscape, including the growing size of denial-of-service attacks and shift to application layer attacks targeting data theft. It then reviews common on-premise, ISP, and cloud-based security approaches before detailing Akamai's intelligent platform and specific product offerings, including Kona Site Defender, Prolexic Routed, and Fast DNS. The platform is designed to defend against network and application layer DDoS attacks and data theft through a global cloud architecture with multiple layers of defense and integrated threat intelligence.
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
1) The document proposes a method for early detection of DDoS attacks by modeling a service system as an M/G/R processor sharing queue.
2) It calculates monitoring parameters based on the queue model in order to detect symptoms of DDoS attacks early.
3) Experimental results show the proposed method detects DDoS attacks with high true positive and true negative rates compared to an entropy-based detection method.
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
1) The document proposes a method for early detection of DDoS attacks based on modeling a service system as an M/G/R processor sharing queue.
2) It involves sampling system resources over time, calculating resource utilization and variance parameters, and comparing a degradation index to a threshold to detect anomalous degradation indicative of an attack.
3) Experimental results show the proposed method achieved higher rates of true positives and true negatives for DDoS detection compared to an entropy-based detection method, demonstrating its effectiveness at early detection.
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
Abstract Today, Internet is the primary medium for communication which is used by number of users across the Network. At the same time, its commercial nature is causing increase vulnerability to enhance cyber crimes and there has been an enormous increase in the number of DDOS (distributed denial of service attack) attacks on the internet over the past decade. Whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. Network resources such as network bandwidth, web servers and network switches are mostly the victims of DDoS attacks. In this paper different types of DDoS attacks has been studied, a dumb-bell topology have been created and effect of UDP flooding attacks has been analyzed on web service by using attack tools available in DETER testbed. Throughput of web server is analyzed with and without DDoS attacks.
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
Cloud computing has attracted users due to high speed and bandwidth of the internet. The e-commerce systems are best utilizing the cloud computing. The cloud can be accessed by a password and username and is completely dependent upon the internet. The threats to confidentiality, integrity, authentication and other vulnerabilities that are associated with the internet are also associated with cloud. The internet and cloud can be secured from threats by ensuring proper security and authorization. The channel between user and cloud server must be secured with a proper authorization mechanism. The research has been carried out and different models have been proposed by the authors to ensure the security of clouds. In this paper, we have critically analyzed the already published literature on the security and authorization of the internet and cloud.
ddo-s attacks in cloud computing issued taxonomy and future directionmoataz82
This document summarizes research on DDoS attacks in cloud computing. It begins with an introduction to the issues of DDoS attacks in cloud environments and the need for cloud-specific solutions. The document then presents a survey of contributions related to characterization, prevention, detection and mitigation of DDoS attacks in clouds. It develops a taxonomy to classify different solution approaches and identifies weaknesses that need to be addressed. It concludes by outlining design aspects for effective cloud-based DDoS attack solutions and provides evaluation metrics for comparing solutions.
Q-learning based distributed denial of service detectionIJECEIAES
This document summarizes a research paper that proposes a new approach for detecting distributed denial of service (DDoS) attacks in software-defined networks using Q-learning. The proposed approach uses entropy detection and Q-learning to enhance detection and reduce false positives and negatives. Results show the approach detects DDoS attacks faster than entropy detection alone and ensures service continuity for legitimate users by redirecting traffic. The approach increases throughput by up to 50% compared to other methods.
This document discusses distributed denial of service (DDoS) attacks. It begins by defining DDoS attacks as using numerous compromised systems, or "zombie machines", to launch a coordinated attack against a target system to overwhelm its bandwidth and resources. The document then discusses how early DDoS attacks worked and how routers have evolved defenses. It describes how modern DDoS attacks are more sophisticated, using botnets of infected systems controlled remotely by attackers to amplify the scale and impact of the attacks.
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology
A comprehensive study of distributed Denial-of-Service attack with the detect...IJECEIAES
With the dramatic evolution in networks nowadays, an equivalent growth of challenges has been depicted toward implementing and deployment of such networks. One of the serious challenges is the security where wide range of attacks would threat these networks. Denial-of-Service (DoS) is one of the common attacks that targets several types of networks in which a huge amount of information is being flooded into a specific server for the purpose of turning of such server. Many research studies have examined the simulation of networks in order to observe the behavior of DoS. However, the variety of its types hinders the process of configuring the DoS attacks. In particular, the Distributed DoS (DDoS) is considered to be the most challenging threat to various networks. Hence, this paper aims to accommodate a comprehensive simulation in order to figure out and detect DDoS attacks. Using the well-known simulator technique of NS-2, the experiments showed that different types of DDoS have been characterized, examined and detected. This implies the efficacy of the comprehensive simulation proposed by this study.
