SCEF: A Model for Prevention of DDoS Attacks From the Cloud

Distributed denial of service (DDoS) attacks are some of the biggest threats to network performance and security today. With the advent of cloud computing, these attacks can be performed remotely on rented virtual machines (VMs), potentially increasing their capabilities and making them harder to trace and mitigate, and negatively affecting the cloud service provider as well. By analyzing packet transmission statistics, attacks can be detected on a virtual machine monitor (VMM) that controls the behavior of the VMs. This article proposes a solution to stop such detected attacks from the source, and analyses solutions proposed for a few different types of such attacks. The authors propose a model called selective cloud egress filter (SCEF) which implements specific modules to deal with detected attacks. If an attack is detected, the SCEF relays information to the VMM about which VMs are participating in the attack, allowing for specific corrective action.

Download Full-text

Mathematical model on distributed denial of service attack through Internet of things in a network

Nonlinear Engineering ◽

10.1515/nleng-2017-0094 ◽

2019 ◽

Vol 8 (1) ◽

pp. 486-495 ◽

Cited By ~ 3

Author(s):

Bimal Kumar Mishra ◽

Ajit Kumar Keshri ◽

Dheeresh Kumar Mallick ◽

Binay Kumar Mishra

Keyword(s):

Mathematical Model ◽

Internet Of Things ◽

Equilibrium Points ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Denial Of Service Attack ◽

Different Types ◽

Service Attack ◽

Iot Devices

Abstract Internet of Things (IoT) opens up the possibility of agglomerations of different types of devices, Internet and human elements to provide extreme interconnectivity among them towards achieving a completely connected world of things. The mainstream adaptation of IoT technology and its widespread use has also opened up a whole new platform for cyber perpetrators mostly used for distributed denial of service (DDoS) attacks. In this paper, under the influence of internal and external nodes, a two - fold epidemic model is developed where attack on IoT devices is first achieved and then IoT based distributed attack of malicious objects on targeted resources in a network has been established. This model is mainly based on Mirai botnet made of IoT devices which came into the limelight with three major DDoS attacks in 2016. The model is analyzed at equilibrium points to find the conditions for their local and global stability. Impact of external nodes on the over-all model is critically analyzed. Numerical simulations are performed to validate the vitality of the model developed.

Download Full-text

A Novel Approach to Develop and Deploy Preventive Measures for Different Types of DDoS Attacks

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2020040101 ◽

2020 ◽

Vol 14 (2) ◽

pp. 1-19

Author(s):

Khundrakpam Johnson Singh ◽

Janggunlun Haokip ◽

Usham Sanjota Chanu

Keyword(s):

Preventive Measures ◽

Denial Of Service ◽

External Environment ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

New Era ◽

Denial Of Service Attack ◽

Novel Approach ◽

Different Types ◽

Service Attack

In the new era of computers, everyone relies on the internet for basic day-to-day activities to sophisticated and secret tasks. The cyber threats are increasing, not only theft and manipulation of someone's information, but also forcing the victim to deny other requests. A DDoS (Distributed Denial of Service) attack, which is one of the serious issues in today's cyber world needs to be detected and their advance towards the server should be blocked. In the article, the authors are focusing mainly on preventive measures of different types of DDoS attacks using multiple IPtables rules and Windows firewall advance security settings configuration, which would be feasibly free on any PC. The IPtables when appropriately selected and implemented can establish a relatively secure barrier for the system and the external environment.

