756 research outputs found
A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks
Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack. © 1998-2012 IEEE
Potential Security Issues in Implementing IaaS and PaaS Cloud Service Models
As the digital world evolves, so does potential problem that computer users encounter. Cybersecurity threats are still evolving and expanding. Unfortunately, most computer users do not understand this properly. The cloud models offered by various public cloud providers remain concentrated on infrastructure resources, application platforms, and software services despite the recent increase in the popularity of cloud computing. The first step in this study will be a literature review to get an understanding of accessible cloud service models. The papers chosen for the study spans 2010 to 2020. All data was gathered from pertinent and related literature on cyber security and cloud computing. The following tenets serve as the foundation for this architecture. First, in the described architecture, the perimeter scanner serves as the first entry point for external cyberattacks. Firewall and other security layers become next barriers if the attack can get past first layer. On the other side, the machine learning system will detect every successful assault that gets past the security layers. As a result, there are numerous viewpoints and categorization systems for diverse attacks. It is possible to advance cyber security research in the context of cloud technology by merging the results of existing studies and developing international guiding standard
Categorizing and Assessing the Severity of Disruptive Cyber Incidents
Faced with a rapidly growing volume and range of cyber attacks, policymakers and
organizational leaders have had difficulty setting priorities, allocating resources, and
responding effectively without a standard way to categorize cyber events and estimate
their consequences. Presidential Policy Directive 41 laid out the Obama
administration’s principles for executive branch responses to significant cyber incidents
in the public or private sector. But it neither drew important distinctions between
different types of cyber incidents, nor gave a standard way to determine where a
particular incident falls on its 0-5 point severity scale. This policy brief demonstrates
how an analytical framework developed at the Center for International and Security
Studies at the University of Maryland (CISSM) can help address these problems. It first
differentiates between low-level incidents and more significant cyber events that result
in either exploitation of information and/or disruption of operations. It categorizes five
types of disruptive events and analyzes 2,030 cyber events in a dataset developed from
media sources, showing that cyber exploitation remains more common than disruption,
and that most disruptive activity fits into two categories: message manipulation and
external denial of service attacks. Finally, the brief offers a standard method to assess
the severity of different categories of disruptive attacks against different kinds of
organizations based on the scope, magnitude, and duration of the event. This Cyber
Disruption Index (CDI) is then applied to survey data on Distributed Denial of Service
(DDoS) attacks in the private sector to assess severity within a common category of
disruptive events. Of 3,900 cases reported, only 5 events (less than 1% of the DDoS
cases) had a combined scope, magnitude, and duration severe enough to be a priority
for prevention and potentially warrant government involvement
Security attacks and solutions on SDN control plane: A survey
Sommario
Software Defined Networks (SDN) è un modello di rete programmabile aperto promosso da ONF ,
che è stato un fattore chiave per le recenti tendenze tecnologiche. SDN esplora la separazione dei dati
e del piano di controllo . Diversamente dai concetti passati, SDN introduce l’idea di separazione del
piano di controllo (decisioni di instradamento e traffico) e piano dati (decisioni di inoltro basate sul
piano di controllo) che sfida l’integrazione verticale raggiunta dalle reti tradizionali, in cui dispositivi
di rete come router e switch accumulano entrambe le funzioni.
SDN presenta alcuni vantaggi come la gestione centralizzata e la possibilità di essere programmato
su richiesta. Oltre a questi vantaggi, SDN presenta ancora vulnerabilità di sicurezza e, tra queste,le
più letali prendono di mira il piano di controllo. Come i controllers che risiedono sul piano di con-
trollo gestiscono l’infrastruttura e i dispositivi di rete sottostanti (es. router/switch), anche qualsiasi
insicurezza, minacce, malware o problemi durante lo svolgimento delle attività da parte del controller,
possono causare interruzioni dell’intera rete. In particolare, per la sua posizione centralizzata, il con-
troller SDN è visto come un punto di fallimento. Di conseguenza, qualsiasi attacco o vulnerabilitÃ
che prende di mira il piano di controllo o il controller è considerato fatale al punto da sconvolgere
l’intera rete. In questa tesi, le minacce alla sicurezza e gli attacchi mirati al piano di controllo (SDN)
sono identificati e classificati in diversi gruppi in base a come causano l’impatto sul piano di controllo.
