An Adaptive Approach for Defending against DDoS Attacks

In various network attacks, the Distributed Denial-of-Service (DDoS) attack is a severe threat. In order to deal with this kind of attack in time, it is necessary to establish a special type of defense system to change strategy dynamically against attacks. In this paper, we introduce an adaptive approach, which is used for defending against DDoS attacks, based on normal traffic analysis. The approach can check DDoS attacks and adaptively adjust its configurations according to the network condition and attack severity. In order to insure the common users to visit the victim server that is being attacked, we provide a nonlinear traffic control formula for the system. Our simulation test indicates that the nonlinear control approach can prevent the malicious attack packets effectively while making legitimate traffic flows arrive at the victim.

Download Full-text

Detecting DDoS Attacks Using the Analysis of Network Traffic as Dynamical System1 The work was financially supported by the Ministry of Education and Science of Russia by lot code 2017-14-579-0002 on the topic: “The development of effective algorithms for network attacks detection based on identifying of deviations in the traffic of extremely large volumes arriving at border routers of the data network and creating a sample of software complex for detection and prevention of information security threats aimed at denial of service”. Agreement No. 14.578.21.0261 for granting a subsidy on September, 26, 2017, the unique identifier of the work (project) is RFME-FI57817×0261

2018 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC) ◽

10.1109/monetec.2018.8572034 ◽

2018 ◽

Cited By ~ 1

Author(s):

A.E. Krasnov ◽

D.N. Nikol'skii ◽

D.S. Repin ◽

V.S. Galyaev ◽

E.A. Zykova

Keyword(s):

Information Security ◽

Denial Of Service ◽

Security Threats ◽

Ministry Of Education ◽

Ddos Attacks ◽

Unique Identifier ◽

Network Attacks ◽

Data Network ◽

Software Complex ◽

Service Agreement

Download Full-text

PERFORMANCE ANALYSIS OF AGENT BASED DISTRIBUTED DEFENSE MECHANISMS AGAINST DDOS ATTACKS

International Journal of Computing ◽

10.47839/ijc.17.1.945 ◽

2018 ◽

pp. 15-24 ◽

Cited By ~ 1

Author(s):

Karanbir Singh ◽

Kanwalvir Singh Dhindsa ◽

Bharat Bhushan

Keyword(s):

Defense Mechanisms ◽

Denial Of Service ◽

Detection Algorithm ◽

Attack Detection ◽

Ddos Attacks ◽

Defense System ◽

Internet Service ◽

Agent Based ◽

Related Information ◽

Edge Router

The current internet infrastructure is susceptible to distributed denial of service (DDoS) attacks and has no built in mechanism to defend against them. The research on these kinds of attacks and their defense is significant for the security and reliability of the internet. We have already proposed a collaborative agent based distributed DDoS defense scheme which detect and prevents against DDoS attacks in ISP (Internet Service Provider) boundaries. The actual task of defense is carried out by agents and coordinators in each ISP. The defense system works by inspecting incoming traffic on edge router and identify the happening of DDoS attacks. The agent’s implements an entropy-threshold based detection algorithm. The coordinators share attack related information with neighboring ISPs in order to achieve distributed defense. The performance of defense system is evaluated on the basis of some identified metrics. The effectiveness of the defense system is evaluated in the presence and absence of defense system. The result indicates that the proposed defense system does accurate attack detection with very few false positives and false negatives.

Download Full-text

DDoS on Sketch: Spoofed DDoS attack defense with programmable data plans using sketches in SDN

10.5753/sbrc.2019.7404 ◽

2019 ◽

Author(s):

Kairo Tavares ◽

Tiago Coelho Ferreto

Keyword(s):