Download Full-text

Dolus : cyber defense using pretense against DDoS attacks in cloud platforms

10.32469/10355/66749 ◽

2017 ◽

Author(s):

◽

Roshan Lal Neupane

Keyword(s):

Virtual Machines ◽

Service Providers ◽

Denial Of Service ◽

Cloud Service ◽

Cloud Services ◽

Ddos Attacks ◽

Child Play ◽

Original Target ◽

Multiple Network ◽

The Impact

Cloud-hosted services are being increasingly used in online businesses in e.g., retail, healthcare, manufacturing, entertainment due to benefits such as scalability and reliability. These benefits are fueled by innovations in orchestration of cloud platforms that make them totally programmable as Software Defined everything Infrastructures (SDxI). At the same time, sophisticated targeted attacks such as Distributed Denial-of-Service (DDoS) are growing on an unprecedented scale threatening the availability of online businesses. In this thesis, we present a novel defense system called Dolus to mitigate the impact of DDoS attacks launched against high-value services hosted in SDxI-based cloud platforms. Our Dolus system is able to initiate a pretense in a scalable and collaborative manner to deter the attacker based on threat intelligence obtained from attack feature analysis in a two-stage ensemble learning scheme. Using foundations from pretense theory in child play, Dolus takes advantage of elastic capacity provisioning via quarantine virtual machines and SDxI policy co-ordination across multiple network domains. To maintain the pretense of false sense of success after attack identification, Dolus uses two strategies: (i) dummy traffic pressure in a quarantine to mimic target response time profiles that were present before legitimate users were migrated away, and (ii) Scapy-based packet manipulation to generate responses with spoofed IP addresses of the original target before the attack traffic started being quarantined. From the time gained through pretense initiation, Dolus enables cloud service providers to decide on a variety of policies to mitigate the attack impact, without disrupting the cloud services experience for legitimate users. We evaluate the efficacy of Dolus using a GENI Cloud testbed and demonstrate its real-time capabilities to: (a) detect DDoS attacks and redirect attack traffic to quarantine resources to engage the attacker under pretense, and (b) coordinate SDxI policies to possibly block DDoS attacks closer to the attack source(s).

Download Full-text

A Traffic Cluster Entropy Based Approach to Distinguish DDoS Attacks from Flash Event Using DETER Testbed

ISRN Communications and Networking ◽

10.1155/2014/259831 ◽

2014 ◽

Vol 2014 ◽

pp. 1-15 ◽

Cited By ~ 11

Author(s):

Monika Sachdeva ◽

Krishan Kumar

Keyword(s):

Research Laboratory ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Cyber Defense ◽

Ddos Attack ◽

Defense Technology ◽

Different Types ◽

Ddos Detection ◽

Flash Event

The detection of distributed denial of service (DDoS) attacks is one of the hardest problems confronted by the network security researchers. Flash event (FE), which is caused by a large number of legitimate requests, has similar characteristics to those of DDoS attacks. Moreover DDoS attacks and FEs require altogether different handling procedures. So discriminating DDoS attacks from FEs is very important. But the research involving DDoS detection has not laid enough emphasis on including FEs scenarios in the experiments. In this paper, we are using traffic cluster entropy as detection metric not only to detect DDoS attacks but also to distinguish DDoS attacks from FEs. We have validated our approach on cyber-defense technology experimental research laboratory (DETER) testbed. Different emulation scenarios are created on DETER using mix of legitimate, flash, and different types of attacks at varying strengths. It is found that, when flash event is triggered, source address entropy increases but the corresponding traffic cluster entropy does not increase. However, when DDoS attack is launched, traffic cluster entropy also increases along with source address entropy. An analysis of live traces on DETER testbed clearly manifests supremacy of our approach.

Download Full-text

DDOS ATTACK DETECTION AND MITIGATION AT SDN ENVIROMENT

Iraqi Journal of Information & Communications Technology ◽

10.31987/ijict.4.1.115 ◽

2021 ◽

Vol 4 (1) ◽

pp. 1-9

Author(s):

Huda S. Abdulkarem ◽

Ammar D. Alethawy

Keyword(s):

Network Performance ◽

Denial Of Service ◽

Attack Detection ◽

Normal Operation ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Negative Effects ◽

