scholarly journals Tcp Syn Flood Attack Detection and Prevention System using Adaptive Thresholding Method

2021 ◽  
Vol 37 ◽  
pp. 01016
Author(s):  
B N Ramkumar ◽  
T Subbulakshmi
Keyword(s):  
Transmission Control Protocol ◽  
Denial Of Service ◽  
Attack Detection ◽  
Adaptive Thresholding ◽  
Defence Mechanism ◽  
Transmission Control ◽  
Positive Ratio ◽  
False Positive Ratio ◽  
Prevention System ◽  
Thresholding Algorithm

Transmission Control Protocol Synchronized (SYN) flooding contributes to a major part of the Denial of service attacks (Dos) because of the easy to exploit nature of the TCP three way handshake mechanism. Attackers use this weakness to overflow the TCP queue of the server and make its re-sources consumed resulting it to be unavailable for the requests of legitimate users. So we are in need of a quick and precise defence mechanism to detect the TCP-SYN Flood attack. The main objective of the paper is to propose a detection and prevention mechanism of the TCP-SYN flood attack using adaptive thresholding. Adaptive threshold algorithm (ATA) is used to calculate dynamic threshold .Thus this algorithm helps to overcome the limitations of static thresholding like high false positive ratio and also alert users after violation of the threshold calculated by adaptive thresholding algorithm. The result of the suggested mechanism is very effective in the detection and prevention of the TCP SYN flood attack using adaptive thresholding algorithm.

scholarly journals Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks

2021 ◽  
Vol 30 (1) ◽  
Author(s):  
Francesco Musumeci ◽  
Ali Can Fidanci ◽  
Francesco Paolucci ◽  
Filippo Cugini ◽  
Massimo Tornatore
Keyword(s):  
Machine Learning ◽  
Real Time ◽  
Transmission Control Protocol ◽  
Denial Of Service ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Worst Case ◽  
Latency Reduction ◽  
Data Plane ◽  
Network Switches

Abstract Distributed Denial of Service (DDoS) attacks represent a major concern in modern Software Defined Networking (SDN), as SDN controllers are sensitive points of failures in the whole SDN architecture. Recently, research on DDoS attacks detection in SDN has focused on investigation of how to leverage data plane programmability, enabled by P4 language, to detect attacks directly in network switches, with marginal involvement of SDN controllers. In order to effectively address cybersecurity management in SDN architectures, we investigate the potential of Artificial Intelligence and Machine Learning (ML) algorithms to perform automated DDoS Attacks Detection (DAD), specifically focusing on Transmission Control Protocol SYN flood attacks. We compare two different DAD architectures, called Standalone and Correlated DAD, where traffic features collection and attack detection are performed locally at network switches or in a single entity (e.g., in SDN controller), respectively. We combine the capability of ML and P4-enabled data planes to implement real-time DAD. Illustrative numerical results show that, for all tested ML algorithms, accuracy, precision, recall and F1-score are above 98% in most cases, and classification time is in the order of few hundreds of $$\upmu \text {s}$$ μ s in the worst case. Considering real-time DAD implementation, significant latency reduction is obtained when features are extracted at the data plane by using P4 language. Graphic Abstract

scholarly journals A Mathematical Model for Randomly-Occurring Low-Rate Denial of Service Attacks

2014 ◽  
pp. 27-31
Author(s):  
Nahush Chaturvedi ◽  
Hrushikesha Mohanty
Keyword(s):  
Mathematical Model ◽  
Continuous Time ◽  
Transmission Control Protocol ◽  
Denial Of Service ◽  
Denial Of Service Attacks ◽  
Continuous Time Markov Chain ◽  
Dos Attacks ◽  
Transmission Control ◽  
Abnormal State ◽  
Low Rate

Low rate attacks, or Denial-of-Service (DoS) attacks of the occasional misbehaviour, can throttle the throughput of robust timed-protocols, like the Transmission Control Protocol(TCP), by creating either periodic or exponentially distributed outages, or transmission disruptions. Such attacks are as effective as full-fledged DoS with high undetectability of the misbehaving network entity. In this paper, we present a mathematical model of Low-Rate. randomly occurring, Denial-of-Service attacks. By viewing the process as a twostate Continuous-Time Markov Chain(CTMC), we have successfully computed the transition and state probabilities of a compromised network entity that can behave normally, while in the normal state. and abnormally, when in the abnormal state.