Our world today relies heavily on informatics and the internet, as computers and communications networks have increased day by day. In fact, the increase is not limited to portable devices such as smartphones and tablets, but also to home appliances such as: televisions, refrigerators, and controllers. It has made them more vulnerable to electronic attacks. The denial of service (DoS) attack is one of the most common attacks that affect the provision of services and commercial sites over the internet. As a result, we decided in this paper to create a smart model that depends on the swarm algorithms to detect the attack of denial of service in internet networks, because the intelligence algorithms have flexibility, elegance and adaptation to different situations. The particle swarm algorithm and the bee colony algorithm were used to detect the packets that had been exposed to the DoS attack, and a comparison was made between the two algorithms to see which of them can accurately characterize the DoS attack.
Distributed Denial of Service (DDoS) attack is the most severe cyber-attack that
affects the availability of critical applications. The attackers identify the weakness in
the machines and compromise them to involve in the flooding attack. During the
DDOS attack generation, they also gain access to secret information. These
computers are then used to wage a DDoS Attack in host’s computer. Through many
security measures have been taken in order to stop DDOS Attack to be protect our
data, the attackers have developed new techniques and attack methodology. Hence it
is very important that instead of reacting to new attacks, it is necessary to build a
complete DDoS solution that will defend all types of DDoS attacks. So, the
researchers must understand the cyber space and methods utilized to block the DDoS
attacks. The proposed system provides a unique method to detect DDoS attack using
Splunk. We propose two methods for prevention of DDoS attack. One is using
Randomly generated Captchas and other one is using Linux bash script to prevent
DDoS attack by automatically blocking IP of the client, who is sending multiple
request at a time.
Similar to XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVICE FEATURES (20)
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Sinan KOZAK
Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Rainfall intensity duration frequency curve statistical analysis and modeling...bijceesjournal
Using data from 41 years in Patna’ India’ the study’s goal is to analyze the trends of how often it rains on a weekly, seasonal, and annual basis (1981−2020). First, utilizing the intensity-duration-frequency (IDF) curve and the relationship by statistically analyzing rainfall’ the historical rainfall data set for Patna’ India’ during a 41 year period (1981−2020), was evaluated for its quality. Changes in the hydrologic cycle as a result of increased greenhouse gas emissions are expected to induce variations in the intensity, length, and frequency of precipitation events. One strategy to lessen vulnerability is to quantify probable changes and adapt to them. Techniques such as log-normal, normal, and Gumbel are used (EV-I). Distributions were created with durations of 1, 2, 3, 6, and 24 h and return times of 2, 5, 10, 25, and 100 years. There were also mathematical correlations discovered between rainfall and recurrence interval.
Findings: Based on findings, the Gumbel approach produced the highest intensity values, whereas the other approaches produced values that were close to each other. The data indicates that 461.9 mm of rain fell during the monsoon season’s 301st week. However, it was found that the 29th week had the greatest average rainfall, 92.6 mm. With 952.6 mm on average, the monsoon season saw the highest rainfall. Calculations revealed that the yearly rainfall averaged 1171.1 mm. Using Weibull’s method, the study was subsequently expanded to examine rainfall distribution at different recurrence intervals of 2, 5, 10, and 25 years. Rainfall and recurrence interval mathematical correlations were also developed. Further regression analysis revealed that short wave irrigation, wind direction, wind speed, pressure, relative humidity, and temperature all had a substantial influence on rainfall.
Originality and value: The results of the rainfall IDF curves can provide useful information to policymakers in making appropriate decisions in managing and minimizing floods in the study area.
