scholarly journals A Proposed DoS Detection Scheme for Mitigating DoS Attack Using Data Mining Techniques

Computers ◽  
2019 ◽  
Vol 8 (4) ◽  
pp. 85 ◽  
Author(s):  
Djanie ◽  
Tutu ◽  
Dzisi
Keyword(s):  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Computer Network ◽  
Denial Of Service ◽  
Svm Classifier ◽  
Detection Accuracy ◽  
Dos Attack ◽  
Detection Mechanism ◽  
Detection Scheme ◽  
Using Data

A denial of service (DoS) attack in a computer network is an attack on the availability of computer resources to prevent users from having access to those resources over the network. Denial of service attacks can be costly, capable of reaching $100,000 per hour. Development of easily-accessible, simple DoS tools has increased the frequency and reduced the level of expertise needed to launch an attack. Though these attack tools have been available for years, there has been no proposed defense mechanism targeted specifically at them. Most defense mechanisms in literature are designed to defend attacks captured in datasets like the KDD Cup 99 dataset from 20 years ago and from tools no longer in use in modern attacks. In this paper, we capture and analyze traffic generated by some of these DoS attack tools using Wireshark Network Analyzer and propose a signature-based DoS detection mechanism based on SVM classifier to defend against attacks launched by these attack tools. Our proposed detection mechanism was tested with Snort IDS and compared with some already existing defense mechanisms in literature and had a high detection accuracy, low positive rate and fast detection time.

scholarly journals Defense mechanisms against Distributed Denial of Service attacks: Comparative Review

2021 ◽  
Vol 4 (1) ◽  
pp. 81-94
Author(s):  
Fahad Alatawi
Keyword(s):  
Defense Mechanisms ◽  
Large Scale ◽  
Defense Mechanism ◽  
Denial Of Service ◽  
Detection Accuracy ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Response Mechanism ◽  
Packet Filtering ◽  
Comparative Review

Distributed Denial of Service (DDoS) remains a big concern in Cybersecurity. DDoS attacks are implemented to prevent legitimate users from getting access to services. The attackers make use of multiple hosts that have been compromised (i.e., Botnets) to organize a large-scale attack on targets. Developing an effective defensive mechanism against existing and potential DDoS attacks remains a strong desire in the cybersecurity research community. However, development of effective mechanisms or solutions require adequate evaluation of existing defense mechanism and a critical analysis of how these methods have been implemented in preventing, detecting, and responding to DDoS attacks. This paper adopted a systematic review method to critically analyze the existing mechanisms. The review of existing literature helped classify the defense mechanism into four categories: source-based, core-router, victim-based, and distributed systems. A qualitative analysis was used to exhaustively evaluate these defense mechanisms and determine their respective effectiveness. The effectiveness of the defense mechanisms was evaluated on six key parameters: coverage, implementation, deployment, detection accuracy, response mechanism, and robustness. The comparative analysis reviewed the shortcomings and benefits of each mechanism. The evaluation determined that victim-based defense mechanisms have a high detection accuracy but is associated with massive collateral as the detection happens when it is too late to protect the system. On the other hand, whereas stopping an attack from the source-end is ideal, detection accuracy at this point is too low as it is hard to differentiate legitimate and malicious traffic. The effectiveness of the core-based defense systems is not ideal because the routers do not have enough CPU cycles and memory to profile the traffic. Distributed defense mechanisms are effective as components can be spread out across the three locations in a way that takes advantage of each location. The paper also established that the rate-limiting response mechanism is more effective than packet filtering method because it does not restrict legitimate traffic. The analysis revealed that there is no single defense mechanism that offers complete protection against DDoS attacks but concludes that the best defense mechanism is the use of distributed defense because it ensures that defense components are placed on all locations.

A Survey on Denial of Service Attacks and Preclusions

2017 ◽  
Vol 11 (4) ◽  
pp. 1-15 ◽  
Author(s):  
Nagesh K. ◽  
Sumathy R. ◽  
Devakumar P. ◽  
Sathiyamurthy K.
Keyword(s):  
Network Security ◽  
Rapid Growth ◽  
New Technologies ◽  
Defense Mechanism ◽  
Computer Network ◽  
Denial Of Service ◽  
The Internet ◽  
Access To Services ◽  
Dos Attacks

Security is concerned with protecting assets. The aspects of security can be applied to any situation- defense, detection and deterrence. Network security plays important role of protecting information, hardware and software on a computer network. Denial of service (DOS) attacks causes great impacts on the internet world. These attacks attempt to disrupt legitimate user's access to services. By exploiting computer's vulnerabilities, attackers easily consume victim's resources. Many special techniques have been developed to protest against DOS attacks. Some organizations constitute several defense mechanism tools to tackle the security problems. This paper has proposed various types of attacks and solutions associated with each layers of OSI model. These attacks and solutions have different impacts on the different environment. Thus the rapid growth of new technologies may constitute still worse impacts of attacks in the future.

