Distributed Denial of Service Attack

The essential services such as banking, transportation, medicine, education and defense are being progressively replaced by cheaper and more efficient Internet-based web applications. Therefore, the availability of Web services is very critical for the socio-economic growth of the society. Distributed denial-of-service (DDoS) attacks pose an immense threat to the availability of these services. The services are severely degraded and hence lot of business loses are incurred due to these attacks. To objectively evaluate DDoS attack's impact, its severity and the effectiveness of a potential defense, we need precise, quantitative and comprehensive DDoS impact metrics that are applicable to web services. In this paper an attempt has been made to analyze impact of DDoS attacks on the Web services. The experiments are conducted in NS-2. The attack traffic is mixed with legitimate traffic at different strengths and impact of DDoS attacks are measured in terms of throughput, response time, ratio of average serve to request rate, percentage link utilization, and normal packet survival ratio (NPSR). electronic document is a "live" template. The various components of your paper [title, text, heads, etc.] are already defined on the style sheet, as illustrated by the portions given in this document.

Internet of things (IoT) means connecting things or electronic objects with each other or with their manufacturers sharing data and information. It can also be called a cloud which connects multiple devices and gathers information from those devices. Objects/things can be smart devices or electronic bio-implants in humans or animals. Structure of internet mainly depend upon functionality rather than security and when we are talking about interconnection of these things, definitely security is also an issue because with the interconnection of smart systems private data is also at stake. There are many types of threats to IoT but in this paper we will only discuss Distributed Denial of Service (DDoS) attacks on Network Layer and Application Layer, which are capable of targeting and penetrating a victim from multiple sources seizing the resources of the network, and making them unavailable to the network’s users. In order to prevent from such an attack we need a way to detect and mitigate it. Over the time many people proposed multiple ways to stop it but there is no legitimate way to get rid of a DDoS attack on Internet of Things because of limited power of small devices.

Load balancing functionalities are crucial for best Grid performance and utilization. Accordingly,this paper presents a new meta-scheduling method called TunSys. It is inspired from the natural phenomenon of heat propagation and thermal equilibrium. TunSys is based on a Grid polyhedron model with a spherical like structure used to ensure load balancing through a local neighborhood propagation strategy. Furthermore, experimental results compared to FCFS, DGA and HGA show encouraging results in terms of system performance and scalability and in terms of load balancing efficiency.

Internet was designed for network services without any intention for secure communication. Exponential growth of internet and its users have developed an era of global competition and rivalry. Denial of service attack by multiple nodes is capable of disturbing the services of rival servers. The attack can be for multiple reasons e. g. extortion or to beat the rivals. Peer

To protect computer systems it is important to consider the concept of CIA: confidentiality, integrity and availability.  With respect to availability, hackers continue to focus on preventing access to online services and systems by crashing a service through exploitation or by flooding services to the point that the resource is no longer accessible.  These types of denial-of-service or DoS attacks can come directly from one IP address or from a multitude of computers located in disparate locations, known as distributed denial-of-service (DDoS) attacks.  A variety of academic viewpoints have been created that focus on the detection, prevention, and mitigation of DoS attacks.  Some academic research shows potential for real-world application, while others merely advance theoretical viewpoints that cannot realistically be implemented in the current technological landscape.  In this essay, three research papers are reviewed, and each paper focuses on a novel approach to detect, prevent or mitigate availability attacks through DoS.  The resulting analysis provides perspective on the feasibility of each approach.

The network attacks are increasing both in frequency and intensity with the rapid growth of internet of things (IoT) devices. Recently, denial of service (DoS) and distributed denial of service (DDoS) attacks are reported as the most frequent attacks in IoT networks. The traditional security solutions like firewalls, intrusion detection systems, etc., are unable to detect the complex DoS and DDoS attacks since most of them filter the normal and attack traffic based upon the static predefined rules. However, these solutions can become reliable and effective when integrated with artificial intelligence (AI) based techniques. During the last few years, deep learning models especially convolutional neural networks achieved high significance due to their outstanding performance in the image processing field. The potential of these convolutional neural network (CNN) models can be used to efficiently detect the complex DoS and DDoS by converting the network traffic dataset into images. Therefore, in this work, we proposed a methodology to convert the network traffic data into image form and trained a state-of-the-art CNN model, i.e., ResNet over the converted data. The proposed methodology accomplished 99.99% accuracy for detecting the DoS and DDoS in case of binary classification. Furthermore, the proposed methodology achieved 87% average precision for recognizing eleven types of DoS and DDoS attack patterns which is 9% higher as compared to the state-of-the-art.

