Denial of Service Attacks Research Papers (original) (raw)

2025

Denial of Service attacks constitute one of the greatest problem in network security. Monitoring traffic is one of the main techniques used in order to find out the existence of possible outliers in the traffic patterns. In this paper, we propose an approach that detects Denial of Service attacks using Emergent Self-Organizing Maps. The approach is based on classifying "normal" traffic against "abnormal" traffic in the sense of Denial of Service attacks. The approach permits the automatic classification of events that are contained in logs and visualization of network traffic. Extensive simulations show the effectiveness of this approach compared to previously proposed approaches regarding false alarms and detection probabilities.

2025, Second IEEE Annual Conference on Pervasive Computing and Communications, 2004. Proceedings of the

Sleep deprivation attacks are a form of denial of service attack whereby an attacker renders a pervasive computing device inoperable by draining the battery more quickly than it would be drained under normal usage. We describe three main methods for an attacker to drain the battery: (1) Service request power attacks, where repeated requests are made to the victim for services, typically over a network--even if the service is not provided the victim must expend energy deciding whether or not to honor the request; (2) benign power attacks, where the victim is made to execute a valid but energy-hungry task repeatedly, and (3) malignant power attacks, where the attacker modifies or creates an executable to make the system consume more energy than it would otherwise. Our initial results demonstrate the increased power consumption due to these attacks, which we believe are the first real examples of these attacks to appear in the literature. We also propose a power-secure architecture to thwart these power attacks by employing multi-level authentication and energy signatures.

2024, Computer Networks

Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in todayÕs Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. Because of the seriousness of the problem many defense mechanisms have been proposed to combat these attacks. This paper presents a structural approach to the DDoS problem by developing a classification of DDoS attacks and DDoS defense mechanisms. Furthermore, important features of each attack and defense system category are described and advantages and disadvantages of each proposed scheme are outlined. The goal of the paper is to place some order into the existing attack and defense mechanisms, so that a better understanding of DDoS attacks can be achieved and subsequently more efficient and effective algorithms, techniques and procedures to combat these attacks may be developed.

2024

Denial of Service (DOS) attacks are an immense threat to lntemet sites and among the hardest security problems in today's Intemet. Of particular concernbecause of their potential impactare the Distributed Denial of Service (DDoS) attacks. With little or no advance warning a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. This paper presents the problem of DDoS attacks and develops a classification of DDoS defense systems. Important features of each attack and defense system category are described and advantages and disadvantages of each proposed scheme are outlined. The goal of the paper is to place some order into the existing attack and defense mechanisms, so that a better understanding of DDoS attacks can be achieved and more efficient defense mechanisms and techniques can he devised.

2024, International Journal of Computer Network and Information Security (IJCNIS)

The exponent increase in the use of online information systems triggered the demand of secure networks so that any intrusion can be detected and aborted. Intrusion detection is considered as one of the emerging research areas now days. This paper presents a machine learning based classification framework to detect the Denial of Service (DoS) attacks. The framework consists of five stages, including: 1) selection of the relevant Dataset, 2) Data pre-processing, 3) Feature Selection, 4) Detection, and 5) reflection of Results. The feature selection stage incudes the Decision Tree (DT) classifier as subset evaluator with four well known selection techniques including: Genetic Algorithm (GA), Particle Swarm Optimization (PSO), Best First (BF), and Rank Search (RS). Moreover, for detection, Decision Tree (DT) is used with bagging technique. Proposed framework is compared with 10 widely used classification techniques including Naïve Bayes (NB), Support Vector Machine (SVM), Multi-Layer Perceptron (MLP), K-Nearest Neighbor (kNN), Decision Tree (DT), Radial Basis Function (RBF), One Rule (OneR), PART, Bayesian Network (BN) and Random Tree (RT). A part of NSL-KDD dataset related to Denial of Service attack is used for experiments and performance is evaluated by using various accuracy measures including: Precision, Recall, F measure, FP rate, Accuracy, MCC, and ROC. The results reflected that the proposed framework outperformed all other classifiers.