Taxonomy of Distributed Denial of Service (DDoS) Attacks and Defense Mechanisms in Present Era of Smartphone Devices

2018 ◽  
Vol 10 (2) ◽  
pp. 58-74 ◽  
Author(s):  
Kavita Sharma ◽  
B. B. Gupta
Keyword(s):  
Defense Mechanisms ◽  
Computer Network ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Network Resources ◽  
Common People ◽  
Ddos Attack ◽  
Legitimate User

This article describes how in the summer of 1999, the Computer Incident Advisory Capability first reported about Distributed Denial of Service (DDoS) attack incidents and the nature of Denial of Service (DoS) attacks in a distributed environment that eliminates the availability of resources or data on a computer network. DDoS attack exhausts the network resources and disturbs the legitimate user. This article provides an explanation on DDoS attacks and nature of these attacks against Smartphones and Wi-Fi Technology and presents a taxonomy of various defense mechanisms. The smartphone is chosen for this study, as they have now become a necessity rather than a luxury item for the common people.

Denial-of-Service (DoS) Attack and Botnet

2021 ◽  
pp. 49-73
Author(s):  
Arushi Arora ◽  
Sumit Kumar Yadav ◽  
Kavita Sharma
Keyword(s):  
Defense Mechanism ◽  
Denial Of Service ◽  
The Other ◽  
Denial Of Service Attacks ◽  
Ddos Attacks ◽  
Dos Attack ◽  
Dos Attacks ◽  
Commercial Software ◽  
Other Hand ◽  
Insight Into

This chapter describes how the consequence and hazards showcased by Denial of Service attacks have resulted in the surge of research studies, commercial software and innovative cogitations. Of the DoS attacks, the incursion of its variant DDoS can be quite severe. A botnet, on the other hand, is a group of hijacked devices that are connected by internet. These botnet servers are used to perform DDoS attacks effectively. In this chapter, the authors attempt to provide an insight into DoS attacks and botnets, focusing on their analysis and mitigation. They also propose a defense mechanism to mitigate our system from botnet DDoS attacks. This is achieved by using a through access list based configuration. The artful engineering of malware is a weapon used for online crime and the ideas behind it are profit-motivated. The last section of the chapter provides an understanding of the WannaCry Ransomware Attack which locked computers in more than 150 countries.

scholarly journals S-DPS: An SDN-Based DDoS Protection System for Smart Grids

2021 ◽  
Vol 2021 ◽  
pp. 1-19
Author(s):  
Hassan Mahmood ◽  
Danish Mahmood ◽  
Qaisar Shaheen ◽  
Rizwan Akhtar ◽  
Wang Changda
Keyword(s):  
Smart Grids ◽  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Dynamic Network ◽  
Software Defined Networking ◽  
Power Grids ◽  
Protection System ◽  
Centralized Control ◽  
Detection Mechanism ◽  
Security Technologies

Information Communication Technology (ICT) environment in traditional power grids makes detection and mitigation of DDoS attacks more challenging. Existing security technologies, besides their efficiency, are not adequate to cater to DDoS security in Smart Grids (SGs) due to highly distributed and dynamic network environments. Recently, emerging Software Defined Networking- (SDN-) based approaches are proposed by researchers for SG’s DDoS protection; however, they are only able to protect against flooding attacks and are dependent on static thresholds. The proposed approach, i.e., Software Defined Networking-based DDoS Protection System (S-DPS), is efficiently addressing these issues by employing light-weight Tsallis entropy-based defense mechanisms using SDN environment. It provides early detection mechanism with mitigation of anomaly in real time. The approach offers the best deployment location of defense mechanism due to the centralized control of network. Moreover, the employment of a dynamic threshold mechanism is making detection process adaptive to the changing network conditions. S-DPS has demonstrated its effectiveness and efficiency in terms of Detection Rate (DR) and minimal CPU/RAM utilization, considering DDoS protection focusing smurf attacks, socket stress attacks, and SYN flood attacks.

