The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Defenses against Distributed Denial-of-Service (DDoS) attacks are commercially available and deployed by Internet Service Providers (ISPs) at the network and transport layers. However, attackers increasingly target vulnerabilities at the application layer. Launched from bots, these attacks seek to exhaust server resources, such as CPU and disk bandwidth. Because these attacks use normal-looking requests,...
It is important for us to determine the source of the Attack, when we want to defend against the malicious actions, such as (D)DoS. Log-based technology is to log the packets information, which can mean how the packets traverse the network. Source Path Isolation Engine (SPIE) is a great development in log-based technology, but it still has some shortages. In this paper, we proposed a collaborative...
As more and more services are provided by servers via the Internet, Denial-of-Service (DoS) attacks pose an increasing threat to the Internet community. A DoS attack overloads the target server with a large volume of adverse requests, thereby rendering the server unavailable to ??well-behaved?? users. Recently, the novel paradigm of traffic ownership that enables the clients of Internet service providers...
Large-scale attacks like distributed denial-of-service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based business. Thus, many attack detection systems using various anomaly detection methods were developed in the past. These detection systems result in a set of anomalies detected by analysis of the traffic behavior. A realtime identification of the attack...
Both Flash crowds and DDoS (Distributed Denial-of-Service) attacks have very similar properties in terms of Internet traffic, however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows, and DDoS attacks have been a serious threat to Internet security and stability. In this paper we propose a set of novel methods using probability metrics to distinguish DDoS attacks from Flash...
In this paper we propose an IP traceback mechanism based on deterministic packet marking and logging, using protected nodes set to reduce logged data amount. The proposed scheme exploits the fact that the number of nodes that may be under attack is usually limited to a small fraction of total nodes in the Internet, greatly reducing storage requirements by logging only the traffic destined to this...
IP-spoofed DDoS attack is a serious security problem in Internet. Thus, an IP traceback approach is essential. In this paper, a fast IP traceback approach (FTA) based on network statistic analysis is proposed. By maintaining the branch label table (BLT) which contains some network statistics in edge routers, the time of IP traceback procedure is efficiently reduced. In addition, an adaptive packet...
The threat of denial of service flooding attacks in the Internet is rapidly increasing. Especially the use of techniques that allow attackers to hide their attack traffic raises concerns: attack distribution and rotation in botnets to obfuscate senders, low-rate bandwidth attacks, and attacks that mimic realistic patterns such as flash crowds. The defense against such attacks is limited due to a deadlock:...
Distributed denial of service (DDoS) attacks have become a major threat to organizations and especially to Internet and intranet. In DDoS attacks targets are overwhelmed by sending an enormous amount of traffic from number of attack sites. The major tasks of any defense system are to detect these attacks accurately and early on, before it causes an unrecoverable loss. Most of the research in this...
Distributed denial-of-service (DDoS) attacks are a significant problem because they are very hard to detect, there is no comprehensive solution and it can shut an organization off from the Internet. The primary goal of an attack is to deny the victim's access to a particular resource. DDoS is implemented using source IP address spoofing. This paper provides a framework for detecting the attack and...
Spam e-mails and distributed denial of service (DDoS) attacks have now become critical issues to the Internet. These attacks are considered to be sent from bot infected PCs. As a bot communicates with a malicious controller over an encrypted channel and updates its code frequently, it becomes difficult to detect infected personal computers (PCs) using pattern-based intrusion detection systems (IDSs)...
In application-level DDoS attacks, attackers mimic legitimate client behavior by sending proper-looking requests via bots. The previous DDoS solutions focus on bandwidth flooding attacks, and have encountered significant difficulty in deployment. This paper presents a deployable architecture that counts the application-level DDoS attacks against Web servers by combining overlay and IP anycast. In...
Distributed defense of distributed denial of service (DDoS) is one of the main research areas in DDoS recently. It is preferred to be conducted as the control-based defense. However, some existed methods have their respective disadvantages, such as efficiency, privacy. Therefore, a DDoS-oriented distributed defense framework based on the edge router feedbacks in autonomous systems (AS) is proposed...
Distributed denial-of-service (DDoS) attacks pose a serious threat to Internet security. While SYN flooding exploits the TCP three-way handshake process by sending many connection requests using spoofed source IP addresses to a victim server. DDoS attack keeps objective host from handling legitimate requests by causing it to populate its backlog queue with forged TCP connection. In this paper, we...
Distributed defense of DDoS (Distributed Denial of Service) attack has been extensively researched in recent years and control-based defense is a hopeful way. However, existed methods only deal with bandwidth protection. The paper takes defense of DDoS flood as a kind of Processing and Bandwidth Resources allocation and solves it using control theory. Our defense mechanism FFDRF (Feedback Filtering...
Traffic Validation Architecture (TVA) is a capability based network architecture that tries to limit Distributed Denial of Service Attacks (DDoS). It considers only the victimpsilas approval in the capability granting process. We propose an extension to the approach by involving two new parameters, the bottleneck linkpsilas status and message type, in the capability granting mechanism. Both these...
DDOS attacks generate flooding traffic from multiple sources towards selected nodes and cause obstruction in flow of legitimate information within a network. If the victim node is the server at ISP level requiring fast information processing, the entire network operation stops. We use various lines of honeypot based defense against such attacks. The first line of defense detects the presence of attacks...
In the distributed denial of service (DDoS) defense research, rate-limiting methods have been proposed to alleviate the damage of attacks according to different congestion control mechanisms. This paper presents a new game-theoretical methodology to evaluate effectiveness of typical DDoS defense mechanisms quantitatively. A complete strategic game model is constituted for DDoS attack and defense warfare...
Nowadays we see an increasing number of global network attacks. These attacks are realized due to joint efforts of many distributed malicious software components (bots). It is very hard to investigate the effectiveness and efficiency of defense mechanisms against such attacks in practice. However these mechanisms might be simulated with the necessary fidelity. The paper outlines a framework and software...
In this paper, we advocate that routers will filter bandwidth depletion of DDoS traffic. It is our consideration that server owners who experience an attack should work with ISP routers to defend DDoS. The main idea is to use statistical approaches of Netflow to allocate weighted bandwidth at the routers. We propose a new algorithm based on genetic algorithm to filter traffic on routers and maximize...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.