Per ottenere risultati, è stata condotta un’ampia ricerca bibliografica attraverso uno studio appro-
fondito degli articoli di ricerca esistenti che discutono di una serie di attacchi e delle relative soluzioni
per il piano di controllo SDN. Principalmente, come soluzioni intese a rilevare, mitigare o proteggere
il (SDN) sono stati presi in considerazione le potenziali minacce gli attachi al piano di controllo. Sulla
base di questo compito, gli articoli selezionati sono stati classificati rispetto al loro impatto potenziale
sul piano di controllo (SDN) come diretti e indiretti. Ove applicabile, è stato fornito un confronto
tra le soluzioni che affrontano lo stesso attacco. Inoltre, sono stati presentati i vantaggi e gli svantaggi
delle soluzioni che affrontano diversi attacchi . Infine, una discussione sui risultati e sui esitti ottenuti
durante questo processo di indagine e sono stati affrontatti suggerimenti di lavoro futuri estratti du-
rante il processo di revisione.
Parole chiave : SDN, Sicurezza, Piano di controllo, Denial of Service, Attacchi alla topologiaAbstract
Software Defined Networks (SDN) is an open programmable network model promoted by ONF that
has been a key-enabler of recent technology trends. SDN explores the separation of data and control
plane. Different from the past concepts, SDN introduces the idea of separation of the control plane
(routing and traffic decisions) and data plane (forwarding decisions based on the control plane) that
challenges the vertical integration achieved by the traditional networks, in which network devices such
as router and switches accumulate both functions.
SDN presents some advantages such as centralized management and the ability to be programmed
on demand. Apart from these benefits, SDN still presents security vulnerabilities and among them,
the most lethal ones are targeting the control plane. As the controllers residing on the control plane
manages the underlying networking infrastructure and devices (i.e., routers/switches), any security
threat, malware, or issues during the carrying out of activities by the controller can lead to disruption
of the entire network. In particular, due to its centralized position, the (SDN) controller is seen as a
single point of failure. As a result, any attack or vulnerability targeting the control plane or controller
is considered fatal to the point of disrupting the whole network. In this thesis, the security threats
and attacks targeting the (SDN) control plane are identified and categorized into different groups by
considering how they cause an impact to the control plane.
To obtain results, extensive literature research has been carried out by performing an in-depth study
of the existing research articles that discusses an array of attacks and their corresponding solutions for
the (SDN) control plane. Mainly, the solutions intended to detect, mitigate, or protect the (SDN)
control plane against potential threats and attacks have been considered. On basis of this task, the
potential articles selected were categorized with respect to their impact to the (SDN) control plane as
direct and indirect. Where applicable a comparison of the solutions addressing the same attack has
been provided. Moreover, the advantages and disadvantages of the solutions addressing the respective
attacks are presented. Finally, a discussion regarding the findings and results obtained during this su-
veying process and future work suggestions extracted during the review process have been discussed.
Keywords: SDN, Security, Control Plane, Denial of Service, Topology Attacks, Openflo
Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art
Botnets are prevailing mechanisms for the facilitation of the distributed
denial of service (DDoS) attacks on computer networks or applications.
Currently, Botnet-based DDoS attacks on the application layer are latest and
most problematic trends in network security threats. Botnet-based DDoS attacks
on the application layer limits resources, curtails revenue, and yields
customer dissatisfaction, among others. DDoS attacks are among the most
difficult problems to resolve online, especially, when the target is the Web
server. In this paper, we present a comprehensive study to show the danger of
Botnet-based DDoS attacks on application layer, especially on the Web server
and the increased incidents of such attacks that has evidently increased
recently. Botnet-based DDoS attacks incidents and revenue losses of famous
companies and government websites are also described. This provides better
understanding of the problem, current solution space, and future research scope
to defend against such attacks efficiently
Performance Evaluation of Network Anomaly Detection Systems
Nowadays, there is a huge and growing concern about security in information and communication
technology (ICT) among the scientific community because any attack or anomaly in
the network can greatly affect many domains such as national security, private data storage,
social welfare, economic issues, and so on. Therefore, the anomaly detection domain is a broad
research area, and many different techniques and approaches for this purpose have emerged
through the years.
Attacks, problems, and internal failures when not detected early may badly harm an
entire Network system. Thus, this thesis presents an autonomous profile-based anomaly detection
system based on the statistical method Principal Component Analysis (PCADS-AD). This
approach creates a network profile called Digital Signature of Network Segment using Flow Analysis
(DSNSF) that denotes the predicted normal behavior of a network traffic activity through
historical data analysis. That digital signature is used as a threshold for volume anomaly detection
to detect disparities in the normal traffic trend. The proposed system uses seven traffic flow
attributes: Bits, Packets and Number of Flows to detect problems, and Source and Destination IP
addresses and Ports, to provides the network administrator necessary information to solve them.
