Memcached: An Experimental Study of DDoS Attacks for the Wellbeing of IoT Applications

Distributed denial-of-service (DDoS) attacks are significant threats to the cyber world because of their potential to quickly bring down victims. Memcached vulnerabilities have been targeted by attackers using DDoS amplification attacks. GitHub and Arbor Networks were the victims of Memcached DDoS attacks with 1.3 Tbps and 1.8 Tbps attack strengths, respectively. The bandwidth amplification factor of nearly 50,000 makes Memcached the deadliest DDoS attack vector to date. In recent times, fellow researchers have made specific efforts to analyze and evaluate Memcached vulnerabilities; however, the solutions provided for security are based on best practices by users and service providers. This study is the first attempt at modifying the architecture of Memcached servers in the context of improving security against DDoS attacks. This study discusses the Memcached protocol, the vulnerabilities associated with it, the future challenges for different IoT applications associated with caches, and the solutions for detecting Memcached DDoS attacks. The proposed solution is a novel identification-pattern mechanism using a threshold scheme for detecting volume-based DDoS attacks. In the undertaken study, the solution acts as a pre-emptive measure for detecting DDoS attacks while maintaining low latency and high throughput.

Download Full-text

Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i1.1.9473 ◽

2017 ◽

Vol 7 (1.1) ◽

pp. 230

Author(s):

C. Vasan Sai Krishna ◽

Y. Bhuvana ◽

P. Pavan Kumar ◽

R. Murugan

Keyword(s):

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attack ◽

Computing Power ◽

Server Side ◽

Ddos Attack ◽

Client Machine ◽

Client Side

In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.

Download Full-text

Cluster-Based Countermeasures for DDoS Attacks

Network Security Attacks and Countermeasures - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-8761-5.ch008 ◽

2016 ◽

pp. 206-227

Author(s):

Mohammad Jabed Morshed Chowdhury ◽

Dileep Kumar G

Keyword(s):

Unsupervised Learning ◽

Network Traffic ◽

Denial Of Service ◽

Security Threats ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Ddos Attack ◽

Real Progress ◽

Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

Download Full-text

Defending against Distributed Denial of Service

Encyclopedia of Information Ethics and Security ◽

10.4018/978-1-59140-987-8.ch019 ◽

2011 ◽

pp. 121-129

Author(s):

Yang Xiang ◽

Wanlei Zhou

Keyword(s):

Web Sites ◽

Credit Card ◽

Denial Of Service ◽

Online Gambling ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Web Traffic ◽

Internet Applications ◽

Ddos Attack ◽

Interactive Advertising

Recently the notorious Distributed Denial of Service (DDoS) attacks made people aware of the importance of providing available data and services securely to users. A DDoS attack is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resource (CERT, 2006). For example, in February 2000, many Web sites such as Yahoo, Amazon.com, eBuy, CNN.com, Buy. com, ZDNet, E*Trade, and Excite.com were all subject to total or regional outages by DDoS attacks. In 2002, a massive DDoS attack briefly interrupted Web traffic on nine of the 13 DNS “root” servers that control the Internet (Naraine, 2002). In 2004, a number of DDoS attacks assaulted the credit card processor Authorize. net, the Web infrastructure provider Akamai Systems, the interactive advertising company DoubleClick (left that company’s servers temporarily unable to deliver ads to thousands of popular Web sites), and many online gambling sites (Arnfield, 2004). Nowadays, Internet applications face serious security problems caused by DDoS attacks. For example, according to CERT/CC Statistics 1998-2005 (CERT, 2006), computer-based vulnerabilities reported have increased exponentially since 1998. Effective approaches to defeat DDoS attacks are desperately demanded (Cisco, 2001; Gibson, 2002).

