DEH-DoSv6: A defendable security model against IPv6 extension headers denial of service attack

With the rapid depletion of IPv4 protocol in these recent years, the IETF introduced IPv6 as a solution to address the exhaustion, however, as a new protocol exists, new characteristics have been introduced and new threats have been discovered. Extension Headers are the new characteristics of IPv6 that have an emerging and re-emerging security threats that is needed to be taken into consideration during the full migration to the IPv6 network. This study revealed that up to this moment, the popular vendors are still vulnerable and doesn’t have any default protection to deal with extension headers’ Denial of Service Attack (DoS). Also, this study leads to the development of new security model which creates a new solution to address the emerging threats of IPv6 extension headers’ Denial of Service Attack. Moreover, the results of this study show that our proposed security model is more effective in terms of neutralizing the unwanted traffic causing evasion attack by filtering, rate-limiting and discarding the malformed packets of prohibited extension headers’ payload versus the traditional router protection.

Innovative Approach for Improving Intrusion Detection Using Genetic Algorithm with Layered Approach

The detection portion of Intrusion Detection System is the most complicated. The IDS goal is to make the network more secure, and the prevention portion of the IDS must accomplish that effort. After malicious or unwanted traffic is identified, using prevention techniques can stop it. When an IDS is placed in an inline configuration, all traffic must travel through an IDS sensor. In this paper the reduced the features and perform layered architecture for identify various attack (DoS, R2L, U2R, Probe) and show accuracy using SVM with genetic approach.

Prevention of DDoS attack on Primary Server in Software Defined Networks using Controller by Packet Header Translation

DDoS attacks are instigated by intruders on primary servers which provide important services like file service, web service etc., by sending huge amount of unwanted traffic. Routers in traditional systems simply forward such traffic to the victim servers without understanding its implications. However, such attacks can be identified and mitigated by controller in Software Defined Networks (SDN). In this paper we show how DDoS attack on primary servers in an SDN environment, can be mitigated by controller with the help of packet header translation. The traffic sent to the target server will be first intercepted by the controller to check whether it is attack traffic or genuine traffic, after which only the genuine traffic is forwarded to the server while the attack traffic is dropped.

Enforcing Optimal ACL Policies Using K-Partite Graph in Hybrid SDN

Software Defined Networking (SDN) as an innovative network paradigm that separates the management and control planes from the data plane of forwarding devices by implementing both the management and control planes at a logically centralized entity, called controller. Therefore, it ensures simple network management and control. However, due to several reasons (e.g., deployment cost, fear of downtime) organizations are very reluctant to adopt SDN in practice. Therefore, a viable solution is to replace the legacy devices by SDN devices incrementally. This results in a new network architecture called hybrid SDN. In hybrid SDN, both SDN and legacy devices operate in such a way to achieve the maximum benefit of SDN. The legacy devices are running a traditional protocol and SDN devices are operating using Open-flow protocols. Network policies play an essential role to secure the entire network from several types of attacks like unauthorized access and port/protocol control. In a hybrid SDN, policy implementation is a tedious task that requires extreme care and attention due to the hybrid nature of network traffic. Network policies may be implemented at various positions in hybrid SDN, e.g., near the destination or source node, and at the egress or ingress ports of a router. Each of these schemes has some trade-offs. For example, if policies are implemented near the source nodes then each packet generated from the source must pass through the filter and, thus, requires more processing power, time, resources, etc. Similarly, if policies are installed near the destination nodes, then a lot of unwanted traffic generated causing network congestion. This is an NP-hard problem. To address these challenges, we propose a systematic design approach to implement network policies optimally by using decision tree and K-partite graph. By traversing all the policies, we built up the decision tree that identifies which source nodes can communicate with which destination. Then, we traverse the decision tree and constructs K-partite graph to find possible places (interfaces of the routers) where ACL policies are to be implemented based on the different criteria (i.e., the minimum number of ACL rules and the minimum number of transmissions for unwanted traffic). The edge weight represents the cost per criteria. Then, we traverse the K-partite graph to find the optimal place for ACL rules implementation according to the given criteria. The simulation results indicate that the proposed technique outperforms existing approaches in terms of computation time, traffic optimization and successful packet delivery, etc. The results also indicate that the proposed method improves network performance and efficiency by decreasing network congestion and providing ease of policy implementation.

Botnet C&C Traffic and Flow Lifespans Using Survival Analysis

This paper addresses the issue of detecting unwanted traffic in data networks, namely the detection of botnet networks. In this paper, we focused on a time behavioral analysis, more specifically said – lifespans of a simulated botnet network traffic, collected and discovered from NetFlow messages, and also of real botnet communication of a malware.As a method we chose survival analysis and for rigorous testing of differences Mantel–Cox test. Lifespans of those referred traffics are discovered and calculated by lifelines using Python language.Based on our research we have figured out a possibility to distinguish the individual lifespans of C&C communications that are identical to each other by using survival projection curves, although it occurred in a different time course.