Detecting Application-Layer Attacks Based on Hidden Semi-Markov Models

2014 ◽  
Vol 631-632 ◽  
pp. 923-927
Author(s):  
Bai Lin Xie ◽  
Qian Sheng Zhang
Keyword(s):  
Anomaly Detection ◽  
Markov Models ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Application Layer ◽  
Arrival Times ◽  
Positive Ratio ◽  
False Positive Ratio ◽  
Theory Application ◽  
Application Layer Protocol

This paper presents an application-layer attack detection method based on hidden semi-markov models. In this method, the keywords of an application-layer protocol and their inter-arrival times are used as the observations, a hidden semi-markov model is used to describe the application-layer behaviors of a normal user who is using some application-layer protocol. This method is also based anomaly detection. In theory, application-layer anomaly detection can identify the known, unknown and novel attacks happened on application-layer. The experimental results show that this method can identify several application-layer attacks, and has high detection accuracy and low false positive ratio.

scholarly journals Distributed reflection denial of service attack: A critical review

2021 ◽  
Vol 11 (6) ◽  
pp. 5327
Author(s):  
Riyadh Rahef Nuiaa ◽  
Selvakumar Manickam ◽  
Ali Hakem Alsaeedi
Keyword(s):  
Transmission Control Protocol ◽  
Denial Of Service ◽  
Dos Attack ◽  
Dos Attacks ◽  
Transmission Control ◽  
Denial Of Service Attack ◽  
Tcp Protocol ◽  
Service Attack ◽  
Pass Through ◽  
Prime Target

As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks.

scholarly journals Removing SYN flooding in TCP/IP Network

2019 ◽  
Author(s):  
Abbas Khurum
Keyword(s):  
Communication Protocol ◽  
Transmission Control Protocol ◽  
Denial Of Service ◽  
Transport Layer ◽  
Distributed Denial Of Service ◽  
Dos Attack ◽  
Dos Attacks ◽  
Transmission Control ◽  
Wired Networks ◽  
Ip Network

Transmission Control Protocol (TCP), the most popular transport layer communication protocol for the Internet. It was originally designed for wired networks, where Denial of Service (DoS) attacks are very common. This article analyzes the TCP SYN flood (a.k.a. SYN flood) Issue in TCP, that is a type of Distributed Denial of Service (DoS) attack that exploits part of the normal TCP three-way handshake to consume resources on the targeted server and render it unresponsive. At the end it proposes solution for TCP SYN flood.

Detecting Application-Layer Attacks Based on User's Application-Layer Behaviors

2013 ◽  
Vol 411-414 ◽  
pp. 607-612
Author(s):  
Bai Lin Xie ◽  
Sheng Yi Jiang
Keyword(s):  
Anomaly Detection ◽  
Detection Method ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Application Layer ◽  
Arrival Times ◽  
Positive Ratio ◽  
False Positive Ratio ◽  
Theory Application ◽  
Application Layer Protocol

This paper presents an application-layer attack detection method based on user’s application-layer behaviors. In this method, the keywords of an application-layer protocol and their inter-arrival times are used as the observations, a hidden semi-Markov model is used to describe the application-layer behaviors of a normal user who is using the application-layer protocol. This method is also based anomaly detection. In theory, application-layer anomaly detection can identify the known, unknown and novel attacks happened on application-layer. The experimental results show that this method can identify several application-layer attacks, and has high detection accuracy and low false positive ratio.

scholarly journals DDoS Flood and Destination Service Changing Sensor

Sensors ◽  
2021 ◽  
Vol 21 (6) ◽  
pp. 1980
Author(s):  
Fu-Hau Hsu ◽  
Chia-Hao Lee ◽  
Chun-Yi Wang ◽  
Rui-Yi Hung ◽  
YungYu Zhuang
Keyword(s):  
Operating System ◽  
Network Architecture ◽  
Transmission Control Protocol ◽  
Low Cost ◽  
Denial Of Service ◽  
Attack Detection ◽  
System Call ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Detection Mechanism

In this paper, we aim to detect distributed denial of service (DDoS) attacks, and receive a notification of destination service, changing immediately, without the additional efforts of other modules. We designed a kernel-based mechanism to build a new Transmission Control Protocol/Internet Protocol (TCP/IP) connection smartly by the host while the users or clients not knowing the location of the next host. Moreover, we built a lightweight flooding attack detection mechanism in the user mode of an operating system. Given that reinstalling a modified operating system on each client is not realistic, we managed to replace the entry of the system call table with a customized sys_connect. An effective defense depends on fine detection and defensive procedures. In according with our experiments, this novel mechanism can detect flooding DDoS successfully, including SYN flood and ICMP flood. Furthermore, through cooperating with a specific low cost network architecture, the mechanism can help to defend DDoS attacks effectively.

Sign in / Sign up

Export Citation Format

Share Document