scholarly journals Preventing DNS Misuse for Reflection / Amplification Attacks With Minimal Computational Overhead on the Internet

2020 ◽  
pp. 60-70
Author(s):  
Rebeen Rebwar Hama Amin ◽  
Dana Hassan ◽  
Masnida Hussin
Keyword(s):  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Single Point ◽  
Denial Of Service ◽  
Traffic Load ◽  
Large Magnitude ◽  
Computational Overhead ◽  
Attack Path ◽  
Computational Resources ◽  
The Impact

DNS reflection/amplification attacks are types of Distributed Denial of Service (DDoS) attacks that take advantage of vulnerabilities in the Domain Name System (DNS) and use it as an attacking tool. This type of attack can quickly deplete the resources (i.e. computational and bandwidth) of the targeted system. Many defense mechanisms are proposed to mitigate the impact of this type of attack. However, these defense mechanisms are centralized-based and cannot deal with a distributed-based attack. Also, these defense mechanisms have a single point of deployment which leads to a lack of computational resources to handle an attack with a large magnitude. In this work, we presented a new distributed-based defense mechanism (DDM) to counter reflection/ amplification attacks. While operating, we calculated the CPU counters of the machines that we deployed our defense mechanism with which showed 19.9% computational improvement. On top of that, our defense mechanism showed that it can protect the attack path from exhaustion during reflection/amplification attacks without putting any significant traffic load on the network by eliminating every spoofed request from getting responses.

scholarly journals Uma Comparação entre os Sistemas de Detecção de Ameaças Distribuídas de Rede Baseado no Processamento de Dados em Fluxo e em Lotes

2019 ◽  
Author(s):  
Fabio Cesar Schuartz ◽  
Anelise Munaretto ◽  
Mauro Fonseca
Keyword(s):  
Data Stream ◽  
Denial Of Service ◽  
False Negative ◽  
Stream Processing ◽  
Detection Accuracy ◽  
Distributed Network ◽  
Data Stream Processing ◽  
On Line ◽  
Using Data ◽  
The Internet Of Things

With the advancement of technology, allowing a greater massification of devices connected to the Internet of Things, there is a huge increase in the communication that circulates through the network, resulting in a growing number of vulnerability exploitations detected every year. Thus, faster and more accurate systems are needed to efficiently detect distributed denial of service attacks and port scans. This paper proposes a system for on-line detection of distributed network threats using data stream processing. The results obtained by the proposed system are compared with the results obtained by a system using batch processing, both operating on the same database, widely known by the scientific community. The proposed system is evaluated through two metrics: accuracy and number of false-positive and false-negative. The results show that using data stream processing improved detection accuracy by up to 17,50%, reducing the number of false-positives and false-negatives by up to 66,61%.

Denial-of-Service (DoS) Attack and Botnet

2018 ◽  
pp. 117-141 ◽  
Author(s):  
Arushi Arora ◽  
Sumit Kumar Yadav ◽  
Kavita Sharma
Keyword(s):  
Defense Mechanism ◽  
Denial Of Service ◽  
The Other ◽  
Denial Of Service Attacks ◽  
Ddos Attacks ◽  
Dos Attack ◽  
Dos Attacks ◽  
Commercial Software ◽  
Other Hand ◽  
Insight Into

This chapter describes how the consequence and hazards showcased by Denial of Service attacks have resulted in the surge of research studies, commercial software and innovative cogitations. Of the DoS attacks, the incursion of its variant DDoS can be quite severe. A botnet, on the other hand, is a group of hijacked devices that are connected by internet. These botnet servers are used to perform DDoS attacks effectively. In this chapter, the authors attempt to provide an insight into DoS attacks and botnets, focusing on their analysis and mitigation. They also propose a defense mechanism to mitigate our system from botnet DDoS attacks. This is achieved by using a through access list based configuration. The artful engineering of malware is a weapon used for online crime and the ideas behind it are profit-motivated. The last section of the chapter provides an understanding of the WannaCry Ransomware Attack which locked computers in more than 150 countries.

