scholarly journals DDoS Protection Method for Servers

2021 ◽  
Vol 2096 (1) ◽  
pp. 012040
Author(s):  
V Kh Fedorov ◽  
E G Balenko ◽  
E V Vershennik ◽  
P V Zakalkin
Keyword(s):  
Communication Network ◽  
Information Systems ◽  
Human Activities ◽  
Denial Of Service ◽  
Common Type ◽  
Ddos Attacks ◽  
Ip Address ◽  
Protection Method ◽  
Filter Rules

Abstract Cyberspace, a global artificial space, has emerged and become part of all human activities, which exposes communication network elements, in particular service servers, to attacks, whether from individual hackers and cyberterrorists or from organized communities. Denial-of-service or DDoS attacks are the most common type. These are intended solely to cause a denial of service in various information systems, including service servers. This paper presents a method that can improve protection of servers that provide various resources (services) by reasonable management of filter rules and IP address lists.

scholarly journals An Adaptive Protection of Flooding Attacks Model for Complex Network Environments

2021 ◽  
Vol 2021 ◽  
pp. 1-17
Author(s):  
Bashar Ahmad Khalaf ◽  
Salama A. Mostafa ◽  
Aida Mustapha ◽  
Mazin Abed Mohammed ◽  
Moamin A. Mahmoud ◽  
...  
Keyword(s):  
Denial Of Service ◽  
Attack Behavior ◽  
Ddos Attacks ◽  
Ip Address ◽  
Agent Based ◽  
Ddos Attack ◽  
Adaptive Protection ◽  
Adaptive Agent ◽  
Processing Power ◽  
Flooding Attacks

Currently, online organizational resources and assets are potential targets of several types of attack, the most common being flooding attacks. We consider the Distributed Denial of Service (DDoS) as the most dangerous type of flooding attack that could target those resources. The DDoS attack consumes network available resources such as bandwidth, processing power, and memory, thereby limiting or withholding accessibility to users. The Flash Crowd (FC) is quite similar to the DDoS attack whereby many legitimate users concurrently access a particular service, the number of which results in the denial of service. Researchers have proposed many different models to eliminate the risk of DDoS attacks, but only few efforts have been made to differentiate it from FC flooding as FC flooding also causes the denial of service and usually misleads the detection of the DDoS attacks. In this paper, an adaptive agent-based model, known as an Adaptive Protection of Flooding Attacks (APFA) model, is proposed to protect the Network Application Layer (NAL) against DDoS flooding attacks and FC flooding traffics. The APFA model, with the aid of an adaptive analyst agent, distinguishes between DDoS and FC abnormal traffics. It then separates DDoS botnet from Demons and Zombies to apply suitable attack handling methodology. There are three parameters on which the agent relies, normal traffic intensity, traffic attack behavior, and IP address history log, to decide on the operation of two traffic filters. We test and evaluate the APFA model via a simulation system using CIDDS as a standard dataset. The model successfully adapts to the simulated attack scenarios’ changes and determines 303,024 request conditions for the tested 135,583 IP addresses. It achieves an accuracy of 0.9964, a precision of 0.9962, and a sensitivity of 0.9996, and outperforms three tested similar models. In addition, the APFA model contributes to identifying and handling the actual trigger of DDoS attack and differentiates it from FC flooding, which is rarely implemented in one model.

scholarly journals Detection and mitigation of SYN and HTTP flood DDoS attacks in software defined networks

2021 ◽  
Author(s):  
Amandeep Singh Dhaliwal
Keyword(s):  
Denial Of Service ◽  
False Positives ◽  
Ddos Attacks ◽  
Network Resources ◽  
Detection Mechanism ◽  
Ip Address ◽  
Security Scheme ◽  
Ip Addresses ◽  
Simple Detection ◽  
Mitigation Methods