XDOSER, A BENCHMARKING TOOL FOR SYSTEM LOAD MEASUREMENT USING DENIAL OF SERVICE FEATURES
1. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
DOI: 10.5121/ijnsa.2019.11303 31
XDOSER, A BENCHMARKING TOOL FOR SYSTEM
LOAD MEASUREMENT USING DENIAL OF SERVICE
FEATURES
AKM Bahalul Haque, Rabeya Sultana, Mohammad Sajid Fahad , MD Nasif Latif
and Md. Amdadul Bari
Department of Electrical and Computer Engineering, North South University, Dhaka,
Bangladesh
ABSTRACT
Technology has developed so fast that we feel both safe as well as unsafe in both ways. Systems used today
are always prone to attack by malicious users. In most cases, services are hindered because these systems
cannot handle the amount of over loads the attacker provides. So, proper service load measurement is
necessary. The tool that is being described in this paper for developments is based on the Denial of Service
methodologies. This tool, XDoser will put a synthetic load on the servers for testing purpose. The HTTP
Flood method is used which includes an HTTP POST method as it forces the website to gather the
maximum resources possible in response to every single request. The tool developed in this paper will focus
on overloading the backend with multiple requests. So, the tool can be implemented for servers new or old
for synthetic test endurance testing.
KEYWORDS
Denial-of-service, attack, unavailability, security, httprequests, OkHttpClient
1. INTRODUCTION
Systems developed nowadays are being used by various types of user. Before releasing a system
for usage, it needs to be tested properly. These testing provide the owners a confirmation about
the reliability of the system. More and more users use the system the more the vulnerability
increases. Moreover, the number of users also increases with time. All the users using the system
does not have a very noble thing in mind. They might want to disrupt the system services. Denial
of Service attack is one of the most effective ways to disrupt the services. That is why various
benchmarking tool is used to check whether the website can handle a considerable amount of
load.
The main aim of DOS attack is disruption of services by consuming the bandwidth of legitimate
customer. This attack is done by sending a stream of illegitimate packets to certain victim to cut
off the supply of the authentic packets. During the last few years, several prominent websites
were the victims of such attacks [1]. A distributed denial of service (DDoS) is a type of attack that
is performed from distributed system to disrupt the service. This method is becoming very
complex and popular day by day. Many security tools have been proposed to fight the problem
[2]. The major goals of DDoS attack are to consume bandwidth and overwork the server. Over the
years, the most common choice has been the TCP SYN flood, with the ping flood a distant
second. Application layer attacks are increasing, such as HTTP GET request floods and ‘mail
bombs’ or floods from spam networks. DNS based attacks (attackers flood DNS servers with
bogus but well-formed requests) are also quite popular. A normal request flood may overwork the
2. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
32
server [3]. This research is mainly focused on improving server load capacity and endurance. The
main purpose of our study is the understand DDoS attacks as a whole and eliminate possible
server hacks. The tool developed in this paper will be able to create a synthetic load on servers to
check the capacity it can handle.
Lower graphs showcase the DDOS attacks. The results of the first two quarters of the year 2018,
the peak activity in Q2 2018 was observed in the middle of April 2018. The quarter's lowest
number was observed respectively 24th
May and June 17th
. During the Sunday and Tuesdays of
the second quarter of 2018, the number was recorded at 14.99% and 17.49% respectively.
According to the attacks logged the attack came down to 12.37% on Thursday. Overall, it can be
observed from the graph, in the period of April-June the attack distribution over the days of the
week was more even at the beginning of the year. The longest attack in Q2 lasted for 158 hours
and for almost 11 days slightly shorter than the previous quarter’s record of 297 hours that is 12.4
days. This time the focus of the preserving hackers was an IP address belonging to China
Telecom [4] [5]. These are represented graphically below.
Figure 1: Dynamics of the number of DDoS attacks, Q2 2018
Figure 2: Distribution of DDOS attacks by day of the week, Q1 and Q2 2018
3. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
33
2. RELATED WORKS
As described in the previous section of this paper, for testing load capacity and service
unavailability; it is important to discuss about DDoS in different aspects. It has always been one
of the most effective ways to conduct unethical activities.
For this reason, building an effective tool which can perform better DDoS that currently available
conventional tools and testing the system against the attack using the tool in a very effective way.
So, the types and evolution of DDoS attack will be described in this section. If the evolution can
be tracked, it can be one of the pillars for building the tool.
Several works related to DDoS have been done for years. The authors in [6] showed the risk of
botnet-based attacks especially on the application layer of the system architecture and also the
large-scale loss it can cause. Most DoS based bandwidth attacks are normally done with one
single computer. However, trying to cause damage by repetitive usage can be detected easily.