2024, International Journal of Computer Network and Information Security (IJCNIS)

The primary benefits of Clouds are that they can elastically scale to meet variable demands and provide corresponding environments for computing. Cloud infrastructures require highest levels of protections from DDoS (Distributed Denial-of-Services). Attacks from DDoSs need to be handled as they jeopardize availability of networks. These attacks are becoming very complex and are evolving at rapid rates making it complex to counter them. Hence, this paper proposes GKDPCAs (Gaussian kernel density peak clustering techniques) and ACDBNs (Altered Convolution Deep Belief Networks) to handle these attacks. DPCAs (density peak clustering algorithms) are used to partition training sets into numerous subgroups with comparable characteristics, which help in minimizing the size of training sets and imbalances in samples. Subset of ACDBNs get trained in each subgroup where FSs (feature selections) of this work are executed using SFOs (Sun-flower Optimizations) which evaluate the integrity of reduced feature subsets. The proposed framework has superior results in its experimental findings while working with NSL-KDD and CICIDS2017 datasets. The resulting overall accuracies, recalls, precisions, and F1-scoresare better than other known classification algorithms. The framework also outperforms other IDTs (intrusion detection techniques) in terms of accuracies, detection rates, and false positive rates.

2024, Computer Networks

In this paper we present and evaluate a Radial-basis-function neural network detector for Distributed-Denial-of-Service (DDoS) attacks in public networks based on statistical features estimated in short-time window analysis of the incoming data packets. A small number of statistical descriptors were used to describe the DDoS attacks behaviour, and an accurate classification is achieved using the Radial-basis-function neural networks (RBF-NN). The proposed method is evaluated in a simulated public network and showed detection rate better than 98% of DDoS attacks using only three statistical features estimated from one window of data packets of 6 s length. The same type of experiments were carried out on a real network giving significantly better results: a 100% DDoS detection rate is achieved followed by a 0% of false alarm rate using different statistical descriptors and training conditions for the RBF-NN.

2024, Annals of Emerging Technologies in Computing

Cloud computing is a phenomenon that is changing information technology, with many companies no longer having data and resources retained within their own premises. Instead they are utilising cloud computing and its centralised resources. There are many benefits of this approach such as pay-per-use model, elasticity of operation and on demand resourcing. However, this approach also introduces additional security challenges. Security involves a triad of considerations, those being confidentiality, integrity and availability, often abbreviated to CIA. This work focusses on the last aspect of the CIA triad – availability, which is even more crucial for cloud-based platforms as centralised resources need to be provided at a distance to the end customers. Several factors including ‘denial of service’ attack impact availability. Moreover, current protection frameworks do not sufficiently consider the issues of verification, scalability and end-to-end latency. Hence, a new framework has be...

2024, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications

In an RFID-enabled supply chain, where items are outfitted with RFID tags, path authentication based on tag enables the destination checkpoints to validate the route that a tag has already accessed. In this work, we propose a novel, efficient, privacy-preserving path authentication system for RFID-enabled supply chains. Compared to existing Elliptic curve Elgamal Re-encryption (ECElgamal) based solution, our Homomorphic Message authentication Code on arithmetic circuit (HomMAC) based solution offers less memory storage (with limited scalability) and no computational requirement on the reader. However, unlike previous schemes, we allow computational ability inside the tag that consents a new privacy direction to path privacy proposed by Cai et al. in ACNS 12. In addition, we customize a polynomial-based authentication scheme (to thwart potential tag impersonation and Denial of Service (DoS) attacks), so that it fits our new path authentication protocol.

2024

The Denial of service (DoS) attack is one of the most widespread attacks that can be used to effectively bring the operation of a host/server to a standstill. One of the motives behind the DoS attack is to make the host/server unreachable to legitimate users. DoS could take one of three possible forms. First, an attacker could stop the network from transmitting the required messages to genuine users on the network. Alternatively, the network could be prompted to generate and spread messages which should not be spreading. The last and the most common form of DoS attack in recent times is an act of generating and transmitting excessive and unnecessary traffic (flooding the network) directed towards a selected network or host/server so as to stop legitimate users from gaining access or receiving the required service from the host/server. Therefore, it is essential to become aware of and mitigate or otherwise minimize the damages and losses that result from the impact of DoS attacks. Th...