Distributed Denial of Service (DDoS) constitutes major threat to both traditional and SDN networks. An attacker can launch a DDoS attack to exhaust either the controller or other network resources, such as switches, or both. There are different DDoS attacks such as UDP flood, SYN flood, Ping of death, ICMP flood and HTTP flood. Among these, SYN and HTTP flood are the most common attacks these days. In this thesis, we focus on developing a security scheme to alleviate the DDoS attacks with spoofed and non-spoofed IP addresses in the SDN environment. First we use a simple detection mechanism that utilizes a time series window-based traffic statistic measurement to detect possible SYN flood and/or HTTP flood DDoS attacks. To reduce false positives, further investigation of traffic is done based on valid source IP address scheme and single flow packet scheme to separate legitimate traffic from attack traffic. Once the attack is detected, the security scheme deploys a number of mitigation methods to alleviate the attack. For the SYN flood attack, the mitigation method of Source IP address filtering is used to permit traffic only with valid source IP addresses to enter the network. For HTTP flood attack mitigation, a mitigation method is used to identify the attack sources and discard the traffic from those sources. We test our proposed scheme with other DDoS attacks such as ICMP flood attack and UDP flood attacks. We also compare our scheme with other security schemes found in the literature. The result shows that our proposed scheme can effectively protect controller and other network resources from some common DDoS attacks, and that our scheme allows more legitimate traffic connections with less false positives in comparison with other schemes.

IP Traceback using Flow Based Classification

2020 ◽  
Vol 13 (3) ◽  
pp. 482-490
Author(s):  
Yerram Bhavani ◽  
Vinjamuri Janaki ◽  
Rangu Sridevi
Keyword(s):  
Chinese Remainder Theorem ◽  
Denial Of Service ◽  
False Positives ◽  
Ddos Attacks ◽  
False Negatives ◽  
Ip Address ◽  
Attack Graph ◽  
Ip Traceback ◽  
Ip Addresses ◽  
Attack Path

Background:Distributed Denial of Service (DDoS) attack is a major threat over the internet. The IP traceback mechanism defends against DDoS attacks by tracing the path traversed by attack packets. The existing traceback techniques proposed till now are found with few short comings. The victim required many number of packets to trace the attack path. The requirement of a large number of packets resulted in more number of combinations and more false positives.Methods:To generate a unique value for the IP address of the routers in the attack path Chinese Remainder theorem is applied. This helped in combining the exact parts of the IP address at the victim. We also applied K-Nearest Neighbor (KNN) algorithm to classify the packets depending on their traffic flow, this reduced the number of packets to reconstruct the attack path.Results:The proposed approach is compared with the existing approaches and the results demonstrated that the attack graph is effectively constructed with higher precision and lower combination overhead under large scale DDoS attacks. In this approach, packets from diverse flows are separated as per flow information by applying KNN algorithm. Hence, the reconstruction procedure could be applied on each group separately to construct the multiple attack paths. This results in reconstruction of the complete attack graph with fewer combinations and false positive rate.Conclusion:In case of DDoS attacks the reconstruction of the attack path plays a major role in revealing IP addresses of the participated routers without false positives and false negatives. Our algorithm FRS enhances the feasibility of information pertaining to even the farthest routers by incorporating a flag condition while marking the packets. The rate of false positives and false negatives are drastically reduced by the application of Chinese Remainder Theorem on the IP addresses of the router. At the victim, the application of KNN algorithm reduced the combination overhead and the computation cost enormously.

scholarly journals Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis

2013 ◽  
Vol 2013 ◽  
pp. 1-6 ◽  
Author(s):  
Tongguang Ni ◽  
Xiaoqing Gu ◽  
Hongyuan Wang ◽  
Yu Li
Keyword(s):  
Time Series ◽  
Denial Of Service ◽  
Support Vector ◽  
Svm Classifier ◽  
Ddos Attacks ◽  
Application Layer ◽  
Ip Address ◽  
Detection Systems ◽  
Ddos Attack ◽  
Novel Approach

Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.

scholarly journals Detection and mitigation of SYN and HTTP flood DDoS attacks in software defined networks

2021 ◽  
Author(s):  
Amandeep Singh Dhaliwal
Keyword(s):  
Denial Of Service ◽  
False Positives ◽  
Ddos Attacks ◽  
Network Resources ◽  
Detection Mechanism ◽  
Ip Address ◽  
Security Scheme ◽  
Ip Addresses ◽  
Simple Detection ◽  
Mitigation Methods