Among various cyber threats, a DDoS attack is one of the major Internet threats that can affect anyone and even cause tremendous financial damage to organization that uses cloud-based services, while the mitigation of this threat can be highly difficult considering the complex infrastructure that it uses to perform its malicious activities. For that purpose it’s important to think proactively rather than reactively when addressing the protection against this type of attacks. The overview of botnets and some of the countermeasures against this threat were discussed in this paper.

This is analysis of China’s “Great Cannon,” our term for an attack tool that we identify as separate from, but co-located with, the Great Firewall of China. The first known usage of the Great Cannon is in the recent large-scale novel DDoS attack on both GitHub and servers used by GreatFire.org.

Smart city brings enormous opportunities and exciting challenges. In a smart city, operations and services such as traffic, transport, electric power, and water distribution are monitored, operated, and controlled through ICT based infrastructure, smartly. This allows efficient management of resources and facilitates smooth access to services. However, it also induces stringent requirements and challenges for uninterrupted operation and execution of ICT-based monitoring and controlled infrastructure. Cybersecurity is one of the foremost challenges in a smart city network. That is, protecting the smart city application services from cyber-attacks and ensuring continuity of services is utmost desirable. As smart city services typically comprised of web based applications, application level distributed denial of service (AL-DDoS) attack is a major cybersecurity threat that can have catastrophic impact on an extremely critical smart city network. This paper presents an efficient framewo...

Cyber-deterrence has become a fashionable concept, and there has been a wealth of literature and polemic produced which seeks to simplify it, sell it as an applicable theory and fight for its insertion into national security strategies; most zealously in the United States. It is a grafting of the theory of nuclear deterrence which underpinned and ‘stabilised’ the Cold War. In the modern era of ‘new security challenges’, especially those threats posed through the cyber-domain (cyber-espionage, cyber-warfare, cyber-attacks, computer network exploits/ attacks, hacking and cyber-vandalism, theft of industrial/ state secrets, and so on) deterrence has enjoyed a renaissance.

The argument is that deterrence by punishment as a theory worked under the auspices of the Cold War - when applied to cyber-warfare and the cyber-realm it becomes unfeasible, and in practice its ability to navigate and function within the virtual terrain is restricted. Its linearity and determinism mean that the underpinning assumptions of state-centrism, US/ Western state forms of rationality, and the omniscience implicit in ‘knowing your enemy’ do not, in the cyber-realm, fit (through the plurality of actors, range of targets and space for irrational actions or vandalism or folly) and therefore, centrally, the foundations which allow the theory to operate in reality cannot gain traction or make headway. As such, the theory is stranded.

With the increased dependence of organizations on technological solutions, the cyber threats have become some of the major concerns for the very existence of the businesses. Thus, the security measures to be implemented need to go beyond a simple presence of a firewall and anti-malware. In this work, an overview of two Intrusion Detection and Prevention systems (IDPS) was performed. Namely, the architecture of Snort and Suricata IDPS engines was discussed.

Denial-of-Service (DoS) is a network security problem that constitutes a serious challenge to reliability of services deployed on the servers. The aim of DoS attacks is to exhaust a resource in the target system, reducing or completely subverting the availability of the service provided. Threat of DoS attacks has become even more severe with DDoS (Distributed Denial-of-Service) attack. It is an attempt by malicious users to carry out DoS attack indirectly with the help of many compromised computers on the Internet. Service providers are under mounting pressure to prevent, monitor and mitigate DoS/DDoS attacks directed toward their customers and their infrastructure. Defending against those types of attacks is not a trivial job, mainly due to the use of IP spoofing and the destination-based routing of the Internet, though there are many proposed methods which aim to alleviate the problem like Firewalls, Intrusion Detection Systems, Ingress filtering, IP Traceback, SYN Proxy etc. This paper discusses the efficient packet filtering technique using firewall to defend against DoS/DDoS attacks. Firewall scripts are written using command-line tool iptables in Linux to deny the suspicious traffic. Packet analyzer tool used to showcase the effectiveness of the scripts in mitigating the various kinds of DoS/DDoS attacks.