2024, International journal of computer applications

Wireless sensor networks (WSNs) are growing extremely and becoming more and more attractive for a variety of application areas such as surveillance of information, industrial secrets, air pollution monitoring, area monitoring, and forest fire detection, home automation, industry monitoring, and many more. As WSN is mostly used for gathering application specific information from the surrounding environment, it is highly essential to protect the sensitive data from unauthorized access. WSNs are vulnerable to various security attacks because of broadcast nature of radio transmission. The primary weakness shared by all wireless application and technologies is the vulnerability to security attacks/threats. The performance and behaviour of a WSN are vastly affected by such attacks. In order to be able to better address the vulnerabilities of WSNs in terms of security, it is important to understand the behaviour of the attacks. This paper aims at addressing behavioral modeling of critical security attack residing in the physical layer and data link layer of wireless sensor network. UML gives the finest diagrammatic representation of any system which is best for developers. Our efforts to synchronize WSN with UML are discussed in the paper. The security attacks are modeled by using state machine diagram of Unified Modelling Language (UML). This modeling of security attacks will help programmers to develop counter measures.

2024

As the computational power used by large-scale applications increases, the amount of data they need to manipulate tends to increase as well. A wide range of such applications requires robust and flexible storage support for atomic, durable and concurrent transactions. Historically, databases have provided the de facto solution to transactional data management, but they have forced applications to drop control over data layout and access mechanisms, while remaining unable to meet the scale requirements of Big Data. More recently, key-value stores have been introduced to address these issues. However, this solution does not provide transactions, or only restricted transaction support, compelling users to carefully coordinate access to data in order to avoid race conditions, partial writes, overwrites, and other hard problems that cause erratic behaviour. We argue there is a gap between existing storage solutions and application requirements that limits the design of transaction-orient...

2024, Multimedia Tools and Applications

With the rapid growth of information and communication technologies, the number of security threats in computer networks is substantially increasing; thus, the development of more proactive security warning measures is required. In this work, we propose a new anomaly detection method that operates by decomposing TCP traffic into control and data planes, which exhibit similar behaviors in the absence of attacks. The proposed method exploits the statistics of the cross-correlation function of the two planes traffic and the constant false alarm rate (CFAR) scheme for detecting anomalies of the underlying network traffic. Both the fixed and adaptive thresholding schemes are implemented. The adaptive thresholding is setup by adjusting the value of the threshold in accordance with the local statistics of the cross-correlation function of the two planes traffic. We evaluate the performance of the proposed method by analyzing the real traffic captured from a deployed network and traffic obtained from other publicly available datasets; we focus on TCP traffic with three different aggregated count features: packet count, IP address count, and port count sequences. Although both the fixed and adaptive thresholding schemes perform well and detect the presence of a distributed denial-ofservice efficiently. The adaptive thresholding scheme is more reliable because it detects anomalies as they start.

2024, Multimedia Tools and Applications

2023, Journal of Computer Security

This work introduces the use of data fusion in the field of DDoS anomaly detection. We present Dempster-Shafer Theory of Evidence (D-S), the mathematical foundation for the development of a novel DDoS detection engine. Based on a data fusion paradigm, we combine evidence generated from multiple simple metrics to feed our D-S inference engine and detect attacks on a single network element (high bandwidth link). The main advantages of our approach are the modeling power of the Theory of Evidence in expressing beliefs in some hypotheses, its flexibility to handle uncertainty and ignorance and its ability to provide quantitative measurement of the belief and plausibility in our detection results. Furthermore we propose a system that can be trained (supervised learning) with minimum human effort, using in parallel expert knowledge about each metric detection ability. We evaluate our detection engine prototype through an extensive set of experiments on an operational network using real network traffic, with the use of a popular DDoS attack generator. Based on these results we discuss the performance of our D-S scheme in contrast to simple thresholds on single metrics, as well as against an alternative data fusion technique based on an Artificial Neural Network. We conclude that our data fusion is a promising approach that significantly increases the DDoS detection rate (true positives) while keeping the false positive alarm rate low.

2023, SECON23

Crowdsourcing technology enables complex tasks to be solved with the aid of a group of workers in the Internet of Things (IoT). On the one hand, crucial sensing data can be collected and processed to enhance smart IoT applications. On the other hand, crowdsourcing IoT (Crowd-IoT) is still facing threats due to the diverse quality of crowdsourced data, and especially the misbehavior of malicious workers. In this paper, we propose a Stochastic Bayesian Game (SBG) to address the Byzantine Altruistic Rational (BAR) based misbehavior, where workers' behavioral types can be deduced reasonably and the requestor can perform optimal actions accordingly by taking the long-term gain into consideration. To validate and evaluate the performance of the proposed model, we simulate various scenarios and conduct a comparison with other solutions. The numerical results show the effectiveness and feasibility of our proposed solution.

