AEGIS: An Active-Network-Powered Defense Mechanism against DDoS Attacks

Distributed Denial of Service (DDoS) remains a big concern in Cybersecurity. DDoS attacks are implemented to prevent legitimate users from getting access to services. The attackers make use of multiple hosts that have been compromised (i.e., Botnets) to organize a large-scale attack on targets. Developing an effective defensive mechanism against existing and potential DDoS attacks remains a strong desire in the cybersecurity research community. However, development of effective mechanisms or solutions require adequate evaluation of existing defense mechanism and a critical analysis of how these methods have been implemented in preventing, detecting, and responding to DDoS attacks. This paper adopted a systematic review method to critically analyze the existing mechanisms. The review of existing literature helped classify the defense mechanism into four categories: source-based, core-router, victim-based, and distributed systems. A qualitative analysis was used to exhaustively evaluate these defense mechanisms and determine their respective effectiveness. The effectiveness of the defense mechanisms was evaluated on six key parameters: coverage, implementation, deployment, detection accuracy, response mechanism, and robustness. The comparative analysis reviewed the shortcomings and benefits of each mechanism. The evaluation determined that victim-based defense mechanisms have a high detection accuracy but is associated with massive collateral as the detection happens when it is too late to protect the system. On the other hand, whereas stopping an attack from the source-end is ideal, detection accuracy at this point is too low as it is hard to differentiate legitimate and malicious traffic. The effectiveness of the core-based defense systems is not ideal because the routers do not have enough CPU cycles and memory to profile the traffic. Distributed defense mechanisms are effective as components can be spread out across the three locations in a way that takes advantage of each location. The paper also established that the rate-limiting response mechanism is more effective than packet filtering method because it does not restrict legitimate traffic. The analysis revealed that there is no single defense mechanism that offers complete protection against DDoS attacks but concludes that the best defense mechanism is the use of distributed defense because it ensures that defense components are placed on all locations.

Get full-text (via PubEx)

Implementation of a PSO-Based Security Defense Mechanism for Tracing the Sources of DDoS Attacks

Computers ◽

10.3390/computers8040088 ◽

2019 ◽

Vol 8 (4) ◽

pp. 88

Author(s):

Hsiao-Chung Lin ◽

Ping Wang ◽

Wen-Hui Lin

Keyword(s):

Defense Mechanism ◽

Detection System ◽

Denial Of Service ◽

Packet Routing ◽

Distributed Network ◽

Ddos Attacks ◽

Ip Traceback ◽

Modified Particle Swarm Optimization ◽

Network Intrusion ◽

Management Techniques

Most existing approaches for solving the distributed denial-of-service (DDoS) problem focus on specific security mechanisms, for example, network intrusion detection system (NIDS) detection and firewall configuration, rather than on the packet routing approaches to defend DDoS threats by new flow management techniques. To defend against DDoS attacks, the present study proposes a modified particle swarm optimization (PSO) scheme based on an IP traceback (IPTBK) technique, designated as PSO-IPTBK, to solve the IP traceback problem. Specifically, this work focuses on analyzing the detection of DDoS attacks to predict the possible attack routes in a distributed network. In the proposed approach, the PSO-IPTBK identifies the source of DDoS attacks by reconstructing the probable attack routes from collected network packets. The performance of the PSO-IPTBK algorithm in reconstructing the attack route was investigated through a series of simulations using OMNeT++ 5.5.1 and the INET 4 Framework. The results show that the proposed scheme can determine the most possible route between the attackers and the victim to defend DDoS attacks.

Get full-text (via PubEx)

Performance analysis of Cluster-based DDoS Defense System with different Reactive Routing Protocols

International Journal of Sensors Wireless Communications and Control ◽

10.2174/2210327910666191227125250 ◽

2019 ◽

Vol 10 ◽

Author(s):

Deepa Nehra ◽

Kanwalvir Singh Dhindsa ◽

Bharat Bhushan

Keyword(s):