Even today, requests are more spread out over multiple types and sizes available. Particularly
focusing on a large file can be faster, but it will be easily detected as an anomaly. The paper states
about Distributed Reflector Attack. In such an attack the user hides the source of the attack, which
is essential to the problem. It ends with solutions during that time and future developments. This
helped us understand the attack in detail and the defense mechanism used years back and to
counteract accordingly.
Another paper [7] suggests a different type of DDoS attack called the Silent Attack. The name is
given as it poses as congestion to avoid detection as long as possible. The point was to be
undetectable as long as possible. The use of TCP traffic one of our major foundation that the idea
came from. Another paper [8] from 2003 was used to comprehend the evolution and the
understanding of DDoS attack. Papers like this helped us to see the change in the timeline and the
defenses used to better counteract with the solutions that might evolve to overcome the DOS tool.
This paper focuses on making an efficient attack and improves on what was present.
The authors of the paper [9] used the idea of amplification of the strength of the DDoS attack.
Unprotected computers are used as a bot against the target server. The attack amplification factor
has other variables to work with. Understanding this paper made it easier to theorize and later
apply the work.
3. MATERIALS AND METHODOLOGY
3.1 MATERIALS
For making this tool, the following tools were used:
• Protocols: HTTP
• Frameworks: Spring Boot
• Database: MySQL using XAMPP
• Server: Apache
The full form of HTTP is the Hypertext Transfer Protocol. It is a stateless protocol. It has request
methods like GET, HEAD, POST, PUT and DELETE. It has the capability of dealing with data
representation that allows any website to be built independently during transmission of data. The
POST method is used to send the request to the Apache server [10].
4. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
34
“Spring Boot” framework is used to implement the backend. It automatically configures Spring as
well as third-party libraries whenever possible. Moreover, it does not require for XML
configuration.
MySQL has a distinct storage-engine framework that allows for flawless high performance. It can
handle millions of queries . XAMPP contains the Apache module. In this paper, Apache is used
as the server for the following three reasons[11][12].
Firstly, Apache is the most popular Web server which is running at a faster rate in today’s
generation [13].
Secondly, Apache is a fully featured and high-performance Web server which means that its
functionality, efficiency, and speed is better than any other server.
Thirdly, the source code of Apache is available which means that anyone can use it and it enables
us to make changes to the code to improve its performance [14]. IntelliJ IDEA is an integrated
development environment (ide). It indexes the whole project. It analyses everything and creates
the syntax tree. In the code, wherever you put the cursor, it identifies the specific codes and what
necessary changes can be done here [15].
3.2 METHODS
There are many types of DDoS attack like UDP Flood, SYN Flood, HTTP Flood and so on. The
attack type used in this paper is the HTTP Flood method [15]. A GET request is used to retrieve
standard and static content like images. It means that if GET request is used to hit the front end,
then it cannot create a heavy load on the front end. So, the attack would not be an efficient one.
Moreover, it cannot dynamically generate resources. HTTP GET request works on the front end.
Figure 3. Typical dos Attack using GET request on the front end
The HTTP POST method is used to send the DOS attack on the backend. It means HTTP GET
request are sent continuously in the form of searching the data. As the data is searched frequently,
then this will create a load on the backend. Ultimately, it will create the load on the website. A
generalized picture regarding the DOS attack on backend will look like the figure below:
5. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
35
Figure 4. General Architecture of XDoser
The name of the website is Webdoser. The table in the database was named the course model.
The table contains details like username(course name), address, age, full name, and institute
name. Webdoser contains a folder named “Course Dao” that will allow the user to search for the
course name using HTTP request. Now, for the search operation to take place, an object needs to
be created for calling any HTTP request like search, delete and so on. A single object (client) was
created using OkHttpClient so that the user can search for the course name in the database [16].
The search page created is given on the next page:
Figure 5. Input given by the user
Figure 6. HTML page for a search match
The word “SUCCESS” has been displayed on the screen as the searched data has been matched.
Now, XDoser will create a severe load on the backend due to the repetitive search requests.
6. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
36
Figure 7. Using a different course name
Figure 8. HTML page for failed request
“Failed” has been displayed. It means that this particular data is not in the database. Even though
XDoser will create a load on the backend because the user is continuously sending HTTP POST
request for searching a wrong data. Since repetitive searching is going on, so XDoser is creating
load concurrently on the backend.
7. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
37
Figure 9. XDoser attack showing success and failed results proving that load has been created as the failed
ratio is much higher
If the search result matches or not, it will show "Failed" due to the effect of XDoser as shown in
Figure 10. Thus, the user will focus on overloading the backend with multiple requests that are
each as processing-intensive as possible to check the maximum load it can bear. That is why
HTTP flood [7] method using POST requests tend to be the most resource-effective and flawless
method from the user’s view. The thread will run concurrently and ultimately the server will go
down. The Thread code is given below:
public static void main(String[] args) {
final HttpRequester httpRequester = new HttpRequester();
try {
for (int i = 0; i < 50; i++) {
Thread thread = new Thread(new Runnable() {
public void run() {
try {
attack();
} catch (Exception e) {
e.printStackTrace();
}
}
});
4. RESULT ANALYSIS AND DISCUSSION
The tests by XDoser are conducted on a website we made just for the purpose. This is used in the
test and development stage to understand the workings of the tool. Continuous flood attack was
crucial in the process, however increasing the threads might not always work to our advantage.
The attack strength is also a variable in the work. As efficient or fast as the method can be, there
will be little work if the server can counteract the requests. So, the tool can be used with multiple
computers as well. The combined strength of the processing power or many computers will make
the attack more efficient.
8. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
38
The tool has been improved over time and now can be used with significant results. Our demo
website was used in all the test cases. The tool was run for a specific amount of time and
compares with another DoS tool found online. With time being the variable, the tools were tested
respectively. The tool has proven to beat the other tools in every case. Spreadsheets were made
that were used to make graphs for better representation of the improvements made to the tool over
time. The results show that XDoser can provide more loads compares to other tools in a certain
given time. Table 3 and Table 4 provides comprehensive data of Table 1 and Table 2 to
summarize that XDoser is the 3rd
among the tools to in sending more requests than other tools and
that it is the top among creating more synthetic load for testing.
The latest results show that the demo website failed about 81.63%, a ratio of 4.44 compared to
other tools lagging below. Our results came out to be above 80%, almost every time. Only about
1 in 23 trials came 79.14% with the time frame being constant among all the trials. Higher the
ratio, more the server fails the request.
This result shows consistently that the DoS tool is functional and works better than other tools.
The result concludes with the fact that the tool needs more development as it faces problem
holding on to the port being used and that takes restarting of the computer to fix. Other than that,
the tool can be run under a specific amount of time. As time increased, the tool did not crash, but
the rate of attack reduces significantly. However, it is to be noted that rate aside, the effectiveness
of the tool remains intact as it still produces over 80% results. The table below represents:
Name Time Success Failure Ratio
XDoser 25 seconds 1870 8311 4.44
Hulk 25 seconds 1856 7646 4.11
Slowloris 25 seconds 1898 7902 4.16
LOIC 25 seconds 1888 8315 4.40
XOIC 25 seconds 1887 8319 4.41
Tor’s Hammer 25 seconds 1857 8102 4.36
PyLoris 25 seconds 1901 8312 4.37
Table 1: Failure to Success ratio of XDoser and some DOS tools
Name Time Success Failure Total
XDoser 25 seconds 1870 8311 10181
Hulk 25 seconds 1856 7646 9502
Slowloris 25 seconds 1898 7902 9544
LOIC 25 seconds 1888 8315 9790
XOIC 25 seconds 1887 8319 10206
Tor’s Hammer 25 seconds 1857 8102 9959
PyLoris 25 seconds 1901 8312 10213
Table 2: Total number of requests to the server
9. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
39
Table 3: Ratio comparing XDoser vs other DOS tools
Table 4: Total number of requests to the server
The main limitation of the test was using our basic demo website and a server. The tests were
done on a small scale under very basic assumptions that all the requests will be delivered and
processed by the server and the tools integrity and endurance. The test field was small and tested
for a long period of time and implicates that the load can be consistent, not decreasing as it
performs. It is also assumed that the server does not have any basic countermeasure, as that can
make a difference. However, that would affect all the tools in the same way. A secure
communication scheme has been designed which facilitates communication among corporate and
defense agencies [17]. If such a system is not tested for load measurements, it can also be a
failure. The architecture is shown below:
4.1 COMPARATIVE ANALYSIS
Load Testing or software testing can be done using several tools. In a recent paper "A Pragmatic
Evaluation of Stress and Performance Testing Technologies for Web-Based Applications", it
shows that any application can stop working as well as cause the failure of the applications
without proper testing. It uses HULK script for producing a tremendous load to the web
application for testing. HULK stands for HTTP Unbearable Load King. It is a type of DDoS
10. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
40
Attack on the server. Interestingly, it can be used for testing purposes as well. HULK allows
checking the performance of the application to see whether the web application is powerful
enough to manage the DDoS based traffic. If compared with different tools, HULK is quite faster
in testing load compare to Apache JMeter [18]. HULK accounts for 1.82 seconds on average,
whereas Apache JMeter accounts for 2.12 seconds. Thus, HULK is better than Apache JMeter.