2023, International Journal of Internet Protocol Technology

(UTS), also a research member of Research Centre for Innovation in IT Services and Applications (iNEXT). His primary research interests include Computer and Network Security and on Pattern Recognition techniques for efficient Network... more

2023

The popularity of using internet contains some risks of network attacks. It has attracted the attention of many researchers to overcome this problem. One of the effective ways that plays an important role to achieve higher security and protect networks against attacks is the use of intrusion detection systems. Intrusion detection systems are defined as security techniques that tend to detect individuals who are trying to sneak into a system without authorization. However, one technical challenge in intrusion detection systems is high rate of false positive alarms which affect their performance. To solve this problem, we propose an effective method, which can accurately find the correlation between network records. In this work, we compare the results using a linear measure and a nonlinear measure based on correlation coefficient and mutual information. Experiments on KDD Cup 99 data set show that our proposed method using the nonlinear correlation measure can not only reduce the rate of false alarms but also efficiently distinguish normal and abnormal behaviors, and provide higher detection and accuracy rate then using the linear correlation measure.

2023, International Journal of Internet Protocol Technology

2023, Journal of Statistics and Management Systems

In Wireless Local Area Network (WLAN) IEEE802.11, during the connection establishment four way handshake approaches is used for authentication. 4-way handshake approach, thought has been worked upon by many researchers, but this approach has some inadequacies like Denial of Service (DoS), Memory Exhaustion (ME), Distributed Denial of Service (DDoS) and flooding attacks. A solution for aforementioned vulnerabilities is proposed in this work. The proposed work is an enhancement in 4-way handshake process for more robust authentication process. This is done by encryption of message-1 by using effective encryption techniques; message-2 and message-3 will be secured by a cookie packet, encrypted by secret key. The proposed 4-way handshake process is an improvement over the existing 4-way handshake used in IEEE802.11i. To show effectiveness and correctness, various simulations are performed and also compared with existing 4-way handshake technique.

2023

We consider the local broadcasting problem in the SINR model, which is a basic primitive for gathering initial information among n wireless nodes. Assuming that nodes can measure received power, we achieve an essentially optimal constant approximate algorithm (with a log 2 n additive term). This improves upon the previous best O(log n)-approximate algorithm. Without power measurement, our algorithm achieves O(log n)-approximation, matching the previous best result, but with a simpler approach that works under harsher conditions, such as arbitrary node failures. We give complementary lower bounds under reasonable assumptions.

2023

Given n wireless transceivers located in a plane, a fundamental problem in wireless communications is to construct a strongly connected digraph on them such that the constituent links can be scheduled in fewest possible time slots, assuming the SINR model of interference. In this paper, we provide an algorithm that connects an arbitrary point set in O(log n) slots, improving on the previous best bound of O(log 2 n) due to Moscibroda. This is complemented with a super-constant lower bound on our approach to connectivity. An important feature is that the algorithms allow for bi-directional (half-duplex) communication. One implication of this result is an improved bound of Ω(1/ log n) on the worst-case capacity of wireless networks, matching the best bound known for the extensively studied average-case. We explore the utility of oblivious power assignments, and show that essentially all such assignments result in a worst case bound of Ω(n) slots for connectivity. This rules out a recent claim of a O(log n) bound using oblivious power. On the other hand, using our result we show that O(min(log ∆, log n • (log n + log log ∆))) slots suffice, where ∆ is the ratio between the largest and the smallest links in a minimum spanning tree of the points. Our results extend to the related problem of minimum latency aggregation scheduling, where we show that aggregation scheduling with O(log n) latency is possible, improving upon the previous best known latency of O(log 3 n). We also initiate the study of network design problems in the SINR model beyond strong connectivity, obtaining similar bounds for biconnected and k-edge connected structures.

