scholarly journals Vulnerability Analysis of Existing Distributed Denial of Service (DDoS) Defense Frameworks

2018 ◽  
Vol 7 (3) ◽  
pp. 62-67
Author(s):  
Shaveta Gupta ◽  
Dinesh Grover ◽  
Abhinav Bhandari
Keyword(s):  
Defense Mechanism ◽  
Denial Of Service ◽  
False Negative ◽  
Vulnerability Analysis ◽  
Cyber Attacks ◽  
Distributed Denial Of Service ◽  
Cyber Attack ◽  
Detection Time ◽  
Ddos Attack ◽  
The World

The world is quickly moving towards an era of digitization. Scope and volume of the network are becoming vast that makes these machines more prone to cyber-attack due to vulnerabilities of the network. There are various types of cyber-attacks but most common and equally impactful is DDOS attack. A foolproof defense mechanism is need of the hour. Analysis of various existing defense mechanism frameworks has been done and their shortcomings have been reported by us. This analysis will help to define a framework which can provide better accuracy, lesser detection time and reduced false negative and positive rates. It will further ensure better response and mitigation against the attack.

scholarly journals Blockchain Technology towards the Mitigation of Distributed Denial of Service Attacks

2020 ◽  
Vol 8 (6) ◽  
pp. 961-965
Keyword(s):  
Denial Of Service ◽  
Distributed Database ◽  
Cyber Attacks ◽  
Distributed Denial Of Service ◽  
Cyber Attack ◽  
Ddos Attacks ◽  
Denial Of Service Attack ◽  
Blockchain Technology ◽  
Main Challenge ◽  
Communication Devices

The Distributed Denial of Service attack become one of the most adverse effects among all Cyber-attack due to the high availability of the internet and unprotected internetconnected communication devices. There are many mitigation solutions available to reduce the risk of DDoS attacks, and the researcher represents many techniques to get rid of the DDoS attacks. The main challenge to identify and mitigate the attack is that attack traffic mixes with the legitimate system user traffic so it becomes very important to block the attack traffic because it costs in terms of money and system reputation. Blockchain technology presents the ideology of decentralized distributed database and transaction without the need of any central authority. But utilization of blockchain is not only limited to the financial sector but supply chain, IoT, hospitality sector used blockchain most. The most attractive features of the blockchain like immutability, distributed makes the use of blockchain for mitigation of various Cyber-attacks, and one of them is DDoS Attacks. The solution of DDoS attacks that utilize the blockchain is still in the infancy phase. In this paper, we propose the review or survey of DDoS attacks solutions based on blockchain. And also present the comparative study of Blockchain-based DDoS mitigation solutions for non-IOT domain or system. This paper also gives brief about the features of this interconnection of two emerging domain named DDoS Attacks and Blockchain Technology.

A Survey of Botnet-Based DDoS Flooding Attacks of Application Layer

2016 ◽  
pp. 52-79 ◽  
Author(s):  
Esraa Alomari ◽  
Selvakumar Manickam ◽  
B. B. Gupta ◽  
Mohammed Anbar ◽  
Redhwan M. A. Saad ◽  
...  
Keyword(s):  
Denial Of Service ◽  
Internet Security ◽  
Sensitive Information ◽  
Distributed Denial Of Service ◽  
Cyber Attack ◽  
Open Problems ◽  
Ddos Attack ◽  
Flooding Attacks ◽  
Cyber Espionage ◽  
Detection Mechanisms

A Botnet can be used to launch a cyber-attack, such as a Distributed Denial of Service (DDoS) attack, against a target or to conduct a cyber-espionage campaign to steal sensitive information. This survey analyzes and compares the most important efforts carried out in an application-based detection area and this survey extended to cover the mitigation approaches for the Botnet-based DDoS flooding attacks. It accomplishes four tasks: first, an extensive illustration on Internet Security; second, an extensive comparison between representative detection mechanisms; third, the comparison between the mitigation mechanisms against Botnet-based DDoS flooding and fourth, the description of the most important problems and highlights in the area. We conclude that the area has achieved great advances so far, but there are still many open problems.

