scholarly journals Preventing DNS Misuse for Reflection / Amplification Attacks With Minimal Computational Overhead on the Internet

2020 ◽  
pp. 60-70
Author(s):  
Rebeen Rebwar Hama Amin ◽  
Dana Hassan ◽  
Masnida Hussin
Keyword(s):  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Single Point ◽  
Denial Of Service ◽  
Traffic Load ◽  
Large Magnitude ◽  
Computational Overhead ◽  
Attack Path ◽  
Computational Resources ◽  
The Impact

DNS reflection/amplification attacks are types of Distributed Denial of Service (DDoS) attacks that take advantage of vulnerabilities in the Domain Name System (DNS) and use it as an attacking tool. This type of attack can quickly deplete the resources (i.e. computational and bandwidth) of the targeted system. Many defense mechanisms are proposed to mitigate the impact of this type of attack. However, these defense mechanisms are centralized-based and cannot deal with a distributed-based attack. Also, these defense mechanisms have a single point of deployment which leads to a lack of computational resources to handle an attack with a large magnitude. In this work, we presented a new distributed-based defense mechanism (DDM) to counter reflection/ amplification attacks. While operating, we calculated the CPU counters of the machines that we deployed our defense mechanism with which showed 19.9% computational improvement. On top of that, our defense mechanism showed that it can protect the attack path from exhaustion during reflection/amplification attacks without putting any significant traffic load on the network by eliminating every spoofed request from getting responses.

scholarly journals Primed to be strong, primed to be fast: modeling benefits of microbial stress responses

2019 ◽  
Vol 95 (8) ◽  
Author(s):  
Felix Wesener ◽  
Britta Tietjen
Keyword(s):  
Stress Response ◽  
Stress Responses ◽  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Equation Model ◽  
Response Strategies ◽  
Early Stress ◽  
The Impact ◽  
Microbial Stress ◽  
Population Performance

ABSTRACT Organisms are prone to different stressors and have evolved various defense mechanisms. One such defense mechanism is priming, where a mild preceding stress prepares the organism toward an improved stress response. This improved response can strongly vary, and primed organisms have been found to respond with one of three response strategies: a shorter delay to stress, a faster buildup of their response or a more intense response. However, a universal comparative assessment, which response is superior under a given environmental setting, is missing. We investigate the benefits of the three improved responses for microorganisms with an ordinary differential equation model, simulating the impact of an external stress on a microbial population that is either naïve or primed. We systematically assess the resulting population performance for different costs associated with priming and stress conditions. Our results show that independent of stress type and priming costs, the stronger primed response is most beneficial for longer stress phases, while the faster and earlier responses increase population performance and survival probability under short stresses. Competition increases priming benefits and promotes the early stress response. This dependence on the ecological context highlights the importance of including primed response strategies into microbial stress ecology.

scholarly journals Defense mechanisms against Distributed Denial of Service attacks: Comparative Review

2021 ◽  
Vol 4 (1) ◽  
pp. 81-94
Author(s):  
Fahad Alatawi
Keyword(s):  
Defense Mechanisms ◽  
Large Scale ◽  
Defense Mechanism ◽  
Denial Of Service ◽  
Detection Accuracy ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Response Mechanism ◽  
Packet Filtering ◽  
Comparative Review