Network Infrastructure ◽

Ddos Attack ◽

Negative Impacts

Abstract- Software-Defined Networking (SDN) is a promising sample that allows the programming behind the network’s operation with some abstraction level from the underlying networking devices .the insistence to detect and mitigate Distributed Denial of Service (DDoS) which introduced by network devices tries to discover network security weaknesses and the negative effects of some types of Distributed Denial of Service (DDoS) attacks. An SDN-based generic solution to mitigate DDoS attacks when and where they originate. Briefly, it compares at runtime the expected trend of normal traffic against the trend of abnormal traffic; if big deviation on the traffic trend is detected, then an event is created; as an event associated to a DDoS attack is produced, an SDN (OpenDayLight) controller creates flow rules for blocking the malign traffic, By designing and implementing an application that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. The evaluation results suggest that the proposal timely detect the characteristics of a flooding DDoS attacks, and mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. The work sheds light on the programming relevance over an abstracted view of the network infrastructure.

Download Full-text

Protection From Distributed Denial of Service Attack Using Fuzzy Logic

10.21203/rs.3.rs-349667/v1 ◽

2021 ◽

Author(s):

Hemalatha S ◽

Vasantha Gowri N ◽

vani A ◽

Sana Qaiyum ◽

vijayakumar P ◽

...

Keyword(s):

Fuzzy Logic ◽

Denial Of Service ◽

Cloud Service ◽

Detection Accuracy ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Denial Of Service Attack ◽

Service Attack ◽

Important Challenge ◽

Set Up

Abstract Distributed Denial of Service (DDoS) attacks represent an important challenge for public cloud as they invade the offender and completely delete Cloud service in order to serve the correct user and at the same time against the targets that cause system and service lack of access on infected devices. DDoS (Distributed Denial of Service) attacks are usually specific efforts to drain the resources of the victim or interrupt connections to networks by legitimate users. Traditional internet infrastructure is susceptible to DDoS assaults, and through leveraging their flaws to set up assault networks or Botnets, it offers an opening for an intruder to reach a wide number of infected machines. In order to identify and sustain improved detection accuracy, this work focuses on evaluating the different works and recommending a better solution to accommodate the cloud environment. A fuzzy logic for the detection and safety of DDOS attacks is proposed in this paper. The Fuzzy logic is used to dynamically select an algorithm from a collection of defined supervised learning that distinguish various DDoS variations and ultimately choose the relevant traffic algorithm.

Download Full-text

A Firegroup Mechanism to Provide Intrusion Detection and Prevention System Against DDos Attack in Collaborative Clustered Networks

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2014040101 ◽

2014 ◽

Vol 8 (2) ◽

pp. 1-18 ◽

Cited By ~ 2

Author(s):

M. Poongodi ◽

S. Bose

Keyword(s):

Intrusion Detection ◽

Network Performance ◽

Performance Metrics ◽

Denial Of Service ◽

Collaborative Networks ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Prevention System ◽

Packet Data ◽

Intrusion Detection And Prevention

Distributed Denial of Service (DDOS) attacks are the major concern for security in the collaborative networks. Although non DDOS attacks are also make the network performances poor, the effect of DDOS attacks is severe. In DDOS attacks, flooding of the particular node as victim and jam it with massive traffic happens and the complete network performance is affected. In this paper, a novel Intrusion Detection and Prevention System is designed which detects the flooding DDOS attacks based on Firecol and prevents the attacks based on Dynamic Growing Self Organizing Tree (DGSOT) for collaborative networks. Simulation results in NS2 shows that DGSOT with Firecol (Firegroup) produces better intrusion detection and prevention system. Performance metrics based on the parameters delay, throughput, average path length, packet data ratio and energy conservation are better in Firegroup than the traditional Firecol system.

Download Full-text

HULK and DDoS Attacks in Web Applications with Detection Mechanism

International Journal of Emerging Research in Management and Technology ◽

10.23956/ijermt.v6i6.268 ◽

2018 ◽

Vol 6 (6) ◽

pp. 192

Author(s):

Amit Sharma

Keyword(s):

Web Applications ◽

Denial Of Service ◽

Single Server ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Detection Mechanism ◽

Plan Execution ◽

Social Affair ◽

Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Download Full-text