Routing Protocols ◽

Defense Mechanism ◽

Attack Detection ◽

Delivery Ratio ◽

Ddos Attacks ◽

Defense System ◽

Ddos Attack ◽

Cluster Heads ◽

Reactive Routing ◽

Better Than

Background & Objective: DDoS attack poses a huge threat to communication and security of mobile nodes in MANETs. The number of approaches proposed to defense against DDoS attacks in MANETs is much less as compared to those for the wire-based networks. The aim of this paper is to test the effectiveness of proposed cluster based DDoS attacks mechanism with various reactive routing protocols. Method: The scheme proposed here is clustering based DDoS defense mechanism, in which the Accepted: cluster heads monitors the incoming traffic to identify the presence of suspicious behaviour. After the successful identification of suspicious behavior, the flow responsible behind it will be identified and confirmed whether it is related to DDoS attack or not. Once DDoS attack is confirmed, all the packet related to it will be discarded. Results & Discussions: OMNeT++ along with INET framework is used to evaluate the effectiveness of proposed defense scheme with different routing protocols. In attack situations, DYMO exhibited higher throughput and able to deliver approximately 95% legitimate packets. DYMO, in comparison to AODV and DSR, managed to control end-to-end delay at its best levels (i.e. 0.40 to 0.70 seconds). In terms of packet delivery ratio, AODV and DYMO both perform better than DSR and able to maintain PDR at their highest levels (i.e. 0.90 to 0.94). Conclusion: The attack detection mechanism proposed here performs various tasks like monitoring, characterization, and identification of attack traffic from the incoming flow with the help neighbouring cluster heads. The flow identified as attack is discarded and attack related information would be shared with neighbouring cluster heads to achieve distributed defense. The performance of proposed defense system is assessed with different reactive routing protocols and identified that DYMO protocols performs better than AODV and DSR.

Get full-text (via PubEx)

Against Spoofing Attacks in Network Layer

Advances in Digital Crime, Forensics, and Cyber Terrorism - Combating Security Breaches and Criminal Activity in the Digital Sphere ◽

10.4018/978-1-5225-0193-0.ch003 ◽

2016 ◽

pp. 41-56

Author(s):

Kavisankar L. ◽

Chellappan C. ◽

Poovammal E.

Keyword(s):

Network Security ◽

Defense Mechanism ◽

Open Systems ◽

Denial Of Service ◽

Internet Protocol ◽

Network Protocol ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Network Layer ◽

Open Systems Interconnection

In the context of network security, a spoofing attack is a condition in which one person or a program successfully masquerades as another. This is done by providing counterfeit data with the malicious intention of gaining an illegitimate advantage. Spoofing attack which may be generated in various layer of Open Systems Interconnection model (OSI model) is discussed in this chapter. The chapter ends with discussing about the possible spoofing attacks in network layer and the relevant defense mechanism of the same. The detailed analysis and discussion is made on the spoofing attack over the Network layer because, Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks more devastating while using network protocol like Internet Protocol (IP) which have become more of a threat than ever for the past few years.

Get full-text (via PubEx)

Denial-of-Service (DoS) Attack and Botnet

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch003 ◽

2021 ◽

pp. 49-73

Author(s):

Arushi Arora ◽

Sumit Kumar Yadav ◽

Kavita Sharma

Keyword(s):

Defense Mechanism ◽

Denial Of Service ◽

The Other ◽

Denial Of Service Attacks ◽

Ddos Attacks ◽

Dos Attack ◽

Dos Attacks ◽

Commercial Software ◽

Other Hand ◽

Insight Into

This chapter describes how the consequence and hazards showcased by Denial of Service attacks have resulted in the surge of research studies, commercial software and innovative cogitations. Of the DoS attacks, the incursion of its variant DDoS can be quite severe. A botnet, on the other hand, is a group of hijacked devices that are connected by internet. These botnet servers are used to perform DDoS attacks effectively. In this chapter, the authors attempt to provide an insight into DoS attacks and botnets, focusing on their analysis and mitigation. They also propose a defense mechanism to mitigate our system from botnet DDoS attacks. This is achieved by using a through access list based configuration. The artful engineering of malware is a weapon used for online crime and the ideas behind it are profit-motivated. The last section of the chapter provides an understanding of the WannaCry Ransomware Attack which locked computers in more than 150 countries.

Get full-text (via PubEx)

A Reactive Defense Mechanism based on an Analytical Approach to Mitigate DDoS Attacks and Improve Network Performance

International Journal of Computer Applications ◽

10.5120/1734-2352 ◽

2011 ◽

Vol 12 (12) ◽

pp. 43-46 ◽

Cited By ~ 2

Author(s):

Palvinder Singh Mann ◽

Dinesh Kumar

Keyword(s):

Network Performance ◽

Analytical Approach ◽

Defense Mechanism ◽

Ddos Attacks

Get full-text (via PubEx)