Distributed Denial of Service (DDoS) remains a big concern in Cybersecurity. DDoS attacks are implemented to prevent legitimate users from getting access to services. The attackers make use of multiple hosts that have been compromised (i.e., Botnets) to organize a large-scale attack on targets. Developing an effective defensive mechanism against existing and potential DDoS attacks remains a strong desire in the cybersecurity research community. However, development of effective mechanisms or solutions require adequate evaluation of existing defense mechanism and a critical analysis of how these methods have been implemented in preventing, detecting, and responding to DDoS attacks. This paper adopted a systematic review method to critically analyze the existing mechanisms. The review of existing literature helped classify the defense mechanism into four categories: source-based, core-router, victim-based, and distributed systems. A qualitative analysis was used to exhaustively evaluate these defense mechanisms and determine their respective effectiveness. The effectiveness of the defense mechanisms was evaluated on six key parameters: coverage, implementation, deployment, detection accuracy, response mechanism, and robustness. The comparative analysis reviewed the shortcomings and benefits of each mechanism. The evaluation determined that victim-based defense mechanisms have a high detection accuracy but is associated with massive collateral as the detection happens when it is too late to protect the system. On the other hand, whereas stopping an attack from the source-end is ideal, detection accuracy at this point is too low as it is hard to differentiate legitimate and malicious traffic. The effectiveness of the core-based defense systems is not ideal because the routers do not have enough CPU cycles and memory to profile the traffic. Distributed defense mechanisms are effective as components can be spread out across the three locations in a way that takes advantage of each location. The paper also established that the rate-limiting response mechanism is more effective than packet filtering method because it does not restrict legitimate traffic. The analysis revealed that there is no single defense mechanism that offers complete protection against DDoS attacks but concludes that the best defense mechanism is the use of distributed defense because it ensures that defense components are placed on all locations.

scholarly journals Efficient Authentication Mechanism for Defending Against Reflection-Based Attacks on Domain Name System

2020 ◽  
Vol 5 (1) ◽  
pp. 164-174
Author(s):  
Dana Hasan ◽  
Rebeen R. Hama Amin ◽  
Masnida Hussin
Keyword(s):  
Defense Mechanism ◽  
Single Point ◽  
Detection Accuracy ◽  
Domain Name System ◽  
Domain Name ◽  
Packet Filtering ◽  
Authentication Mechanism ◽  
Message Exchange ◽  
Packet Inspection ◽  
The Impact

Domain Name System (DNS) is one of few services on the Internet which is allowed through every security barrier. It mostly depends on the User Datagram Protocol (UDP) as the transport protocol, which is a connectionless protocol with no built-in authentication mechanism. On top of that, DNS responses are substantially larger than their corresponding requests. These two key features made DNS a fabulous attacking tool for cybercriminals to reflect and amplify a huge volume of requests to consume their victim's resources. Recent incidents revealed how harsh DNS could be when it is abused with great complexity by attackers. Moreover, these events had proven that any defense mechanism with single point deployment couldn’t accurately and efficiently overcome an attack volume with high dynamicity. In this paper, we proposed the Efficient Distributed-based Defense Scheme (EDDS) to overcome the shortcomings of a centralized-based defense mechanism. By using an authentication message exchange, which is a Challenge-Handshake Authentication Protocol (CHAP)-based authentication mechanism. It is deployed on multiple nodes to determine the legitimacy of the DNS request. Moreover, it significantly reduces the impact of the amplification factor for the fake DNS requests without having any side effects on legitimate ones. Then, a Stateful Packet Inspection (SPI)-based packet filtering is proposed to distinguish legitimate requests from fake ones by considering the results of the authentication procedure. Both authentication-message exchange and SPI-based filtering are introduced to provide detection accuracy without reducing the quality of service for legitimate users. As the simulation results show, the proposed mechanism can efficiently and accurately detect, isolate, and discard the bogus traffic with minimal overhead on the system.

scholarly journals Plant Defense Responses to Biotic Stress and Its Interplay With Fluctuating Dark/Light Conditions

2021 ◽  
Vol 12 ◽  
Author(s):  
Zahra Iqbal ◽  
Mohammed Shariq Iqbal ◽  
Abeer Hashem ◽  
Elsayed Fathi Abd_Allah ◽  
Mohammad Israil Ansari
Keyword(s):  
Plant Defense ◽  
Biotic Stress ◽  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Defense Responses ◽  
Light Environment ◽  
Microbial Pathogens ◽  
Signaling Cascade ◽  
Dark Light ◽  
The Impact

