A Survey of Botnet-Based DDoS Flooding Attacks of Application Layer

A Botnet can be used to launch a cyber-attack, such as a Distributed Denial of Service (DDoS) attack, against a target or to conduct a cyber-espionage campaign to steal sensitive information. This survey analyzes and compares the most important efforts carried out in an application-based detection area and this survey extended to cover the mitigation approaches for the Botnet-based DDoS flooding attacks. It accomplishes four tasks: first, an extensive illustration on Internet Security; second, an extensive comparison between representative detection mechanisms; third, the comparison between the mitigation mechanisms against Botnet-based DDoS flooding and fourth, the description of the most important problems and highlights in the area. We conclude that the area has achieved great advances so far, but there are still many open problems.

Download Full-text

A Review on Various Sniffing Attacks and its Mitigation Techniques

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v12.i3.pp1117-1125 ◽

2018 ◽

Vol 12 (3) ◽

pp. 1117

Author(s):

B. Prabadevi ◽

N. Jeyanthi

Keyword(s):

Denial Of Service ◽

Vital Role ◽

Sensitive Information ◽

Security Threats ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Man In The Middle ◽

Mitigation Techniques ◽

Detection Mechanisms

<p>Security in the era of digital computing plays a vital role. Of various attacks in the field of computing, Distributed Denial of service (DDoS) attacks, Man-in-the-Middle Attack (MITM) and data theft have their major impact on the emerging applications. The sniffing attacks, one of the most prominent reasons for DDoS attacks, are the major security threats in the client-server computing. The content or packet sniffer snorts the most sensitive information from the network and alters or disturbs the legitimate functionality of the victim system. Therefore it is extremely important to have a greater knowledge on these vulnerabilities, their issues, and various mitigation techniques. This study analyses the existing sniffing attacks, variations of sniffing attacks and prevention or detection mechanisms. The reasons for most vital Ransomware are also discussed.</p>

Download Full-text

Vulnerability Analysis of Existing Distributed Denial of Service (DDoS) Defense Frameworks

Asian Journal of Computer Science and Technology ◽

10.51983/ajcst-2018.7.3.1895 ◽

2018 ◽

Vol 7 (3) ◽

pp. 62-67

Author(s):

Shaveta Gupta ◽

Dinesh Grover ◽

Abhinav Bhandari

Keyword(s):

Defense Mechanism ◽

Denial Of Service ◽

False Negative ◽

Vulnerability Analysis ◽

Cyber Attacks ◽

Distributed Denial Of Service ◽

Cyber Attack ◽

Detection Time ◽

Ddos Attack ◽

The World

The world is quickly moving towards an era of digitization. Scope and volume of the network are becoming vast that makes these machines more prone to cyber-attack due to vulnerabilities of the network. There are various types of cyber-attacks but most common and equally impactful is DDOS attack. A foolproof defense mechanism is need of the hour. Analysis of various existing defense mechanism frameworks has been done and their shortcomings have been reported by us. This analysis will help to define a framework which can provide better accuracy, lesser detection time and reduced false negative and positive rates. It will further ensure better response and mitigation against the attack.

Download Full-text

Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i1.1.9473 ◽

2017 ◽

Vol 7 (1.1) ◽

pp. 230

Author(s):

C. Vasan Sai Krishna ◽

Y. Bhuvana ◽

P. Pavan Kumar ◽

R. Murugan

Keyword(s):

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attack ◽

Computing Power ◽

Server Side ◽

Ddos Attack ◽

Client Machine ◽

Client Side

In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.

Download Full-text

Blocking Distributed Denial of Service Flooding Attacks with Dynamic Path Detectors

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2020.6212 ◽

2020 ◽

Vol 8 (6) ◽

pp. 1318-1322

Author(s):

Dr. E. Punarselvam

Keyword(s):

Denial Of Service ◽

Distributed Denial Of Service ◽

Flooding Attacks ◽

Dynamic Path

Download Full-text

Cluster-Based Countermeasures for DDoS Attacks

Network Security Attacks and Countermeasures - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-8761-5.ch008 ◽

2016 ◽

pp. 206-227

Author(s):

Mohammad Jabed Morshed Chowdhury ◽

Dileep Kumar G

Keyword(s):

Unsupervised Learning ◽

Network Traffic ◽

Denial Of Service ◽

Security Threats ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Ddos Attack ◽

Real Progress ◽

Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

Download Full-text

Detecting DDoS Attacks on Multiple Network Hosts

Developments in Information Security and Cybernetic Wars - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-8304-2.ch006 ◽

2019 ◽

pp. 121-139 ◽

Cited By ~ 1

Author(s):

Konstantinos F. Xylogiannopoulos ◽

Panagiotis Karampelas ◽

Reda Alhajj

Keyword(s):

Denial Of Service ◽

Attack Detection ◽

Detection Methods ◽

Distributed Denial Of Service ◽

Secondary Sources ◽

Ddos Attack ◽

Timely Fashion ◽

Multiple Network ◽

Ddos Attack Detection ◽

Low Traffic

The proliferation of low security internet of things devices has widened the range of weapons that malevolent users can utilize in order to attack legitimate services in new ways. In the recent years, apart from very large volumetric distributed denial of service attacks, low and slow attacks initiated from intelligent bot networks have been detected to target multiple hosts in a network in a timely fashion. However, even if the attacks seem to be “innocent” at the beginning, they generate huge traffic in the network without practically been detected by the traditional DDoS attack detection methods. In this chapter, an advanced pattern detection method is presented that is able to collect and classify in real time all the incoming traffic and detect a developing slow and low DDoS attack by monitoring the traffic in all the hosts of the network. The experimental analysis on a real dataset provides useful insights about the effectiveness of the method by identifying not only the main source of attack but also secondary sources that produce low traffic, targeting though multiple hosts.