2023

Rapid development of sensor technology has led to applications ranging from academic to military in a short time span. These tiny sensors are deployed in environments where security for data or hardware cannot be guaranteed. Due to resource constraints, traditional security schemes cannot be directly applied. Unfortunately, due to minimal or no communication security schemes, the data, link and the sensor node can be easily tampered by intruder attacks. This dissertation presents a security framework applied to a sensor network that can be managed by a cohesive sensor manager. A simple framework that can support security based on situation assessment is best suited for chaotic and harsh environments. The objective of this research is designing an evolutionary algorithm with controllable parameters to solve existing and new security threats in a heterogeneous communication network. An in-depth analysis of the different threats and the security measures applied considering the resource constrained network is explored. Any framework works best, if the correlated or orthogonal performance parameters are carefully considered based on system goals and functions. Hence, a trade-off between the different performance parameters based on weights from partially ordered sets is applied to satisfy application specific requirements and security measures. The proposed novel framework controls heterogeneous sensor network requirements, and balance the resources optimally and efficiently while communicating securely using a multi-objection function. In addition, the framework can measure the affect of single or combined denial of service attacks and also predict new attacks under both cooperative and non-cooperative sensor nodes. The cognitive intuition of the framework is evaluated under different simulated real time scenarios such as Health-care monitoring, Emergency Responder, VANET, Biometric security access system, and Battlefield monitoring. The proposed three-tiered Cognitive Security Framework is capable of performing situation assessment and performs the appropriate security measures to maintain reliability and security of the system. The first tier of the proposed framework, a crosslayer cognitive security protocol defends the communication link between nodes during

2023, IEEE Pervasive Computing

This survey of denial-of-service threats and countermeasures considers wireless sensor platforms' resource constraints as well as the denial-ofsleep attack, which targets a battery-powered device's energy supply.

2023, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications

2023

Les attaques cybernetiques causent une perte importante non seulement pour les utilisateurs finaux, mais aussi pour les fournisseurs de services Internet (FAI). Recemment, les clients des FAI ont ete la cible numero un de cyber-attaques telles que les attaques par deni de service distribue (DDoS). Ces attaques sont favorisees par la disponibilite generalisee outils pour lancer les attaques. Il y a donc un besoin crucial de contrer ces attaques par des mecanismes de defense efficaces. Les chercheurs ont consacre d’enormes efforts a la protection du reseau contre les cyber-attaques. Les methodes de defense contiennent d’abord un processus de detection, complete par l’attenuation. Le manque d’automatisation dans tout le cycle de detection a l’attenuation augmente les degâts causes par les cyber-attaques. Cela provoque des configurations manuelles de peripheriques l’administrateur pour attenuer les attaques affectent la disponibilite du reseau. Par consequent, il est necessaire de compl...

2023, Journal of Parallel and Distributed Computing

The Denial-of-Service (DoS) attack remains a challenging problem in the current Internet. In a DoS defense mechanism, a honeypot acts as a decoy within a pool of servers, whereby any packet received by the honeypot is most likely an attack packet. We have previously proposed the roaming honeypots scheme to enhance this mechanism by camouflaging the honeypots within the server pool, thereby making their locations highly unpredictable. In roaming honeypots, each server acts as a honeypot for some periods of time, or honeypot epochs, the duration of which is determined by a pseudo-random schedule shared among servers and legitimate clients. In this paper, we propose a honeypot backpropagation scheme to trace back attack sources when attacks occur. Based on this scheme, the reception of a packet by a roaming honeypot triggers the activation of a DAG of honeypot sessions rooted at the honeypot under attack towards attack sources. The formation of this tree is achieved in a hierarchical fashion: first at the Autonomous system (AS) level and then at the router level within an AS if needed. The proposed scheme supports incremental deployment and provides deployment incentives for ISPs. Through ns-2 simulations, we show how the proposed scheme enhances the performance of a vanilla Pushback defense by obtaining accurate attack signatures and acting promptly once an attack is detected.

2023

ABSTRACT The main goal of the internet is to provide a continuous and consistent connection between servers and hosts on the enlarged super-network so as to be able to provide services to a requesting client whenever required. Distributed... more

2023

MAC layer is mainly responsible for channel sharing and acquisition among different nodes. In wireless sensor networks, while designing MAC protocols, factors that are kept in mind are energy efficiency and reliability. An important factor that has been missed out by these protocols is priority. An attempt is made to show the importance of priority factor in sensor network environment and based on that a new back off algorithm for channel acquisition based on priority is discussed.

2023, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium

The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators and information security researchers. Existing intrusion detection approaches require either manual coding of new attacks in expert systems or the complete retraining of a neural network to improve analysis or learn new attacks. This paper presents a new approach to applying adaptive neural networks to intrusion detection that is capable of autonomously learning new attacks rapidly by a modified reinforcement learning method that uses feedback from the protected system.