Plants are subjected to a plethora of environmental cues that cause extreme losses to crop productivity. Due to fluctuating environmental conditions, plants encounter difficulties in attaining full genetic potential for growth and reproduction. One such environmental condition is the recurrent attack on plants by herbivores and microbial pathogens. To surmount such attacks, plants have developed a complex array of defense mechanisms. The defense mechanism can be either preformed, where toxic secondary metabolites are stored; or can be inducible, where defense is activated upon detection of an attack. Plants sense biotic stress conditions, activate the regulatory or transcriptional machinery, and eventually generate an appropriate response. Plant defense against pathogen attack is well understood, but the interplay and impact of different signals to generate defense responses against biotic stress still remain elusive. The impact of light and dark signals on biotic stress response is one such area to comprehend. Light and dark alterations not only regulate defense mechanisms impacting plant development and biochemistry but also bestow resistance against invading pathogens. The interaction between plant defense and dark/light environment activates a signaling cascade. This signaling cascade acts as a connecting link between perception of biotic stress, dark/light environment, and generation of an appropriate physiological or biochemical response. The present review highlights molecular responses arising from dark/light fluctuations vis-à-vis elicitation of defense mechanisms in plants.

DoS Attacks on RFID Systems

2013 ◽  
pp. 139-152
Author(s):  
Dang Nguyen Duc ◽  
Kwangjo Kim
Keyword(s):  
Denial Of Service ◽  
Secret Key ◽  
Dos Attacks ◽  
Tag Identification ◽  
Shared Secret ◽  
Common Technique ◽  
Rfid Authentication Protocols ◽  
Computational Resources ◽  
The Impact ◽  
Shared Secret Key

In this chapter, the authors discuss the impact of providing tag privacy on the performance of an RFID system, in particular the complexity of identifying the tags being queried at the back-end server. A common technique to provide tag privacy is to use pseudonyms. That is, for each authentication session, a tag uses a temporary and random-looking identifier so that it is infeasible for attackers to relate two authentication sessions. A natural question which should arise here is how the server can identify a tag given that the tag’s identity is changing all the time. This problem becomes even more serious when the shared secret key between a tag and the server is updated after every authentication session to provide forward privacy. In the first part of this chapter, the authors review different techniques to deal with this problem. They then point out that most of the existing techniques lead to vulnerability of the back-end server against Denial-of-Service (DoS) attacks. They illustrate some of these attacks by describing methods which attackers can use to abuse the server’s computational resources in several popular RFID authentication protocols. Finally, the authors discuss some techniques to address the privacy vs. performance dilemma so that DoS attacks can be prevented while keeping tag identification efficient.

scholarly journals A Proposed DoS Detection Scheme for Mitigating DoS Attack Using Data Mining Techniques

Computers ◽  
2019 ◽  
Vol 8 (4) ◽  
pp. 85 ◽  
Author(s):  
Djanie ◽  
Tutu ◽  
Dzisi
Keyword(s):  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Computer Network ◽  
Denial Of Service ◽  
Svm Classifier ◽  
Detection Accuracy ◽  
Dos Attack ◽  
Detection Mechanism ◽  
Detection Scheme ◽  
Using Data

A denial of service (DoS) attack in a computer network is an attack on the availability of computer resources to prevent users from having access to those resources over the network. Denial of service attacks can be costly, capable of reaching $100,000 per hour. Development of easily-accessible, simple DoS tools has increased the frequency and reduced the level of expertise needed to launch an attack. Though these attack tools have been available for years, there has been no proposed defense mechanism targeted specifically at them. Most defense mechanisms in literature are designed to defend attacks captured in datasets like the KDD Cup 99 dataset from 20 years ago and from tools no longer in use in modern attacks. In this paper, we capture and analyze traffic generated by some of these DoS attack tools using Wireshark Network Analyzer and propose a signature-based DoS detection mechanism based on SVM classifier to defend against attacks launched by these attack tools. Our proposed detection mechanism was tested with Snort IDS and compared with some already existing defense mechanisms in literature and had a high detection accuracy, low positive rate and fast detection time.