Download Full-text

A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors

Applied Sciences ◽

10.3390/app9214633 ◽

2019 ◽

Vol 9 (21) ◽

pp. 4633 ◽

Cited By ~ 3

Author(s):

Jian Zhang ◽

Qidi Liang ◽

Rui Jiang ◽

Xi Li

Keyword(s):

Success Rate ◽

Denial Of Service ◽

Detection Algorithm ◽

Feature Analysis ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Detection Capability ◽

Ddos Attack ◽

Attack Mitigation ◽

Multiple Attack

In recent years, distributed denial of service (DDoS) attacks have increasingly shown the trend of multiattack vector composites, which has significantly improved the concealment and success rate of DDoS attacks. Therefore, improving the ubiquitous detection capability of DDoS attacks and accurately and quickly identifying DDoS attack traffic play an important role in later attack mitigation. This paper proposes a method to efficiently detect and identify multivector DDoS attacks. The detection algorithm is applicable to known and unknown DDoS attacks.

Download Full-text

Intelligent Traffic Classification for Detecting DDoS Attacks using SDN/OpenFlow

10.26686/wgtn.17064107.v1 ◽

2021 ◽

Author(s):

◽

Jarrod Bakker

Keyword(s):

Denial Of Service ◽

Network Control ◽

Traffic Classification ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Network Information ◽

Ddos Attack ◽

Machine Learning Methods ◽

Attack Scenario ◽

And Control

<p>Distributed denial of service (DDoS) attacks utilise many attacking entities to prevent legitimate use of a resource via consumption. Detecting these attacks is often difficult when using a traditional networking paradigm as network information and control are not centralised. Software-Defined Networking is a recent paradigm that centralises network control, thus improving the ability to gather network information. Traffic classification techniques can leverage the gathered data to detect DDoS attacks.This thesis utilises nmeta2, a SDN-based traffic classification architecture, to study the effectiveness of machine learning methods to detect DDoS attacks. These methods are evaluated on a physical network testbed to demonstrate their application during a DDoS attack scenario.</p>

Download Full-text

Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

10.26686/wgtn.17135222.v1 ◽

2021 ◽

Author(s):

◽

Abigail Koay

Keyword(s):

Information Sharing ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Traffic Classification ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Low Intensity ◽

Ddos Attack ◽

Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

Download Full-text

Detection and Prevention Algorithm of DDoS Attack Over the IOT Networks

TEM Journal ◽

10.18421/tem93-09 ◽

2020 ◽

pp. 899-906

Keyword(s):

Denial Of Service ◽

The Other ◽

High Rate ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Huge Number ◽

Security Issues ◽

Ddos Attack ◽

Legitimate User ◽

The Impact

One of the most notorious security issues in the IoT is the Distributed Denial of Service (DDoS) attack. Using a large number of agents, DDoS attack floods the host server with a huge number of requests causing interrupting and blocking the legitimate user requests. This paper proposes a detection and prevention algorithm for DDoS attacks. It is divided into two parts, one for detecting the DDoS attack in the IoT end devices and the other for mitigating the impact of the attack placed on the border router. Also, it has the ability to differentiate the High-rate from the Lowrate DDoS attack accurately and defend against these two types of attacks. It is implemented and tested against different scenarios to dissect their efficiency in detecting and mitigating the DDoS attack.

Download Full-text

Shield Advanced Mitigation System of Distributed Denial of Service Attack in Integration of Internet of Things and Cloud Computing Environment

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.a4841.129219 ◽

2019 ◽

Vol 9 (2) ◽

pp. 1300-1306

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Denial Of Service ◽

Cloud Services ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Denial Of Service Attack ◽