Over recent years, we have observed a significant increase in the number and the sophistication of cyber attacks targeting home users, businesses, government organizations and even critical infrastructure. In many cases, it is important to detect attacks at the very early stages, before significant damage can be caused to networks and protected systems, including accessing sensitive data. To this end, cybersecurity researchers and professionals are exploring the use of Software-Defined Networking (SDN) technology for efficient and real-time defense against cyberattacks. SDN enables network control to be logically centralised by decoupling the control plane from the data plane. This feature enables network programmability and has the potential to almost instantly block network traffic when some malicious activity is detected. In this work, we design and implement an Intrusion Detection and Prevention System (IDPS) using SDN. Our IDPS is a software-application that monitors networks and systems for malicious activities or security policy violations and takes steps to mitigate such activity. We specifically focus on defending against port-scanning and Denial of Service (DoS) attacks. However , the proposed design and detection methodology has the potential to be expanded to a wide range of other malicious activities. We have implemented and tested two connection-based techniques as part of the IDPS, namely the Credit-Based Threshold Random Walk (CB-TRW) and Rate Limiting (RL). As a mechanism to defend against port-scanning, we outline and test our Port Bingo (PB) algorithm. Furthermore, we include QoS as a DoS attack mitigation, which relies on flow-statistics from a network switch. We conducted extensive experiments in a purpose-built testbed environment. The experimental results show that the launched port-scanning and DoS attacks can be detected and stopped in real-time. Finally, the rate of false positives can be kept sufficiently low by tuning the threshold parameters of the detection algorithms.

In past decade, traditional network was used for transferring of data between nodes. The main issue related to traditional networks was their stable nature and also, they were unable to meet the requirements of newly added devices in the network. So, traditional networks are replaced by Software Defined Network (SDN). Many of the networking applications rely on network for transfer of data. SDN networks are dynamic in nature. SDN can be used to create a framework for data-intensive applications like big data etc. Now a day, security of data over the network is very crucial. Machine learning (ML) algorithms are used for classification of network data in order to detect intrusion attacks.
In this paper, a comparative analysis of machine learning algorithms is done by using different feature selection approaches. For this analysis, NSL-KDD dataset from training and testing with 41 features and 125000 samples are used. Accuracy estimation of machine learning algorithm with a particular feature selection approach can is done in order to detect anomaly over SDN.

This paper describes an approach to detecting distributed denial of service (DDoS) attacks that is based on fundamentals of Information Theory, specifically Kolmogorov Complexity. A theorem derived using principles of Kolmogorov Complexity states that the joint complexity measure of random strings is lower than the sum of the complexities of the individual strings when the strings exhibit some correlation. Furthermore, the joint complexity measure varies inversely with the amount of correlation. We propose a distributed active network-based algorithm that exploits this property to correlate arbitrary traffic flows in the network to detect possible denial-of-service attacks. One of the strengths of this algorithm is that it does not require special filtering rules and hence it can be used to detect any type of DDoS attack. We implement and investigate the performance of the algorithm in an active network. Our results show that DDoS attacks can be detected in a manner that is not sensitive to legitimate background traffic.

This intrusion detection mechanism examines the traffic in real-time environment to resolve if someone is sending malicious traffic or attacks on the cloud infrastructure. In this research work, a novel attack detection system called CMIDS (Composite Metric Intrusion Detection System) has been developed that worked in a cloud environment for detection of DDOS attacks. In this process different virtual machines (VM) are monitored individually and their related record is maintained as a profile. Various system, network, application and technology based characteristics (HTTP, CPU, Bandwidth usage, RAM etc.) of all these virtual machines are analyzed to get a confirmation of attack incidences. The composite metric is based on these characteristics. This metric is probed against successive times for normal and malignant behavior. Golden ratio search method is used to identify the outliers in any. The outcomes of series of experiments show that this IDS has high detection rate in many conditions verified against the actual ones. Simulated flood based attacks on the cloud are examined and a novel threshold based algorithm is constructed for detection of these attacks on cloud based network after conducting exhaustive survey of characteristics critical for the stability of the cloud operations.

Conventional network intrusion detection systems (NIDS) have heavyweight processing and memory requirements as they maintain per flow state using data structures such as linked lists or trees. This is required for some specialized jobs such as stateful packet inspection (SPI) where the network communications between entities are recreated in their entirety to inspect application-level data. The downside to this approach is that the NIDS must be in a position to view all inbound and outbound traffic of the protected network. The NIDS can be overwhelmed by a distributed denial of service attack since most such attacks try and exhaust the available state of network entities. For some applications, such as port scan detection, we do not need to reconstruct the complete network traffic. We propose integrating a detector into all routers so that a more distributed detection approach can be achieved. Since routers are devices with limited memory and processing capabilities, conventional NIDS approaches do not workwhile integrating a detector in them. We describe a method to detect port scans using aggregation. A data structure called a partial completion filter (PCF) or a counting Bloom filter is used to reduce the per flow state.