Current Challenges in Intrusion Detection Systems

2009 ◽  
pp. 305-311
Author(s):  
H. Gunes Kayacik
Keyword(s):  
Computer Networks ◽  
Defense Mechanisms ◽  
Computer Network ◽  
Denial Of Service ◽  
Security Management ◽  
Network Information ◽  
Software Vulnerabilities ◽  
Detection Systems ◽  
Software Updates ◽  
Unauthorized Disclosure

Along with its numerous benefits, the Internet also created numerous ways to compromise the security and stability of the systems connected to it. In 1995, 171 vulnerabilities were reported to CERT/CC © while in 2003, there were 3,784 reported vulnerabilities, increasing to 8,064 in 2006 (CERT/CC©, 2006). Operations, which are primarily designed to protect the availability, confidentiality, and integrity of critical network information systems are considered to be within the scope of security management. Security management operations protect computer networks against denial-of-service attacks, unauthorized disclosure of information, and the modification or destruction of data. Moreover, the automated detection and immediate reporting of these events are required in order to provide the basis for a timely response to attacks (Bass, 2000). Security management plays an important, albeit often neglected, role in network management tasks. Defensive operations can be categorized in two groups: static and dynamic. Static defense mechanisms are analogous to the fences around the premises of a building. In other words, static defensive operations are intended to provide barriers to attacks. Keeping operating systems and other software up-to-date and deploying firewalls at entry points are examples of static defense solutions. Frequent software updates can remove the software vulnerabilities, which are susceptible to exploits. Firewalls provide access control at the entry point; they therefore function in much the same way as a physical gate on a house. In other words, the objective of a firewall is to keep intruders out rather than catching them. Static defense mechanisms are the first line of defense, they are relatively easy to deploy and provide significant defense improvement compared to the initial unguarded state of the computer network. Moreover, they act as the foundation for more sophisticated defense mechanisms. No system is totally foolproof. It is safe to assume that intruders are always one step ahead in finding security holes in current systems. This calls attention to the need for dynamic defenses. Dynamic defense mechanisms are analogous to burglar alarms, which monitor the premises to find evidence of break-ins. Built upon static defense mechanisms, dynamic defense operations aim to catch the attacks and log information about the incidents such as source and nature of the attack. Therefore, dynamic defense operations accompany the static defense operations to provide comprehensive information about the state of the computer networks and connected systems.

Sistem Keamanan Jaringan Local Area Network Menggunakan Teknik De-Militarized Zone

2018 ◽  
Vol 5 (2) ◽  
pp. 91-106
Author(s):  
Ino Anugrah ◽  
Raden Hengki Rahmanto
Keyword(s):  
Network Security ◽  
Computer Network ◽  
Local Area Network ◽  
Denial Of Service ◽  
Local Area ◽  
Area Network ◽  
Dos Attack ◽  
Security Systems ◽  
Flooding Attack ◽  
Well Data

ABSTRACT   Islamic University”45” computer network needs a safe network to strengthen the network security systems to protect servers from attacks such as Port Scanning and DoS attack (Denial of Service). One of the network security techniques is De-Militarized Zone (DMZ) that is a mechanism to protect the internal system from hacker attacks or other parties who want to enter the system with no access. The purpose of this Project is to implement LAN network security system using De-Militarized Zone (DMZ) technique, with a single firewall that supports the internal and external networks. The results of the DMZ technique implementation at the Islamic University's "45", it is found that filter DoS attack can be implemented well.  Data analysis results show DoS attack with the type of ICMP Flooding attack, and UDP Flooding attack can be blocked with Percentage of success is 98%.   Keywords : attack, network security,  de-militarized zone     ABSTRAK   Jaringan komputer Universitas Islam “45” memerlukan keamanan jaringan untuk dapat memperkuat sistem keamanan jaringan pada server dari serangan seperti Port Scanning dan DoS (Denial of Service). Salah satu teknik keamanan jaringan yaitu De-Militarized Zone (DMZ) yang merupakan mekanisme untuk melindungi sistem internal dari serangan hacker atau pihak-pihak lain yang ingin memasuki sistem tanpa mempunyai hak akses. Tujuan Tugas Akhir ini adalah untuk mengimplementasikan sistem keamanan jaringan LAN menggunakan teknik De-Militarized Zone (DMZ). metode dasar adalah dengan menggunakan firewall tunggal yang menjadi penyangga jaringan internal dan external. Hasil penelitian implementasi teknik DMZ pada layanan server jaringan komputer Universitas Islam “45” dapat melakukan filter DoS attack dengan baik, data hasil analisa  menunjukan DoS attack dengan jenis ICMP Flooding attack, dan UDP Flooding attack dapat di-block dengan Persentase keberhasilan sebesar 98%.   Kata kunci : Serangan,  Keamanan jaringan,  De-Militarized Zone

Sign in / Sign up

Export Citation Format

Share Document