Ddos Attack ◽

Service Attack ◽

Verification Process

Cloud services among public and business companies have become popular in recent years. For production activities, many companies rely on cloud technology. Distributed Denial of Services (DDoS) attack is an extremely damaging general and critical type of cloud attacks. Several efforts have been made in recent years to identify numerous types of DDoS attacks. This paper discusses the different types of DDoS attacks and their cloud computing consequences. Distributed Denial of Service attack (DDoS) is a malicious attempt to disrupt the normal movement of a targeted server, service or network through influx of internet traffic overwhelming the target or its infrastructure. The use of multiple affected computer systems as a source of attacks makes DDoS attacks effective. Computers and other networked tools, including IoT phones, may be included on exploited machines. A DDoS attack from a high level resembles a traffic jam that is caused by roads that prevents normal travel at their desired destination. So DDoS Attack is a major challenging problem in integrated Cloud and IoT. Hence, this paper proposes Shield Advanced Mitigation System of Distributed Denial of Service Attack in the integration of Internet of Things and Cloud Computing Environment. This secure architecture use two verification process to identify whether user is legitimate or malicious. Dynamic Captcha Testing with Equal Probability test for first verification process, moreover Zigsaw Image Puzzle Test is used for second verification process, and Intrusion Detection Prevention System is used to identify and prevent malicious user, moreover reverse proxy is used to hide server location. These functional components and flow could strengthen security in Client side network to provide cloud services furthermore to overcome distributed denial of service attack in the integration of Internet of Things and Cloud Environment.

Download Full-text

Optimal Cloud Assistance Policy of End-Edge-Cloud Ecosystem for Mitigating Edge Distributed Denial of Service Attacks

10.21203/rs.3.rs-177229/v1 ◽

2021 ◽

Author(s):

Teng Li

Keyword(s):

Denial Of Service ◽

Optimality System ◽

Distributed Denial Of Service ◽

Optimal Solutions ◽

Ddos Attacks ◽

The Core ◽

Iot Applications ◽

Computing Paradigm ◽

Optimal Policies ◽

Core Problem

Abstract Edge computing has become a fundamental technology for Internet of Things (IoT) applications. To provide reliable services for latency-sensitive applications, edge servers must respond to end devices within the shortest amount of time possible. Edge distributed denial-of-service (DDoS) attacks, which render edge servers unusable by legitimate IoT applications by sending heavy requests from distributed attacking sources, is a threat that leads to severe latency. To protect edge servers from DDoS attacks, a hybrid computing paradigm known as an end-edge-cloud ecosystem provides a possible solution. Cloud assistance is allowed with this architecture. Edge servers can upload their pending tasks onto a cloud center for a workload reduction when encountering a DDoS attack, similar to borrowing resources from the cloud. Nevertheless, before using the ecosystem to mitigate edge DDoS attacks, we must address the core problem that edge servers must decide when and to what extent they should upload tasks to the cloud center. In this study, we focus on the design of optimal cloud assistance policies. First, we propose an edge workload evolution model that describes how the workload of the edge servers change over time with a given cloud assistance policy. On this basis, we quantify the effectiveness of the policy by using the resulting overall latency and formulate an optimal control problem for seeking optimal policies that can minimize such latency. We then provide solutions by deriving the optimality system and discuss some properties of the optimal solutions to accelerate the problem solving. Next, we introduce a numerical iterative algorithm to seek solutions that can satisfy the optimality system. Finally, we provide several illustrative numerical examples. The results show that the optimal policies obtained can effectively mitigate edge DDoS attacks.

Download Full-text

Taxonomy of Distributed Denial of Service (DDoS) Attacks and Defense Mechanisms in Present Era of Smartphone Devices

International Journal of E-Services and Mobile Applications ◽

10.4018/ijesma.2018040104 ◽

2018 ◽

Vol 10 (2) ◽

pp. 58-74 ◽

Cited By ~ 8

Author(s):

Kavita Sharma ◽

B. B. Gupta

Keyword(s):

Defense Mechanisms ◽

Computer Network ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Network Resources ◽

Common People ◽

Ddos Attack ◽

Legitimate User

This article describes how in the summer of 1999, the Computer Incident Advisory Capability first reported about Distributed Denial of Service (DDoS) attack incidents and the nature of Denial of Service (DoS) attacks in a distributed environment that eliminates the availability of resources or data on a computer network. DDoS attack exhausts the network resources and disturbs the legitimate user. This article provides an explanation on DDoS attacks and nature of these attacks against Smartphones and Wi-Fi Technology and presents a taxonomy of various defense mechanisms. The smartphone is chosen for this study, as they have now become a necessity rather than a luxury item for the common people.

Download Full-text