Defense Mechanism ◽

Denial Of Service ◽

Management Control ◽

Ddos Attacks ◽

Limited Data ◽

Defense System ◽

Flooding Attacks ◽

Data Plane ◽

High Level ◽

Flexible Management

Distributed Denial of Service (DDoS) attacks continues to be a major issue in todays Internet. Over the last few years, we have observed a dramatic escalation in the number, scale, and diversity of these attacks. Among the various types, spoofed TCP SYN Flood is one of the most common forms of volumetric DDoS attacks. Several works explored the flexible management control provided by the new network paradigm called Defined Networking Software (SDN) to produce a flexible and powerful defense system. Among them, data plane based solutions combined with recent flexibility of programmable switches aims to leverage hardware speed and defend against Spoofed Flooding attacks. Usually, they implement anti-spoofing mechanisms that rely on performing client authentication on the data plane using techniques such as TCP Proxy, TCP Reset, and Safe Reset. However, these mechanisms have several limitations. First, due to the required interaction to authenticate the client, they penalize all clients connection time even without an ongoing attack. Second, they use a limited version of TCP cookies to detect a valid client ACK or RST, and finally, they are vulnerable to a buffer saturation attack due to limited data plan resources that stores the whitelist of authenticated users. In this work, we propose the use of sketch-based solutions to improve the data plane Safe Reset anti-spoofing defense mechanism. We implemented our solution in P4, a high-level language for programmable data planes, and evaluate our solution against a data plan. Safe Reset technique on an emulated environment using Mininet.

Download Full-text

Design on DDoS Attack Detection and Prevention Systems

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.530-531.798 ◽

2014 ◽

Vol 530-531 ◽

pp. 798-801

Author(s):

Feng Li ◽

Hai Ying Wang

Keyword(s):

System Design ◽

Attack Detection ◽

Host Computer ◽

Ddos Attacks ◽

Defense System ◽

Suitable Host ◽

Network Attacks ◽

Ddos Attack ◽

Ddos Attack Detection ◽

Detection Technologies

For DDoS attacks, it must be sniffing this step, the attacker to be able to successfully launch the final realization of the invasion and attack, we must find a suitable host computer and can be used as hosts puppet machine. In this thesis, a DDoS attack detection technologies, and further proposed based DDoS attack defense system design, the results show that our design can effectively prevent DDoS network attacks.

Download Full-text

HULK and DDoS Attacks in Web Applications with Detection Mechanism

International Journal of Emerging Research in Management and Technology ◽

10.23956/ijermt.v6i6.268 ◽

2018 ◽

Vol 6 (6) ◽

pp. 192

Author(s):

Amit Sharma

Keyword(s):

Web Applications ◽

Denial Of Service ◽

Single Server ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Detection Mechanism ◽

Plan Execution ◽

Social Affair ◽

Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Download Full-text

Detection of Unknown DDoS Attacks with Deep Learning and Gaussian Mixture Model

Applied Sciences ◽

10.3390/app11115213 ◽

2021 ◽

Vol 11 (11) ◽

pp. 5213

Author(s):

Chin-Shiuh Shieh ◽

Wan-Wei Lin ◽

Thanh-Tuan Nguyen ◽

Chi-Hong Chen ◽

Mong-Fong Horng ◽

...

Keyword(s):

Deep Learning ◽

Gaussian Mixture Model ◽

Mixture Model ◽

Denial Of Service ◽

Gaussian Mixture ◽

Mitigation Measures ◽

Distribution Model ◽

Ddos Attacks ◽

Open Set ◽

The Impact

DDoS (Distributed Denial of Service) attacks have become a pressing threat to the security and integrity of computer networks and information systems, which are indispensable infrastructures of modern times. The detection of DDoS attacks is a challenging issue before any mitigation measures can be taken. ML/DL (Machine Learning/Deep Learning) has been applied to the detection of DDoS attacks with satisfactory achievement. However, full-scale success is still beyond reach due to an inherent problem with ML/DL-based systems—the so-called Open Set Recognition (OSR) problem. This is a problem where an ML/DL-based system fails to deal with new instances not drawn from the distribution model of the training data. This problem is particularly profound in detecting DDoS attacks since DDoS attacks’ technology keeps evolving and has changing traffic characteristics. This study investigates the impact of the OSR problem on the detection of DDoS attacks. In response to this problem, we propose a new DDoS detection framework featuring Bi-Directional Long Short-Term Memory (BI-LSTM), a Gaussian Mixture Model (GMM), and incremental learning. Unknown traffic captured by the GMM are subject to discrimination and labeling by traffic engineers, and then fed back to the framework as additional training samples. Using the data sets CIC-IDS2017 and CIC-DDoS2019 for training, testing, and evaluation, experiment results show that the proposed BI-LSTM-GMM can achieve recall, precision, and accuracy up to 94%. Experiments reveal that the proposed framework can be a promising solution to the detection of unknown DDoS attacks.

