The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We have been developing an anomaly detection system (ADS) for detecting malicious communication from the Internet to our campus network. We implement two methods for blocking malicious communications. However, these blocking methods have some problems. Therefore, we propose a new method for blocking malicious communications using OpenFlow technology. In this paper, we describe the overview of our...
This paper presents a fast and large-scale monitoring system for detecting one of the major cyber-attacks, Distributed Denial of Service (DDoS). The proposed system monitors the packet traffic on a subnet of unused IPs called darknet. Almost all darknet packets are originated from malicious activities. However, it is not obvious what traffic patterns DDoS attacks have. Therefore, we adopt a classifier...
Domain name system is among the core part of TCP/IP protocol suite and the standard protocol used by the Internet. The domain name system consists of mapped website names with Internet protocol, which facilitates browsing by not requiring users to remember numeric notation addresses. The nature of the system, which involves transferring information in plain text, makes it vulnerable to security attacks...
A software-based computing platform has been constructed as an experimental topology with the goal to detect and mitigate DDoS using a Virtual Network Environment. This research comprises the automatic management of three main approaches, being firstly the deployment of a virtual infrastructure for experimentation, secondly the configuration of the detection and mitigation of DDoS attacks and finally...
Nowadays, the defense against Denial of Service (DoS) attacks is receiving particular interest. Different techniques have been proposed and, in particular, the Packet Marking (PM) and TraceBack (TB) procedures demonstrated a good capacity of facing the different malicious attacks. While host-based DoS attacks are more easily traced and managed, network-based DoS attacks are a more challenging threat...
Recently, cloud computing has conquered IT markets and majority of institutions use its services at different scales. As any IT technology, cloud computing suffers from security issues and numerous studies were — and in progress — given in order to overcome them. However, most of the latter focus on data, users and infrastructure security from external attacks, and very few ones focus on the issue...
In this paper we present a time behavioral analysis of a simulated botnet network traffic, collected and discovered from NetFlow messages. More specifically said - lifespans. The technique, which we used, is focused on to model command and control communication in a botnet network. The lifespan of this referred traffic is modeled by lifelines using Python language.
The extensive use of Internet technology has brought great convenience to modern society, however, more and more severe problems regarding to network security have also emerged at the same time. Especially the DDoS attacks, represented by SYN Flood, pose massive threats to the network security. This paper discusses an algorithm which could detect SYN Flood attack quickly under large scale network:...
We present D3NS, a system to replace the current top level DNS system and certificate authorities, offering increased scalability, security and robustness. D3NS is based on a distributed hash table and utilizes a domain name ownership system based on the Bitcoin blockchain. It addresses previous criticism that a DHT would not suffice as a DNS replacement. D3NS provides solutions to current DNS vulnerabilities...
Almost the whole information that belongs to Goverment or private sector, Corporate or individual has been digitized currently. The computers which keep digitized information provides to use those information properly via applications such as database and web services. If necessary precautions hadn't been taken at individual or corporate level in both configuring network and applications, ‘your information...
Recent advances in Cyber-Physical Systems (CPSs) promote the Internet as the main communication technology for monitoring, controlling and managing the physical entities as well as exchanging information between the physical entities and human users. On the other hand, the Internet introduces a variety of vulnerabilities that may put the security and privacy of CPSs under risk. The consequences of...
A core feature of Content-Centric Networking (CCN) is opportunistic content caching in routers. It enables routers to satisfy content requests with in-network cached copies, thereby reducing bandwidth utilization, decreasing congestion, and improving overall content retrieval latency. One major drawback of in-network caching is that content producers have no knowledge about where their content is...
The security demands on development teams are growing in direct proportion to the security incidents discovered and leveraged in computer crime and cyber warfare every day. There is ongoing research to increase the effectiveness of security defect detection and penetration testing of products, but where the literature is thin, is in actual case studies that apply security assurance processes in a...
Distributed denial of service attacks pose an immense threat to the internet. In this work TCP SYN flood attacks are detected using matching pursuit algorithm. Dictionaries are generated using K-SVD algorithm from normal and attack traffic of training data. Using these dictionaries and applying matching pursuit algorithm detection of attacks are performed pursing resulting residuals of matching pursuit...
Neighbor Discovery Protocol (NDP) is significant in mobile network, which enables mobile node randomly access to foreign network by Stateless Link Address Autoconfiguration (SLAAC). However, the NDP initially offers no protection mechanism and is prone to address spoofing and Denial of Service (DoS). Secure Neighbor Discovery Protocol (SeNDP) is proposed to solve these NDP threats. Recently there...
In this paper, we investigate collaborative schemes to mitigate Distributed Denial of Service attacks in multi-domain Software Defined Networks (SDNs). The mitigation process itself is distributed, initiated by the domain of the victim, and involving all domains in the path of an attack (transit domains). We emphasize on filtering malicious flows as close to the attack sources as possible. We propose...
Networking has become an essential factor in daily life and activities where the major problem in network security is the safety of the transfer information. The infrastructure for the networking is the TCP/IP suite, and the address resolution protocol is the core part of the standard which maps the logical address into a physical address. Address resolution protocol is defined as a stateless protocol...
Software Defined Networking (SDN) is the new promise towards an easily configured and remotely controlled network. Based on Centralized control, SDN technology has proved its positive impact on the world of network communications from different aspects. Security in SDN, as in traditional networks, is an essential feature that every communication system should possess. In this paper, we propose an...
Measuring the instability of IP prefixes in BGP is critical for network operation and management. In particular, identifying and investigating the most active prefixes assist in detecting, analyzing, and understanding network problems. The traditional metric to assess the activeness of a prefix is the quantity of BGP update. However, this metric may be strongly affected by monitor-local events: the...
Content poisoning attacks are a significant problem in Information Centric Networks (ICN), such as Named Data Networking. In a content poisoning attack, an attacker injects bogus content into the network with a legitimate name. While users will reject the content because of signature mismatch, the network is largely unaware of the problem due to the computational burden of on the fly packet verification...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.