1,050 research outputs found
Protecting web applications from DDoS attacks by an active distributed defense system
In the last a few years a number of highly publicized incidents of Distributed Denial of Service (DDoS) attacks against high-profile government and commercial websites have made people aware of the importance of providing data and services security to users. A DDoS attack is an availability attack, which is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resources. This paper introduces the vulnerability of web applications to DDoS attacks, and presents an active distributed defense system that has a deployment mixture of sub-systems to protect web applications from DDoS attacks. According to the simulation experiments, this system is effective in that it is able to defend web applications against attacks. It can avoid overall network congestion and provide more resources to legitimate web users.<br /
Distributed Denial-of-Service Defense System
Distributed denial-of-service (DoS) attacks present a great threat to the Internet, and
existing security mechanisms cannot detect or stop them successfully. The problem lies
in the distributed nature of attacks, which engages the power of a vast number of
coordinated hosts. To mitigate the impacts of DDoS attacks, it is important to develop
such defenses system that canbothdetect andreact against ongoing attacks. The attacks
ideally should be stopped as close to the sources as possible, saving network resources
andreducing congestion. The DDoS defense system that is deployed at the source-end
should prevent the machines at associated network from participating in DDoS attacks.
The primary objective of this project, which is developing a DDoS defense system, is to
provide good service to a victim's legitimate clients during the attack, thus canceling
the denial-of-service effect. The scope of study will coverthe aspect of howthe attack
detection algorithms work and identify the attack traffic, hence develop appropriate
attack responses. As a source-end defense against DDoS attacks, the attack flows can be
stopped before they enter the Internet core and before they aggregate with other attack flows.
The methodology chosen for this project is the combination of sequential and iterative
approaches of the software development process, which comprises of six main phases,
which are initial planning phase, requirement definition phase, system design phase,
coding and testing phase, implementation phase, and lastly maintenance and support
phase. The system used a source router approach, in which the source router serves as a
gateway between the source network containing some of the attack nodes and the rest of the
Internet, to detectand limitDDoS streams long before they reach the target. This will be
covered in the Findings section of the report. TheDiscussion section will be focus more onthe
architecture onthe system, which having three important component; observation, rate-limiting
and traffic-policing
Categorizing and Assessing the Severity of Disruptive Cyber Incidents
Faced with a rapidly growing volume and range of cyber attacks, policymakers and
organizational leaders have had difficulty setting priorities, allocating resources, and
responding effectively without a standard way to categorize cyber events and estimate
their consequences. Presidential Policy Directive 41 laid out the Obama
administration’s principles for executive branch responses to significant cyber incidents
in the public or private sector. But it neither drew important distinctions between
different types of cyber incidents, nor gave a standard way to determine where a
particular incident falls on its 0-5 point severity scale. This policy brief demonstrates
how an analytical framework developed at the Center for International and Security
Studies at the University of Maryland (CISSM) can help address these problems. It first
differentiates between low-level incidents and more significant cyber events that result
in either exploitation of information and/or disruption of operations. It categorizes five
types of disruptive events and analyzes 2,030 cyber events in a dataset developed from
media sources, showing that cyber exploitation remains more common than disruption,
and that most disruptive activity fits into two categories: message manipulation and
external denial of service attacks. Finally, the brief offers a standard method to assess
the severity of different categories of disruptive attacks against different kinds of
organizations based on the scope, magnitude, and duration of the event. This Cyber
Disruption Index (CDI) is then applied to survey data on Distributed Denial of Service
(DDoS) attacks in the private sector to assess severity within a common category of
disruptive events. Of 3,900 cases reported, only 5 events (less than 1% of the DDoS
cases) had a combined scope, magnitude, and duration severe enough to be a priority
for prevention and potentially warrant government involvement
Adaptive Response System for Distributed Denial-of-Service Attacks
The continued prevalence and severe damaging effects of the Distributed Denial of Service (DDoS)
attacks in today’s Internet raise growing security concerns and call for an immediate response to come
up with better solutions to tackle DDoS attacks. The current DDoS prevention mechanisms are usually
inflexible and determined attackers with knowledge of these mechanisms, could work around them.
Most existing detection and response mechanisms are standalone systems which do not rely on
adaptive updates to mitigate attacks. As different responses vary in their “leniency” in treating
detected attack traffic, there is a need for an Adaptive Response System.
We designed and implemented our DDoS Adaptive ResponsE (DARE) System, which is a
distributed DDoS mitigation system capable of executing appropriate detection and mitigation
responses automatically and adaptively according to the attacks. It supports easy integrations for both
signature-based and anomaly-based detection modules. Additionally, the design of DARE’s individual
components takes into consideration the strengths and weaknesses of existing defence mechanisms,
and the characteristics and possible future mutations of DDoS attacks. These components consist of an
Enhanced TCP SYN Attack Detector and Bloom-based Filter, a DDoS Flooding Attack Detector and
Flow Identifier, and a Non Intrusive IP Traceback mechanism. The components work together
interactively to adapt the detections and responses in accordance to the attack types. Experiments
conducted on DARE show that the attack detection and mitigation are successfully completed within
seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate
and new legitimate requests is maintained. DARE is able to detect and trigger appropriate responses in
accordance to the attacks being launched with high accuracy, effectiveness and efficiency.
We also designed and implemented a Traffic Redirection Attack Protection System (TRAPS), a
stand-alone DDoS attack detection and mitigation system for IPv6 networks. In TRAPS, the victim
under attack verifies the authenticity of the source by performing virtual relocations to differentiate the
legitimate traffic from the attack traffic. TRAPS requires minimal deployment effort and does not
require modifications to the Internet infrastructure due to its incorporation of the Mobile IPv6
protocol. Experiments to test the feasibility of TRAPS were carried out in a testbed environment to
verify that it would work with the existing Mobile IPv6 implementation. It was observed that the
operations of each module were functioning correctly and TRAPS was able to successfully mitigate an
attack launched with spoofed source IP addresses
- …