XDoser works like the similar way as HULK because both are DDoS tool. As discussed in result
analysis, compare to Hulk and Soloris, the percentage rate of load testing is more in Xdoser
which is around 80%.
Xdoser works on HTTP POST requests as the user is continuously sending HTTP POST request
for searching a wrong data. Since repetitive searching is going on, so XDoser is creating load
concurrently on the backend. In a recent paper "svLoad: An Automated Test-Driven Architecture
forLoad Testing in Cloud Systems" [19], it shows that HTTP and HTTPS requests response time
is quite more compare to other methodology used for testing. It present comparison of HTTP and
HTTPS requests response time. Here, HTTP type test cases are up to 90% faster than HTTPS
protocol type. So, XDoser's methodology is quite faster than other methodologies because it uses
HTTP POST requests.
In a recent paper, “Efficient DDoS Flood Attack Detection using Dynamic Thresholding on
Flow-Based Network Traffic”, it states that DoS attacks are one-to-one, that uses one
compromised host and influences a network with a small bandwidth. The DDoS attack uses many
compromised hosts that will flood the system or network with very large traffic. DDoS has many-
to-one attack dimensions, so it is more successful in blocking the victim against its defenses.
Botnets are nowadays used to attack in large scale flooding attacks. The attack flows become
distributed and more harmful by making it hard to detect. This paper analyses the features of
traffic in the network and the existing algorithms to detect DDoS attacks and proposes an efficient
statistical approach to detect the attacks based on traffic features and dynamic threshold detection
algorithm. The proposed algorithm extracts different features regarding traffic, it calculates four
attributes grounded on the characteristics of DDoS and the attack get detected when the calculated
attributes within a time interval are greater than the threshold value. In this work, a virtual
network using the Virtualbox tool is set up. It uses TCP, UDP, ICMP and RAW-IP protocols.
This tool is a platform independent and used as a network packet producer which initiates DDoS,
DoS, and MITM.
4.2 BENEFITS OF USING XDOSER
DDoS is a viral attack. Any people in the world are affected or victimize by this attack. In
general, DDoS tools are used to crash servers. It makes all the resources unavailable and slows
down all the current activities. Ultimately, it crashes down the server and harms other people’s
computers, applications as well as websites. Every coin has two sides The attackers used the
DDos tool for the wrong usage whereas XDoser tests the load that an application can bear. It will
create a massive load on the website to check the highest capability the application can
bearSuppose, an application is affected by any DDoS attack or malware. If the developer of that
application knows the highest amount of load the application can sustain, he would have made his
application stronger. XDoser will let those developers know about the application's highest load
taking capability. Though it is illegal to perform dos operation on a system, XDoser can be used
by government or concerned security services for targeting potential harmful systems[20].
11. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
41
Figure 11. System architecture of XDoser
5. CONCLUSIONS
Regardless of the DoS tool having a negative connotation to it, the application of such a program
is not something to be ignored. If used properly, it can clean up the internet to some degree.
However, the main use of our tool is to test servers and their integrity. Attacks on servers are
imminent and will not stop any day soon. This tool will be used to test the load a server can take,
and what will be needed to improve it. As it is more robust than other tools found, it can provide
better results. Later on, the companies can set their servers and prepare them to their
specifications.
ACKNOWLEDGEMENTS
The authors would like to thank Cyber Security Research Team, North South University,
Bangladesh.
REFERENCES
[1] Moore, D. and M.Voelker, G. (2019). InferringInternetDenial-of-ServiceActivity.