2023, Annals of General Psychiatry

Background: Bed rest has been part of treatment of severe anorexia nervosa in hospitals both in the UK and internationally. It is commonly used on medical and paediatric wards and both the adult and Junior MARSIPAN [1] guidelines recommend bed rest as part of nursing management of the physically compromised patient. However, recently there has been increasing awareness of the negative effect of bed rest in other patient populations. The aim of this study was to review the evidence base of using bed rest as an intervention in the management of severe anorexia nervosa. Methods: We searched on HDAS NICE website the following data bases: Medline, Pubmed, Embase, PsychInfo, Cinahl, Hmic, Amed, HBE, BNI including title and abstract for the following search terms: bed rest, anorexia nervosa, randomized controlled trial. Results: 21,591 papers included the search term 'bed rest' and 56,131 'anorexia nervosa'. After exclusion of duplicates, only 17 papers included both topics. There were no randomised controlled trials. Negative physical consequences were described in a number of studies, and included lower heart rate, venous thrombosis, impaired bone turn over and increased risk of infection. Several papers showed that patients have a strong preference for less restrictive approaches. These are also less intensive in nursing time. Conclusions: The evidence to support the use of bed rest in the management of hospitalised patients with severe anorexia nervosa is extremely limited. The risks associated with bed rest are significant, and include both physical and psychological harm. Given the clear risk of harm, it is difficult to recommend a randomised controlled trial on the subject, and the practice is best avoided altogether. Risks associated with initial refeeding can be managed in less restrictive manner.

2023

The Internet is constantly under serious threat from distributed denial of service (DDoS) attacks. In order to overload victim resources, modern DDoS attacks are moving up to the application layer by masquerading as valid HTTP requests, a technique that was previously only used in the lower tiers. When such attacks happen during the flash crowd event of a major website, it could be disastrous. For the purpose of spotting these novel DDoS attacks, a technique based on document popularity is presented. To represent the temporal and geographical dynamics of a typical flash mob, the concept of a "Access Matrix" is introduced. To simplify the n-dimensional Access Matrix, principal component analysis and independent component analysis are used. It is proposed that the dynamics of the Access Matrix be described using a hidden semi-Markovmodel, and that an innovative anomaly detector based on this model be used to detect attacks. Potential applicationlayer DDoS attacks are identified using the entropy of document popularity after fitting the model. Real-world Web traffic data is used to get numerical figures that prove the proposed strategy works.

2023, Proceedings of the 8th International Workshop on Foundations of Mobile Computing

2023, Lecture Notes in Computer Science

Given a set of wireless links, a fundamental problem is to find the largest subset that can transmit simultaneously, within the SINR model of interference. Significant progress on this problem has been made in recent years. In this note, we study the problem in the setting where we are given a fixed set of arbitrary powers each sender must use, and an arbitrary gain matrix defining how signals fade. This variation of the problem appears immune to most algorithmic approaches studied in the literature. Indeed it is very hard to approximate since it generalizes the max independent set problem. Here, we propose a simple semi-definite programming approach to the problem that yields constant factor approximation, if the optimal solution is strictly larger than half of the input size.

2023, Third International Symposium on Information Assurance and Security

Denial of Service(DoS) attacks are ubiquitous to computer networks. Flood based attacks are a common class of DoS attacks. DoS detection mechanisms that aim at detecting floods mainly look for sudden changes in the traffic and mark them anomalous. In this paper, we propose a method that considers the traffic in a network as a time-series and smoothens it using exponential moving average and analyzes the smoothened wave using energy distribution based on wavelet analysis. The parameters we used to represent the traffic are number of bytes received per unit time and the proportion between incoming and outgoing bytes. By analyzing the energy distribution in the wavelet form of a smoothened time-series, growth in the traffic, which is the result of a DoS attack can be detected very early. As the parameters we considered represent different properties of the network, the accuracy of the detection will be very high and with less false positives.

2023, 2011 IEEE International Conference on Web Services

The interoperable and loosely-coupled web services architecture, while beneficial, can be resource-intensive, and is thus susceptible to denial of service (DoS) attacks in which an attacker can use a relatively insignificant amount of resources to exhaust the computational resources of a web service. We investigate the effectiveness of defending web services from DoS attacks using client puzzles, a cryptographic countermeasure which provides a form of gradual authentication by requiring the client to solve some computationally difficult problems before access is granted. In particular, we describe a mechanism for integrating a hash-based puzzle into existing web services frameworks and analyze the effectiveness of the countermeasure using a variety of scenarios on a network testbed. Client puzzles are an effective defence against flooding attacks. They can also mitigate certain types of semantic-based attacks, although they may not be the optimal solution.