scholarly journals Evaluating the Robustness of Defense Mechanisms based on AutoEncoder Reconstructions against Carlini-Wagner Adversarial Attacks

2020 ◽  
Vol 1 ◽  
pp. 6
Author(s):  
Petru Hlihor ◽  
Riccardo Volpi ◽  
Luigi Malagò
Keyword(s):  
Machine Learning ◽  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Learning Systems ◽  
Latent Space ◽  
Adversarial Examples ◽  
The Impact

Adversarial Examples represent a serious problem affecting the security of machine learning systems. In this paper we focus on a defense mechanism based on reconstructing images before classification using an autoencoder. We experiment on several types of autoencoders and evaluate the impact of strategies such as injecting noise in the input during training and in the latent space at inference time.We tested the models on adversarial examples generated with the Carlini-Wagner attack, in a white-box scenario and on the stacked system composed by the autoencoder and the classifier.

scholarly journals Application Layer DDoS Attack Defense Methods and A new Defense Mechanism against Flooding

2020 ◽  
Vol 8 (6) ◽  
pp. 208-212
Keyword(s):  
Machine Learning ◽  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Network Environment ◽  
Ddos Attacks ◽  
Application Layer ◽  
New Approach ◽  
Ddos Attack

In a network environment, Distributed Denial of Service (DDoS) attacks eemploys a network or server is unavailable to its normal users. Application-layer Distributed Denial of Service (App-DDoS) attacks are serious issues for the webserver itself. The multitude and variety of such attacks and defense approaches are overwhelming. This paper here follows, we analyze the different defense mechanisms for application-layer DDoS attacks and proposes a new approach to defend using machine learning.

The Use of the Defense Mechanism Test to Aid in Understanding the Personality of Senior Executives and the Implications for Their Careers

2009 ◽  
Vol 30 (1) ◽  
pp. 73-96 ◽  
Author(s):  
Olya Khaleelee
Keyword(s):  
Crisis Intervention ◽  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Senior Executives ◽  
Ideal Types ◽  
The Individual ◽  
Test Profiles ◽  
Real Test

This paper describes the use of the Defense Mechanism Test as an aid in helping to assess senior executives in four areas: for selection, development, career strategy, and crisis intervention. The origins of this test, developed to measure the defense mechanisms used to protect the individual from stress, are described. The paper shows how it was used to predict the capacity of trainee fighter pilots to withstand stress and its later application to other stressful occupations. Finally, some ideal types of the test are shown followed by four real test profiles, two of them with their associated histories.

A Study of Memory and Psychological Defense Mechanism in Julian Barnes’s The Sense of an Ending

2019 ◽  
Author(s):  
Hossein Aliakbari Harehdasht ◽  
Zahra Ekbatäni
Keyword(s):  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Human Mind ◽  
The Novel ◽  
Psychological Defense ◽  
Julian Barnes ◽  
Self Image

In The Sense of an Ending, Julian Barnes portrays the mysterious workings of the human mind as it distorts facts towards the end of a self-image that one can live with. The protagonist in the novel deploys certain psychological defense mechanisms in order to protect himself from feelings of anxiety, only to experience even more profound anxiety due to his excessive use of them. The significance of the present paper lies in its novel view of the book. So far, the critique on the novel has mainly been focused on the workings of time on memory; however, the present paper investigates how psychological defense mechanisms blur the protagonist’s perception of reality and distort his memories. This paper also attempts to attract scholarly interest in the study of psychological defense mechanisms in the study of The Sense of an Ending which has so far been to the best of our knowledge overlooked

Sign in / Sign up

Export Citation Format

Share Document