Download Full-text

A dual control approach for repeated anticipatory traffic control with estimation of network flow sensitivity

Journal of Advanced Transportation ◽

10.1002/atr.1407 ◽

2016 ◽

Vol 50 (7) ◽

pp. 1386-1412 ◽

Cited By ~ 5

Author(s):

Wei Huang ◽

Francesco Viti ◽

Chris M. J. Tampère

Keyword(s):

Traffic Control ◽

Network Flow ◽

Dual Control ◽

Control Approach ◽

Flow Sensitivity

Download Full-text

A Survey of Navigation Systems and Instrument Aids

Journal of Navigation ◽

10.1017/s0373463300045550 ◽

1950 ◽

Vol 3 (2) ◽

pp. 141-155

Author(s):

D. E. Adams ◽

A. M. Uttley

Keyword(s):

Traffic Control ◽

Joint Meeting ◽

Navigation Systems ◽

Military Operations ◽

Control Approach ◽

Simultaneous Development

An abbreviated version of a paper read before a joint meeting of the Institute and the Royal Aeronautical Society.The usefulness of a particular aircraft may well depend upon the availability or simultaneous development of equipment. Safe, reliable, economic and speedy operation in the civil field may rest, for instance, on facilities which enable all-weather operation to be undertaken—including navigation, traffic control, approach and landing facilities. Military operations, even more directly, will be determined by the instrument aids available.

Download Full-text

DAD: Domain Adversarial Defense System against DDoS attacks in Cloud

IEEE Transactions on Network and Service Management ◽

10.1109/tnsm.2021.3097903 ◽

2021 ◽

pp. 1-1

Author(s):

Divyasree IR ◽

Selvamani K

Keyword(s):

Ddos Attacks ◽

Defense System

Download Full-text

DIGITAL TELECOMMUNICATION STANDARDS VDL MODE 4 AND 1090ES FOR CIVIL AVIATION. COMPARATIVE ANALYSIS

Труды НИИР ◽

10.34832/niir.2020.2.3.005 ◽

2020 ◽

Author(s):

А.В. МИРОШНИЧЕНКО ◽

И.А. ТАТАРЧУК ◽

С.С. ШАВРИН ◽

Э.Я. ФАЛЬКОВ

Keyword(s):

Comparative Analysis ◽

Traffic Control ◽

Situational Awareness ◽

Digital Communication ◽

Data Transfer ◽

Evaluation Criteria ◽

Unmanned Aircraft ◽

Civil Aviation ◽

Radio Communication ◽

The Common

Внедрение стандартов цифровой радиосвязи в гражданской авиации происходит практически без взаимодействия с международными организациями по стандартизации в области телекоммуникаций. При этом цифровая связь используется в первую очередь для обеспечения безопасности полетов воздушных судов. По радиоканалу в вещательном режиме каждое воздушное судно передает информацию о своем местоположении, обеспечивая таким образом ситуационную осведомленность экипажей других судов и диспетчеров. Поскольку число пассажирских и грузовых судов растет, а кроме того, в последнее время многократно возросло число беспилотных судов,которые должны быть интегрированы в общее воздушное пространство, то назрела необходимость рассмотреть существующие стандарты цифровой авиационной связи и провести сравнительный анализ их параметров. В данной работе выполнен сравнительный анализ физического и канального уровней стандартов VDL mode 4 и 090ES,а также представлены критерии качества передачи данных с помощью технологии автоматического зависимого наблюдения-вещания. Сравнение проведено по результатам моделирования работы стандартов в условиях высокой загруженности воздушного пространства. Digital communication standards implementation in civil aviation is now performed practically without collaboration with international telecommunications standardization organizations. At the same time, digital communication is primarily intended to ensure the safety of aircraft flights. Each aircraft transmits its position report messages over a radio communication channel in a broadcast mode, thus providing situational awareness for other aircrafts and the air traffic control staff. Since the number of passenger and cargo aircrafts grows, and in addition, the number of unmanned aircraft that must be integrated into the common airspace has recently multiplied, it is time to consider the existing digital aviation communication standards and perform a comparative analysis of their parameters. In the article, a comparative analysis of the physical and link levels of the VDL mode 4 and 1090ES standards was carried out. The ADS-B data transfer quality evaluation criteria are proposed. The VDL mode 4 and 1090ES standards modeling results in conditions of high airspace congestion are compared.

Download Full-text