2023, Dogo Rangsang Research Journal

2023, IEEE/CAA Journal of Automatica Sinica

This letter puts forward a secure feedback control scheme to bipartite tracking consensus for a set of generic linear autonomous agents subject to aperiodic and unknown denial-of-service (DoS) attacks. In contrast to the DoS attack model that disables all transmission channels simultaneously, we are concerned with a general DoS attack model with independent attacks over each transmission channel. Such malicious attacks not only destroy the connectivity of underlying network, but also induce the dynamic transmission of reachable information. A time-varying error system is built upon the proposed distributed controller and the designed feedback matrix. A sufficient condition in terms of the frequency and duration of DoS attacks is developed with the assistance of some techniques from graph theory and non-negative matrix theory such that the state error is guaranteed to asymptotically approach zero. In particular, our results are proved to be applicable for a class of multiagent systems (MASs) with the strictly unstable system matrix.

2023

As the time is passing on, the effect of DDoS attacks on Internet security is growing tremendously. Within a very little span there is a huge increase in the size and frequency of DDoS attacks. With the new technologies and new techniques, the attackers are finding more sophisticated ways to attack the servers. In this situation, it is necessary to come up with various mechanisms to detect and defend these DDoS attacks and protect the servers from the attackers. Many researches have been carried out to detect the DDoS attack traffic in transport layer, which is more vulnerable to DDoS attacks. DDoS attacks are more common in transport layer. Coming to application layer, they incur huge loss and it is very difficult to mitigate DDoS attacks even under the presence of strong firewalls and Intrusion Prevention Security. Researches are being conducted to mitigate application layer DDoS attacks. This Research contains a discussion of various types of DDoS attacks, their detection, and de...

2022, IEEE Transactions on Network and Service Management

We propose and analyze a trust management protocol in service-oriented mobile ad hoc networks (MANETs) populated with service providers (SPs) and service requesters (SRs), and demonstrate the resiliency and convergence properties against bad-mouthing, ballotstuffing, opportunistic service, and self-promotion attacks. To demonstrate the applicability, we consider a missiondriven service-oriented MANET that must handle dynamically arriving tasks to achieve multiple conflicting objectives. We devise a trust-based heuristic algorithm based on auctioning with local knowledge of node status to solve this node-to-task assignment problem with multiobjective optimization (MOO) requirements. Our trustbased heuristic algorithm has a polynomial runtime complexity, rather than an exponential runtime complexity as in existing work, thus allowing dynamic node-to-task assignment to be performed at runtime. It outperforms a non-trust-based counterpart using blacklisting techniques while performing close to the ideal solution quality with perfect knowledge of node status over a wide range of environmental conditions. We conduct extensive sensitivity analysis of the results with respect to key design parameters and alternative trust protocol designs. We also develop a table-lookup method to apply the best trust protocol parameter settings upon detection of dynamically changing environmental conditions to maximize MOO performance.

2022, Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning

The number of cyber threats against both wired and wireless computer systems and other components of the Internet of Things continues to increase annually. In this work, an algorithm selection framework is employed on the NSL-KDD data set and a novel paradigm of machine learning taxonomy is presented. The framework uses a combination of user input and meta-features to select the best algorithm to detect cyber attacks on a network. Performance is compared between a rule-of-thumb strategy and a meta-learning strategy. The framework removes the conjecture of the common trial-and-error algorithm selection method. The framework recommends five algorithms from the taxonomy. Both strategies recommend a high-performing algorithm, though not the best performing. The work demonstrates the close connectedness between algorithm selection and the taxonomy for which it is premised. CCS CONCEPTS • Networks → Packet classification; • Security and privacy → Mobile and wireless security; Denial-of-service attacks.

2022

Mobile Ad hoc Network is one of the kind of wireless networks which utilizes multi-hop radio relaying and it has no infrastructure Network because of its capability of operating without any support of fixed infrastructure or without any centralized administration. MANET has no clear line to prevent so both legitimate network users and malicious attackers can access it. There are major challenges in MANET in case of malicious nodes, it is to designs the robust security solution which helps to prevent MANET from various DDOS attacks.Security plays a vital role in mobile ad hoc network (MANET) because of its applications like disasterrecovery or battlefield networks. MANETs are more vulnerable as compared to wired networks because lacking of a trusted centralized authority and limited resources.The main objective of this survey is comparative study of various kinds of DDOS attacks and various detection methods as well as defense mehanisms like Disable IP broadcast detection technique, ...