Distributed Denial of Service (DDoS) constitutes major threat to both traditional and SDN networks. An attacker can launch a DDoS attack to exhaust either the controller or other network resources, such as switches, or both. There are different DDoS attacks such as UDP flood, SYN flood, Ping of death, ICMP flood and HTTP flood. Among these, SYN and HTTP flood are the most common attacks these days. In this thesis, we focus on developing a security scheme to alleviate the DDoS attacks with spoofed and non-spoofed IP addresses in the SDN environment. First we use a simple detection mechanism that utilizes a time series window-based traffic statistic measurement to detect possible SYN flood and/or HTTP flood DDoS attacks. To reduce false positives, further investigation of traffic is done based on valid source IP address scheme and single flow packet scheme to separate legitimate traffic from attack traffic. Once the attack is detected, the security scheme deploys a number of mitigation methods to alleviate the attack. For the SYN flood attack, the mitigation method of Source IP address filtering is used to permit traffic only with valid source IP addresses to enter the network. For HTTP flood attack mitigation, a mitigation method is used to identify the attack sources and discard the traffic from those sources. We test our proposed scheme with other DDoS attacks such as ICMP flood attack and UDP flood attacks. We also compare our scheme with other security schemes found in the literature. The result shows that our proposed scheme can effectively protect controller and other network resources from some common DDoS attacks, and that our scheme allows more legitimate traffic connections with less false positives in comparison with other schemes.

HULK and DDoS Attacks in Web Applications with Detection Mechanism

2018 ◽  
Vol 6 (6) ◽  
pp. 192
Author(s):  
Amit Sharma
Keyword(s):  
Web Applications ◽  
Denial Of Service ◽  
Single Server ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Detection Mechanism ◽  
Plan Execution ◽  
Social Affair ◽  
Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

scholarly journals Detection of Unknown DDoS Attacks with Deep Learning and Gaussian Mixture Model

2021 ◽  
Vol 11 (11) ◽  
pp. 5213
Author(s):  
Chin-Shiuh Shieh ◽  
Wan-Wei Lin ◽  
Thanh-Tuan Nguyen ◽  
Chi-Hong Chen ◽  
Mong-Fong Horng ◽  
...  
Keyword(s):  
Deep Learning ◽  
Gaussian Mixture Model ◽  
Mixture Model ◽  
Denial Of Service ◽  
Gaussian Mixture ◽  
Mitigation Measures ◽  
Distribution Model ◽  
Ddos Attacks ◽  
Open Set ◽  
The Impact

DDoS (Distributed Denial of Service) attacks have become a pressing threat to the security and integrity of computer networks and information systems, which are indispensable infrastructures of modern times. The detection of DDoS attacks is a challenging issue before any mitigation measures can be taken. ML/DL (Machine Learning/Deep Learning) has been applied to the detection of DDoS attacks with satisfactory achievement. However, full-scale success is still beyond reach due to an inherent problem with ML/DL-based systems—the so-called Open Set Recognition (OSR) problem. This is a problem where an ML/DL-based system fails to deal with new instances not drawn from the distribution model of the training data. This problem is particularly profound in detecting DDoS attacks since DDoS attacks’ technology keeps evolving and has changing traffic characteristics. This study investigates the impact of the OSR problem on the detection of DDoS attacks. In response to this problem, we propose a new DDoS detection framework featuring Bi-Directional Long Short-Term Memory (BI-LSTM), a Gaussian Mixture Model (GMM), and incremental learning. Unknown traffic captured by the GMM are subject to discrimination and labeling by traffic engineers, and then fed back to the framework as additional training samples. Using the data sets CIC-IDS2017 and CIC-DDoS2019 for training, testing, and evaluation, experiment results show that the proposed BI-LSTM-GMM can achieve recall, precision, and accuracy up to 94%. Experiments reveal that the proposed framework can be a promising solution to the detection of unknown DDoS attacks.

IP Address Protection Method in SDN Using Format Preserving Encryption

2021 ◽  
Vol 46 (2) ◽  
pp. 268-279
Author(s):  
Dohyeon Park ◽  
Mintae Kim ◽  
Jonghoon Lim ◽  
Raeseung Jang ◽  
Sun-Young Lee
Keyword(s):  
Ip Address ◽  
Protection Method
Sign in / Sign up

Export Citation Format

Share Document