scholarly journals An Adaptive Protection of Flooding Attacks Model for Complex Network Environments

2021 ◽  
Vol 2021 ◽  
pp. 1-17
Author(s):  
Bashar Ahmad Khalaf ◽  
Salama A. Mostafa ◽  
Aida Mustapha ◽  
Mazin Abed Mohammed ◽  
Moamin A. Mahmoud ◽  
...  
Keyword(s):  
Denial Of Service ◽  
Attack Behavior ◽  
Ddos Attacks ◽  
Ip Address ◽  
Agent Based ◽  
Ddos Attack ◽  
Adaptive Protection ◽  
Adaptive Agent ◽  
Processing Power ◽  
Flooding Attacks

Currently, online organizational resources and assets are potential targets of several types of attack, the most common being flooding attacks. We consider the Distributed Denial of Service (DDoS) as the most dangerous type of flooding attack that could target those resources. The DDoS attack consumes network available resources such as bandwidth, processing power, and memory, thereby limiting or withholding accessibility to users. The Flash Crowd (FC) is quite similar to the DDoS attack whereby many legitimate users concurrently access a particular service, the number of which results in the denial of service. Researchers have proposed many different models to eliminate the risk of DDoS attacks, but only few efforts have been made to differentiate it from FC flooding as FC flooding also causes the denial of service and usually misleads the detection of the DDoS attacks. In this paper, an adaptive agent-based model, known as an Adaptive Protection of Flooding Attacks (APFA) model, is proposed to protect the Network Application Layer (NAL) against DDoS flooding attacks and FC flooding traffics. The APFA model, with the aid of an adaptive analyst agent, distinguishes between DDoS and FC abnormal traffics. It then separates DDoS botnet from Demons and Zombies to apply suitable attack handling methodology. There are three parameters on which the agent relies, normal traffic intensity, traffic attack behavior, and IP address history log, to decide on the operation of two traffic filters. We test and evaluate the APFA model via a simulation system using CIDDS as a standard dataset. The model successfully adapts to the simulated attack scenarios’ changes and determines 303,024 request conditions for the tested 135,583 IP addresses. It achieves an accuracy of 0.9964, a precision of 0.9962, and a sensitivity of 0.9996, and outperforms three tested similar models. In addition, the APFA model contributes to identifying and handling the actual trigger of DDoS attack and differentiates it from FC flooding, which is rarely implemented in one model.

Security Integration in DDoS Attack Mitigation Using Access Control Lists

2018 ◽  
Vol 9 (1) ◽  
pp. 56-76 ◽  
Author(s):  
Sumit Kumar Yadav ◽  
Kavita Sharma ◽  
Arushi Arora
Keyword(s):  
Access Control ◽  
Ddos Attacks ◽  
Fixed Amount ◽  
Internet Service ◽  
Ip Address ◽  
Ddos Attack ◽  
Simulated Environment ◽  
Processing Power ◽  
Main Challenge ◽  
Attack Mitigation

In this article, the authors propose a DDoS mitigation system through access list-based configurations, which are deployed at the ISP (Internet Service Provider's) edge routers to prohibit DDoS attacks over ISPs' networks traffic. The effectiveness of the proposed system relies heavily on the willingness of ISPs in implementing the system. Once each ISP implements the system, most attacks can easily be stopped close to their point of origin. The main challenge is to implement such a system with the fixed amount of memory and available processing power with routers. A coordinated effort by participating ISPs filters out attacks close to their source, reducing the load on other routers. The suspicious traffic is first filtered out based on their source IP address. The authors also implemented the WRED algorithm for their case and conduct GNS3 experiments in a simulated environment.

Security Integration in DDoS Attack Mitigation Using Access Control Lists

2021 ◽  
pp. 207-229
Author(s):  
Sumit Kumar Yadav ◽  
Kavita Sharma ◽  
Arushi Arora
Keyword(s):  
Access Control ◽  
Ddos Attacks ◽  
Fixed Amount ◽  
Internet Service ◽  
Ip Address ◽  
Ddos Attack ◽  
Simulated Environment ◽  
Processing Power ◽  
Main Challenge ◽  
Attack Mitigation

In this article, the authors propose a DDoS mitigation system through access list-based configurations, which are deployed at the ISP (Internet Service Provider's) edge routers to prohibit DDoS attacks over ISPs' networks traffic. The effectiveness of the proposed system relies heavily on the willingness of ISPs in implementing the system. Once each ISP implements the system, most attacks can easily be stopped close to their point of origin. The main challenge is to implement such a system with the fixed amount of memory and available processing power with routers. A coordinated effort by participating ISPs filters out attacks close to their source, reducing the load on other routers. The suspicious traffic is first filtered out based on their source IP address. The authors also implemented the WRED algorithm for their case and conduct GNS3 experiments in a simulated environment.

scholarly journals Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis

2013 ◽  
Vol 2013 ◽  
pp. 1-6 ◽  
Author(s):  
Tongguang Ni ◽  
Xiaoqing Gu ◽  
Hongyuan Wang ◽  
Yu Li
Keyword(s):  
Time Series ◽  
Denial Of Service ◽  
Support Vector ◽  
Svm Classifier ◽  
Ddos Attacks ◽  
Application Layer ◽  
Ip Address ◽  
Detection Systems ◽  
Ddos Attack ◽  
Novel Approach

Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.

scholarly journals Impact of Defending Strategy Decision on DDoS Attack

Complexity ◽  
2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Chunming Zhang
Keyword(s):  
Denial Of Service ◽  
Logistic Function ◽  
Parameter Analysis ◽  
Attack Behavior ◽  
Strategy Selection ◽  
Ddos Attacks ◽  
Effective Strategies ◽  
Ddos Attack ◽  
Existence And Stability ◽  
The Impact