2022, 2007 3rd International Conference on Testbeds and Research Infrastructure for the Development of Networks and Communities

While the DETER testbed provides a safe environment and basic tools for security experimentation, researchers face a significant challenge in assembling the testbed pieces and tools into realistic and complete experimental scenarios. In this paper, we describe our work on developing a set of sampled and comprehensive benchmark scenarios, and a workbench for experiments involving denial-of-service (DoS) attacks. The benchmark scenarios are developed by sampling features of attacks, legitimate traffic and topologies from the real Internet. We have also developed a measure of DoS impact on network services to evaluate the severity of an attack and the effectiveness of a proposed defense. The benchmarks are integrated with the testbed via the experimenter's workbench -a collection of traffic generation tools, topology and defense library, experiment control scripts and a graphical user interface. Benchmark scenarios provide inputs to the workbench, bypassing the user's selection of topology and traffic settings, and leaving her only with the task of selecting a defense, its configuration and deployment points. Jointly, the benchmarks and the experimenter's workbench provide an easy, point-and-click environment for DoS experimentation and defense testing. 1 This material is based on research sponsored by the Department of Homeland Security under agreement number FA8750-05-2-0197. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Department of Homeland Security or the U.S. Government.

2022, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '03

Launching a denial of service (DoS) attack is trivial, but detection and response is a painfully slow and often a manual process. Automatic classification of attacks as single-or multi-source can help focus a response, but current packet-header-based approaches are susceptible to spoofing. This paper introduces a framework for classifying DoS attacks based on header content, transient ramp-up behavior and novel techniques such as spectral analysis. Although headers are easily forged, we show that characteristics of attack ramp-up and attack spectrum are more difficult to spoof. To evaluate our framework we monitored access links of a regional ISP detecting 80 live attacks. Header analysis identified the number of attackers in 67 attacks, while the remaining 13 attacks were classified based on ramp-up and spectral analysis. We validate our results through monitoring at a second site, controlled experiments, and simulation. We use experiments and simulation to understand the underlying reasons for the characteristics observed. In addition to helping understand attack dynamics, classification mechanisms such as ours are important for the development of realistic models of DoS traffic, can be packaged as an automated tool to aid in rapid response to attacks, and can also be used to estimate the level of DoS activity on the Internet.

2022

2022, 2013 IEEE International Conference on Technologies for Homeland Security (HST)

In this paper we present tools and methods to integrate attack measurements from the Internet with controlled experimentation on a network testbed. We show that this approach provides greater fidelity than synthetic models. We compare the statistical properties of real-world attacks with synthetically generated constant bit rate attacks on the testbed. Our results indicate that trace replay provides fine timescale details that may be absent in constant bit rate attacks. Additionally, we demonstrate the effectiveness of our approach to study new and emerging attacks. We replay an Internet attack captured by the LAN-DER system on the DETERLab testbed within two hours.

2022, Journal of Statistics and Management Systems

2022

In this presentation we show our ongoing work to develop a testbed --based on software and commodity hardware-- to research on flooding attacks against DNS infrastructure. We have currently developed two prototype components: a flooding DNS query generator, able to saturate 10GbE links with 11Mrps, and an online detector of overabundant queried domains at reception. Relying on DPDK and libmoon (a LuaJIT framework for DPDK), these two tools run on commodity hardware, while optimizing the number of packets that we can handle at transmission and reception. Both generation and reception tools run Lua scripts, achieving a high level of flexibility. In this presentation we show some lessons we are learning, we compare the generator against other available tools, and present some unexpected results. For example, how a slower software query generator has a stronger impact on a Bind server than our current flooding tool (650Krps versus 10Mrps). We also describe how we count the number of que...

2022, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.

This paper presents NetViewer, a network measurement approach that can simultaneously detect, identify and visualize attacks and anomalous traffic in real-time by passively monitoring packet headers. We propose to represent samples of network packet header data as frames or images. With such a formulation, a series of samples can be seen as a sequence of frames or video. This enables techniques from image processing and video compression to be applied to the packet header data to reveal interesting properties of traffic. We show that "scene change analysis" can reveal sudden changes in traffic behavior or anomalies. We also show that "motion prediction" techniques can be employed to understand the patterns of some of the attacks. We show that it may be feasible to represent multiple pieces of data as different colors of an image enabling a uniform treatment of multidimensional packet header data. We compare NetViewer with classical detection theory based Neyman-Pearson test and an IDS tool.