Via evaluation techniques, addition of a different anomaly detection approach, and
comparisons to other methods performed in this thesis using real network traffic data, results
showed good traffic prediction by the DSNSF and encouraging false alarm generation and detection
accuracy on the detection schema.
The observed results seek to contribute to the advance of the state of the art in methods
and strategies for anomaly detection that aim to surpass some challenges that emerge from
the constant growth in complexity, speed and size of today’s large scale networks, also providing
high-value results for a better detection in real time.Atualmente, existe uma enorme e crescente preocupação com segurança em tecnologia
da informação e comunicação (TIC) entre a comunidade cientÃfica. Isto porque qualquer
ataque ou anomalia na rede pode afetar a qualidade, interoperabilidade, disponibilidade, e integridade
em muitos domÃnios, como segurança nacional, armazenamento de dados privados,
bem-estar social, questões econômicas, e assim por diante. Portanto, a deteção de anomalias
é uma ampla área de pesquisa, e muitas técnicas e abordagens diferentes para esse propósito
surgiram ao longo dos anos.
Ataques, problemas e falhas internas quando não detetados precocemente podem prejudicar
gravemente todo um sistema de rede. Assim, esta Tese apresenta um sistema autônomo
de deteção de anomalias baseado em perfil utilizando o método estatÃstico Análise de Componentes
Principais (PCADS-AD). Essa abordagem cria um perfil de rede chamado Assinatura Digital
do Segmento de Rede usando Análise de Fluxos (DSNSF) que denota o comportamento normal
previsto de uma atividade de tráfego de rede por meio da análise de dados históricos. Essa
assinatura digital é utilizada como um limiar para deteção de anomalia de volume e identificar
disparidades na tendência de tráfego normal. O sistema proposto utiliza sete atributos de fluxo
de tráfego: bits, pacotes e número de fluxos para detetar problemas, além de endereços IP e
portas de origem e destino para fornecer ao administrador de rede as informações necessárias
para resolvê-los.
Por meio da utilização de métricas de avaliação, do acrescimento de uma abordagem
de deteção distinta da proposta principal e comparações com outros métodos realizados nesta
tese usando dados reais de tráfego de rede, os resultados mostraram boas previsões de tráfego
pelo DSNSF e resultados encorajadores quanto a geração de alarmes falsos e precisão de deteção.
Com os resultados observados nesta tese, este trabalho de doutoramento busca contribuir
para o avanço do estado da arte em métodos e estratégias de deteção de anomalias,
visando superar alguns desafios que emergem do constante crescimento em complexidade, velocidade
e tamanho das redes de grande porte da atualidade, proporcionando também alta
performance. Ainda, a baixa complexidade e agilidade do sistema proposto contribuem para
que possa ser aplicado a deteção em tempo real
Adaptive Learning Based Whale Optimization and Convolutional Neural Network Algorithm for Distributed Denial of Service Attack Detection in Software Defined Network Environment
SDNs (Software Defined Networks) have emerged as a game-changing network concept. It can fulfill the ever-increasing needs of future networks and is increasingly being employed in data centres and operator networks. It does, however, confront certain fundamental security concerns, such as DDoS (Distributed Denial of Service) assaults. To address the aforementioned concerns, the ALWO+CNN method, which combines ALWOs (Adaptive Learning based Whale Optimizations) with CNNs (Convolution Neural Networks), is suggested in this paper. Initially, preprocessing is performed using the KMC (K-Means Clustering) algorithm, which is used to significantly reduce noise data. The preprocessed data is then used in the feature selection process, which is carried out by ALWOs. Its purpose is to pick out important and superfluous characteristics from the dataset. It enhances DDoS classification accuracy by using the best algorithms. The selected characteristics are then used in the classification step, where CNNs are used to identify and categorize DDoS assaults efficiently. Finally, the ALWO+CNN algorithm is used to leverage the rate and asymmetry properties of the flows in order to detect suspicious flows specified by the detection trigger mechanism. The controller will next take the necessary steps to defend against DDoS assaults. The ALWO+CNN algorithm greatly improves detection accuracy and efficiency, as well as preventing DDoS assaults on SDNs. Based on the experimental results, it was determined that the suggested ALWO+CNN method outperforms current algorithms in terms of better accuracies, precisions, recalls, f-measures, and computational complexities
- …