Convergence and ubiquity are the key characteristics of tomorrows service provision infrastructures. Cloud architectures will constitute cost-efficient backbones that will support the transmission, storage, and computing of the applications contents. These architectures can be used for business, scientific, and pervasive computing purposes. The diversity of the services delivered through cloud infrastructures increases their vulnerability to security incidents and attacks. The cost and complexity reduction requirements render the design and development of protection mechanisms even more challenging. In addition, key design features such as confidentiality, privacy, authentication, anonymity, survivability, dependability, and faulttolerance are, in some extent, conflicting. The objective of this tutorial is to present the state-of-the-art of security and explore research directions and technology trends to address the protection of cloud communications and networking infrastructures. An emphasis will be made on the collaboration of mobile devices in cloud based infrastructures. The fundamental concepts of cloud computing security will be explored, including cloud security services, cloud security principles, cloud security requirements, and testing techniques.

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6261019

Software Defined Networking (SDN) has emerged as a new networking paradigm for managing different kinds of networks ranging from enterprise to home network through software enabled control. The logically centralized control plane and programmability offers a great opportunity to improve network security, like implementing new mechanisms to detect and mitigate various threats, as well as enables deploying security as a service on the SDN controller. Due to the increasing and fast development of SDN, this paper provides an extensive survey on the application of SDN on enhancing the security of computer networks. In particular, we survey recent research studies that focus on applying SDN for network security including attack detection and mitigation, traffic monitoring and engineering, configuration and policy management, service chaining, and middlebox deployment, in addition to smart grid security. We further identify some challenges and promising future directions on SDN security, compatibility and scalability issues that should be addressed in this field.

Conventional network intrusion detection systems (NIDS) have heavyweight processing and memory requirements as they maintain per flow state using data structures such as linked lists or trees. This is required for some specialized jobs such as stateful packet inspection (SPI) where the network communications between entities are recreated in their entirety to inspect application-level data. The downside to this approach is that the NIDS must be in a position to view all inbound and outbound traffic of the protected network. The NIDS can be overwhelmed by a distributed denial of service attack since most such attacks try and exhaust the available state of network entities. For some applications, such as port scan detection, we do not need to reconstruct the complete network traffic. We propose integrating a detector into all routers so that a more distributed detection approach can be achieved. Since routers are devices with limited memory and processing capabilities, conventional NIDS approaches do not workwhile integrating a detector in them. We describe a method to detect port scans using aggregation. A data structure called a partial completion filter (PCF) or a counting Bloom filter is used to reduce the per flow state.

We describe Just Fast Keying (JFK), a new key-exchange protocol, primarily designed for use in the IP security architecture. It is simple, efficient, and secure; we sketch a proof of the latter property. JFK also has a number of novel engineering parameters that permit a variety of tradeoffs, most notably the ability to balance the need for perfect forward secrecy against susceptibility to denial-of-service attacks.

Cloud computing is not a new technology; it is a new way of delivering computing resources. Elastic cloud computing enables services to be deployed and accessed globally on demand with little maintenance by providing QoS as per service level agreement (SLA) of customer. The Cloud-based DDoS attacks or outside DDoS attacks can make ostensibly legitimate requests for a service to generate an economic Distributed Denial of Service (eDDoS) -- where the elastic nature of the cloud allows scaling of service beyond the economic means of the purveyor to pay their cloud-based service bills. Attacks mimicking legitimate users are on the climb. For cloud computing to remain attractive, the DDoS threat is to be addressed before it triggers the billing mechanism. This problem can be addressed by using reactive/on-demand in-cloud eDDoS mitigation service for mitigating the application-layer and network-layer DDOS attacks with the help of an efficient client-puzzle approach.

Denial of Service attack is one of the most talked about phenomenon in Internet security domain This attacks are meant to make a victim’s system’s resource such as network bandwidth or cpu unavailable to serve it purpose .Origin of attacks which are classified as Denial of Service dates back to 1998[1] but still this type of attack are not entirely tamed as the tools or techniques that are being used to deliver this type of attack continues to evolve with time and thus enforcing research community to continue to look for better approaches and method to counter them..In this paper I discuss in detail about the threat of Denial of service attack, the strategies that this attacks deploy and the counter strategies against them