Cseweb.ucsd.edu. Available at: https://cseweb.ucsd.edu/~savage/papers/UsenixSec01.pdf [Accessed
7 May 2019].
[2] Tariq, Usman & Hong, Manpyo & Lhee, Kyung-suk. (2006). A Comprehensive Categorization of
DDoS Attack and DDoS Defense Techniques.
[3] Jelena Mirkovic and Peter Reiher. 2004. A taxonomy of DDoS attack and DDoS defense
mechanisms. SIGCOMM Comput. Commun. Rev. 34, 2 (April 2004), 39-53.
[4] Nassiri,A.(2018).5 Most Famous DDoS Attacks. A10 Networks. Available at:
https://www.a10networks.com/resources/articles/5-most-famous-ddos-attacks [Accessed 7 May
2019].
[5] Kupreev, O., Badovskaya, E. and Gutnikov, A. (2019). DDoS Attacks in Q4 2018. Securelist.com.
Available at: https://securelist.com/ddos-attacks-in-q4-2018/89565/ [Accessed 7 May 2019].
[6] Alomari, Esraa & Manickam, Selvakumar & Gupta, B B & Karuppayah, Shankar & Alfaris, Rafeef.
(2012). Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification
and Art. International Journal of Computer Applications.
12. International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.3, May 2019
42
[7] A. Shevtekar and N. Ansari, "Is it congestion or a DDoS attack?," in IEEE Communications Letters,
vol. 13, no. 7, pp. 546-548, July 2009.
[8] L. Feinstein, D. Schnackenberg, R. Balupari and D. Kindred, "Statistical approaches to DDoS attack
detection and response," Proceedings DARPA Information Survivability Conference and Exposition,
Washington, DC, USA, 2003, pp. 303-314 vol.1.
[9] Kumar, Sanjeev. (2007). Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in
Internet. 25 - 25. 10.1109/ICIMP.2007.42.
[10] Rfc-editor.org. (2019). Hypertext Transfer Protocol -- HTTP/1.1. Available at: https://www.rfc-
editor.org/rfc/pdfrfc/rfc2616.txt.pdf [Accessed 7 May 2019].
[11] Author, G. (2019). 8 Major Advantages of Using MySQL. Datamation.com. Available at:
https://www.datamation.com/storage/8-major-advantages-of-using-mysql.html [Accessed 7 Apr.
2019].
[12] J. Criscuolo, Paul. (2000). Distributed Denial of Service: Trin00, Tribe Flood Network, Tribe Flood
Network 2000, and Stacheldraht CIAC-2319. 19.
[13] J. Anish Dev, "Usage of botnets for high speed MD5 hash cracking," Third International Conference
on Innovative Computing Technology (INTECH 2013), London, 2013, pp. 314-320.
[14] Solntsev, A. (2019). Intellij vs. Eclipse: Why IDEA is Better - DZone Java. dzone.com. Available at:
https://dzone.com/articles/why-idea-better-eclipse [Accessed 11 Apr. 2019].
[15] Learning Center. (2019). DDoS Attack Types & Mitigation Methods | Imperva. Available at:
https://www.imperva.com/learn/application-security/ddos-attacks/ [Accessed 7 May 2019].
[16] Learning Center. (2019). What is an HTTP Flood | DDoS Attack Glossary | Imperva. Available at:
https://www.imperva.com/learn/application-security/http-flood/ [Accessed 7 May 2019].
[17] Haque, A., Bari, M. A., Arman, S. S., & Progga, F. T. (2019). A Secure Communication Scheme for
Corporate and Defense Community. arXiv preprint arXiv:1903.02340.
[18] Pradeep, S & Kumar Sharma, Yogesh. (2019). A Pragmatic Evaluation of Stress and Performance
Testing Technologies for Web Based Applications. 399-403. 10.1109/AICAI.2019.8701327.
[19] Noor, J., Hossain, M.G., Alam, M.A., Uddin, A., Chellappan, S., & Islam, A. (2018). svLoad: An
Automated Test-Driven Architecture for Load Testing in Cloud Systems. 2018 IEEE Global
Communications Conference (GLOBECOM), 1-7.
[20] Jisa David, Ciza Thomas, Efficient DDoS flood attack detection using dynamic thresholding on flow-
based network traffic, Computers & Security, Volume 82, 2019, Pages 284-295, ISSN 0167-4048