Download Full-text

Practical Measures for Securing Government Networks

Handbook of Research on Public Information Technology ◽

10.4018/978-1-59904-857-4.ch037 ◽

2008 ◽

pp. 386-394

Author(s):

Stephen K. Aikins

Keyword(s):

Information Security ◽

Denial Of Service ◽

Cost Effective ◽

Internet Security ◽

The State ◽

Sensitive Information ◽

Dos Attacks ◽

Security Vulnerabilities ◽

Internal Resources ◽

State And Local

The modern network and Internet security vulnerabilities expose state and local government networks to numerous threats such as denial of service (DoS) attacks, computer viruses, unauthorized access, confidentiality breaches, and so forth. For example, in June 2005, the state of Delaware saw a spike of 141,000 instances of “suspicious activity” due to a variant of the mytopb worm, which could have brought the state’s network to its knees had appropriate steps not been taken (Jarrett, 2005; National Association of State Chief Information Officers [NASCIO], 2006b). On an average day, the state of Michigan blocks 22,059 spam e-mails, 21,702 e-mail viruses, 4,239 Web defacements, and six remote computer takeover attempts. Delaware fends off nearly 3,000 attempts at entering the state’s network daily (NASCIO, 2006b). Governments have the obligation to manage their information security risks by securing mission- critical internal resources such as financial records and taxpayer sensitive information on their networks. Consequently, public-sector information security officers are faced with the challenge to contain damage from compromised systems, prevent internally and Internet-launched attacks, provide systems for logging and intrusion detection, and build frameworks for administrators to securely manage government networks (Oxlenhandler, 2003). This chapter discusses some of the cost-effective measures needed to address government agency information security vulnerabilities and related threats.

Download Full-text

Defending against Distributed Denial of Service

Encyclopedia of Information Ethics and Security ◽

10.4018/978-1-59140-987-8.ch019 ◽

2011 ◽

pp. 121-129

Author(s):

Yang Xiang ◽

Wanlei Zhou

Keyword(s):

Web Sites ◽

Credit Card ◽

Denial Of Service ◽

Online Gambling ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Web Traffic ◽

Internet Applications ◽

Ddos Attack ◽

Interactive Advertising

Recently the notorious Distributed Denial of Service (DDoS) attacks made people aware of the importance of providing available data and services securely to users. A DDoS attack is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resource (CERT, 2006). For example, in February 2000, many Web sites such as Yahoo, Amazon.com, eBuy, CNN.com, Buy. com, ZDNet, E*Trade, and Excite.com were all subject to total or regional outages by DDoS attacks. In 2002, a massive DDoS attack briefly interrupted Web traffic on nine of the 13 DNS “root” servers that control the Internet (Naraine, 2002). In 2004, a number of DDoS attacks assaulted the credit card processor Authorize. net, the Web infrastructure provider Akamai Systems, the interactive advertising company DoubleClick (left that company’s servers temporarily unable to deliver ads to thousands of popular Web sites), and many online gambling sites (Arnfield, 2004). Nowadays, Internet applications face serious security problems caused by DDoS attacks. For example, according to CERT/CC Statistics 1998-2005 (CERT, 2006), computer-based vulnerabilities reported have increased exponentially since 1998. Effective approaches to defeat DDoS attacks are desperately demanded (Cisco, 2001; Gibson, 2002).

Download Full-text

Distributed denial of service attacks and detection mechanisms

Journal of Computational Methods in Sciences and Engineering ◽

10.3233/jcm-140510 ◽

2015 ◽

Vol 14 (6) ◽

pp. 329-345 ◽

Cited By ~ 1

Author(s):

Marjan Kuchaki Rafsanjani ◽

Neda Kazeminejad

Keyword(s):

Denial Of Service ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Detection Mechanisms

Download Full-text

A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors

Applied Sciences ◽

10.3390/app9214633 ◽

2019 ◽

Vol 9 (21) ◽

pp. 4633 ◽

Cited By ~ 3

Author(s):

Jian Zhang ◽

Qidi Liang ◽

Rui Jiang ◽

Xi Li

Keyword(s):

Success Rate ◽

Denial Of Service ◽

Detection Algorithm ◽

Feature Analysis ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Detection Capability ◽

Ddos Attack ◽

Attack Mitigation ◽

Multiple Attack

In recent years, distributed denial of service (DDoS) attacks have increasingly shown the trend of multiattack vector composites, which has significantly improved the concealment and success rate of DDoS attacks. Therefore, improving the ubiquitous detection capability of DDoS attacks and accurately and quickly identifying DDoS attack traffic play an important role in later attack mitigation. This paper proposes a method to efficiently detect and identify multivector DDoS attacks. The detection algorithm is applicable to known and unknown DDoS attacks.

Download Full-text