scholarly journals Securing an Internet of Things from Distributed Denial of Service and Mirai Botnet Attacks Using a Novel Hybrid Detection and Mitigation Mechanism

2021 ◽  
Vol 14 (1) ◽  
pp. 113-123
Author(s):  
M Karthik ◽  
◽  
M Krishnan ◽  
Keyword(s):  
Internet Of Things ◽  
Denial Of Service ◽  
False Negative ◽  
False Negative Rate ◽  
Detection Accuracy ◽  
Distributed Denial Of Service ◽  
African Buffalo ◽  
Attack Model ◽  
Ddos Attack ◽  
Hybrid Detection

Internet of Things (IoT) has become more familiar in all applications and industrial fields such as medical, military, transportation, etc. It has some limitations because of the attack model in the transmission or communication channel. Moreover, one of the deadliest attacks is known as a Distributed Denial of Service Attack (DDoS). The Presence of DDoS in network layer cause huge damage in data transmission channel that ends in data loss or collapse. To address this issue the current research focused on an innovative detection and mitigation of Mirai and DDoS attack in IoT environment. Initially, number of IoT devices is arranged with the help of a novel Hybrid Strawberry and African Buffalo Optimization (HSBABO). Consequently, the types of DDoS attacks are launched in the developed IoT network. Moreover, the presence of strawberry and African Buffalo fitness is utilized to detect and specify the attack types. Subsequently a novel MCELIECE encryption with Cloud Shield scheme is developed to prevent the low and high rate DDoS attack in the Internet of Things. Finally, the proposed model attained 94% of attack detection accuracy, 3% of false negative rate and 5.5% of false positive rate.

scholarly journals Application Layer DDoS Attack Defense Methods and A new Defense Mechanism against Flooding

2020 ◽  
Vol 8 (6) ◽  
pp. 208-212
Keyword(s):  
Machine Learning ◽  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Network Environment ◽  
Ddos Attacks ◽  
Application Layer ◽  
New Approach ◽  
Ddos Attack

In a network environment, Distributed Denial of Service (DDoS) attacks eemploys a network or server is unavailable to its normal users. Application-layer Distributed Denial of Service (App-DDoS) attacks are serious issues for the webserver itself. The multitude and variety of such attacks and defense approaches are overwhelming. This paper here follows, we analyze the different defense mechanisms for application-layer DDoS attacks and proposes a new approach to defend using machine learning.

Comparing Single Tier and Three Tier Infrastructure Designs against DDoS Attacks

2017 ◽  
Vol 7 (3) ◽  
pp. 59-75 ◽  
Author(s):  
Akashdeep Bhardwaj ◽  
Sam Goundar
Keyword(s):  
Data Center ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Ddos Attacks ◽  
Design Data ◽  
Application Performance ◽  
Server Virtualization ◽  
Security Officers ◽  
Cloud Environments

With the rise in cyber-attacks on cloud environments like Brute Force, Malware or Distributed Denial of Service attacks, information security officers and data center administrators have a monumental task on hand. Organizations design data center and service delivery with the aim of catering to maximize device provisioning & availability, improve application performance, ensure better server virtualization and end up securing data centers using security solutions at internet edge protection level. These security solutions prove to be largely inadequate in times of a DDoS cyber-attack. In this paper, traditional data center design is reviewed and compared to the proposed three tier data center. The resilience to withstand against DDoS attacks is measured for Real User Monitoring parameters, compared for the two infrastructure designs and the data is validated using T-Test.

scholarly journals Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

2017 ◽  
Vol 7 (1.1) ◽  
pp. 230
Author(s):  
C. Vasan Sai Krishna ◽  
Y. Bhuvana ◽  
P. Pavan Kumar ◽  
R. Murugan
Keyword(s):  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attack ◽  
Computing Power ◽  
Server Side ◽  
Ddos Attack ◽  
Client Machine ◽  
Client Side

In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.

scholarly journals Vulnerability and risk assessment for operating system (OS) with framework STRIDE: comparison between VulnOS and Vulnix