Distributed denial-of-service (DDoS) attack is a serious threat to cybersecurity. Many strategies used to defend against DDoS attacks have been proposed recently. To study the impact of defense strategy selection on DDoS attack behavior, the current study uses logistic function as basis to propose a dynamic model of DDoS attacks with defending strategy decisions. Thereafter, the attacked threshold of this model is calculated. The existence and stability of attack-free and attacked equilibria are proved. Lastly, some effective strategies to mitigate DDoS attacks are suggested through parameter analysis.

scholarly journals Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

2018 ◽  
Vol 2018 ◽  
pp. 1-19 ◽  
Author(s):  
Jieren Cheng ◽  
Chen Zhang ◽  
Xiangyan Tang ◽  
Victor S. Sheng ◽  
Zhe Dong ◽  
...  
Keyword(s):  
Detection Method ◽  
Denial Of Service ◽  
Multiple Kernel Learning ◽  
Attack Detection ◽  
Kernel Learning ◽  
Economic Losses ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Multiple Kernel ◽  
Ddos Attack Detection

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

scholarly journals Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

2017 ◽  
Vol 7 (1.1) ◽  
pp. 230
Author(s):  
C. Vasan Sai Krishna ◽  
Y. Bhuvana ◽  
P. Pavan Kumar ◽  
R. Murugan
Keyword(s):  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attack ◽  
Computing Power ◽  
Server Side ◽  
Ddos Attack ◽  
Client Machine ◽  
Client Side

In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.

Cluster-Based Countermeasures for DDoS Attacks

2016 ◽  
pp. 206-227
Author(s):  
Mohammad Jabed Morshed Chowdhury ◽  
Dileep Kumar G
Keyword(s):  
Unsupervised Learning ◽  
Network Traffic ◽  
Denial Of Service ◽  
Security Threats ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Real Progress ◽  
Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

Defending against Distributed Denial of Service

2011 ◽  
pp. 121-129
Author(s):  
Yang Xiang ◽  
Wanlei Zhou
Keyword(s):  
Web Sites ◽  
Credit Card ◽  
Denial Of Service ◽  
Online Gambling ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Web Traffic ◽  
Internet Applications ◽  
Ddos Attack ◽  
Interactive Advertising

Recently the notorious Distributed Denial of Service (DDoS) attacks made people aware of the importance of providing available data and services securely to users. A DDoS attack is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resource (CERT, 2006). For example, in February 2000, many Web sites such as Yahoo, Amazon.com, eBuy, CNN.com, Buy. com, ZDNet, E*Trade, and Excite.com were all subject to total or regional outages by DDoS attacks. In 2002, a massive DDoS attack briefly interrupted Web traffic on nine of the 13 DNS “root” servers that control the Internet (Naraine, 2002). In 2004, a number of DDoS attacks assaulted the credit card processor Authorize. net, the Web infrastructure provider Akamai Systems, the interactive advertising company DoubleClick (left that company’s servers temporarily unable to deliver ads to thousands of popular Web sites), and many online gambling sites (Arnfield, 2004). Nowadays, Internet applications face serious security problems caused by DDoS attacks. For example, according to CERT/CC Statistics 1998-2005 (CERT, 2006), computer-based vulnerabilities reported have increased exponentially since 1998. Effective approaches to defeat DDoS attacks are desperately demanded (Cisco, 2001; Gibson, 2002).

scholarly journals Detecting DDoS Attacks Using Polyscale Analysis and Deep Learning

2020 ◽  
Vol 14 (1) ◽  
pp. 17-34
Author(s):  
Maryam Ghanbari ◽  
Witold Kinsner
Keyword(s):  
Smart Grid ◽  
Input Data ◽  
Denial Of Service ◽  
Support Vector ◽  
Discrete Wavelet ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Infrastructure Services ◽  
Distinguishing Features

Distributed denial-of-service (DDoS) attacks are serious threats to the availability of a smart grid infrastructure services because they can cause massive blackouts. This study describes an anomaly detection method for improving the detection rate of a DDoS attack in a smart grid. This improvement was achieved by increasing the classification of the training and testing phases in a convolutional neural network (CNN). A full version of the variance fractal dimension trajectory (VFDTv2) was used to extract inherent features from the stochastic fractal input data. A discrete wavelet transform (DWT) was applied to the input data and the VFDTv2 to extract significant distinguishing features during data pre-processing. A support vector machine (SVM) was used for data post-processing. The implementation detected the DDoS attack with 87.35% accuracy.

scholarly journals A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors

2019 ◽  
Vol 9 (21) ◽  
pp. 4633 ◽  
Author(s):  
Jian Zhang ◽  
Qidi Liang ◽  
Rui Jiang ◽  
Xi Li
Keyword(s):  
Success Rate ◽  
Denial Of Service ◽  
Detection Algorithm ◽  
Feature Analysis ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Detection Capability ◽  
Ddos Attack ◽  
Attack Mitigation ◽  
Multiple Attack

In recent years, distributed denial of service (DDoS) attacks have increasingly shown the trend of multiattack vector composites, which has significantly improved the concealment and success rate of DDoS attacks. Therefore, improving the ubiquitous detection capability of DDoS attacks and accurately and quickly identifying DDoS attack traffic play an important role in later attack mitigation. This paper proposes a method to efficiently detect and identify multivector DDoS attacks. The detection algorithm is applicable to known and unknown DDoS attacks.

Sign in / Sign up

Export Citation Format

Share Document