2021 ◽  
Vol 23 (3) ◽  
pp. 1643
Author(s):  
Adityas Widjajarto ◽  
Muharman Lubis ◽  
Vreseliana Ayuningtyas
Keyword(s):  
Information Disclosure ◽  
Risk Estimation ◽  
Rapid Development ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Easy Access ◽  
Case Scenario ◽  
Worst Case ◽  
Network Function ◽  
The World

<p><span lang="EN-US">The rapid development of information technology has made security become extremely. Apart from easy access, there are also threats to vulnerabilities, with the number of cyber-attacks in 2019 showed a total of 1,494,281 around the world issued by the </span><span lang="EN-US">national cyber and crypto agency (BSSN) honeynet project. Thus, vulnerability analysis should be conducted to prepare worst case scenario by anticipating with proper strategy for responding the attacks. Actually, vulnerability is a system or design weakness that is used when an intruder executes commands, accesses unauthorized data, and carries out denial of service attacks. The study was performed using the AlienVault software as the vulnerability assessment. The results were analysed by the formula of risk estimation equal to the number of vulnerability found related to the threat. Meanwhile, threat is obtained from analysis of sample walkthroughs, as a reference for frequent exploitation. The risk estimation result indicate the 73 (seventy three) for the highest score of 5 (five) type risks identified while later on, it is used for re-analyzing based on the spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of prvilege (STRIDE) framework that indicated the network function does not accommodate the existing types of risk namely spoofing.</span></p>

Cluster-Based Countermeasures for DDoS Attacks

2016 ◽  
pp. 206-227
Author(s):  
Mohammad Jabed Morshed Chowdhury ◽  
Dileep Kumar G
Keyword(s):  
Unsupervised Learning ◽  
Network Traffic ◽  
Denial Of Service ◽  
Security Threats ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Real Progress ◽  
Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

Detecting DDoS Attacks on Multiple Network Hosts

2019 ◽  
pp. 121-139 ◽  
Author(s):  
Konstantinos F. Xylogiannopoulos ◽  
Panagiotis Karampelas ◽  
Reda Alhajj
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Detection Methods ◽  
Distributed Denial Of Service ◽  
Secondary Sources ◽  
Ddos Attack ◽  
Timely Fashion ◽  
Multiple Network ◽  
Ddos Attack Detection ◽  
Low Traffic

The proliferation of low security internet of things devices has widened the range of weapons that malevolent users can utilize in order to attack legitimate services in new ways. In the recent years, apart from very large volumetric distributed denial of service attacks, low and slow attacks initiated from intelligent bot networks have been detected to target multiple hosts in a network in a timely fashion. However, even if the attacks seem to be “innocent” at the beginning, they generate huge traffic in the network without practically been detected by the traditional DDoS attack detection methods. In this chapter, an advanced pattern detection method is presented that is able to collect and classify in real time all the incoming traffic and detect a developing slow and low DDoS attack by monitoring the traffic in all the hosts of the network. The experimental analysis on a real dataset provides useful insights about the effectiveness of the method by identifying not only the main source of attack but also secondary sources that produce low traffic, targeting though multiple hosts.

Comparing Single Tier and Three Tier Infrastructure Designs against DDoS Attacks

2021 ◽  
pp. 541-558
Author(s):  
Akashdeep Bhardwaj ◽  
Sam Goundar
Keyword(s):  
Data Center ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Ddos Attacks ◽  
Design Data ◽  
Application Performance ◽  
Server Virtualization ◽  
Security Officers ◽  
Cloud Environments

With the rise in cyber-attacks on cloud environments like Brute Force, Malware or Distributed Denial of Service attacks, information security officers and data center administrators have a monumental task on hand. Organizations design data center and service delivery with the aim of catering to maximize device provisioning & availability, improve application performance, ensure better server virtualization and end up securing data centers using security solutions at internet edge protection level. These security solutions prove to be largely inadequate in times of a DDoS cyber-attack. In this paper, traditional data center design is reviewed and compared to the proposed three tier data center. The resilience to withstand against DDoS attacks is measured for Real User Monitoring parameters, compared for the two infrastructure designs and the data is validated using T-Test.

Sign in / Sign up

Export Citation Format

Share Document