Forensik Jaringan DDoS menggunakan Metode ADDIE dan HIDS pada Sistem Operasi Proprietary

Forensik jaringan sangat dibutuhkan dalam mempertahankan kinerja jaringan komputer dari serangan Distributed Denial of Service (DDoS). Penelitian ini bertujuan untuk mendapatkan bukti digital keakurasian tool DDoS, keberhasilan metode HIDS dan implementasi firewall pada Network layer dalam menghentikan DDoS. Metode penelitian ini menerapkan ADDIE (Analyze, Design, Develop, Implement and Evaluate) dan Host-Based Intrusion Detection System (HIDS) Snort pada simulasi jaringan berbasis lokal dan luas. Hasil pengujian menyatakan Slowloris merupakan DDoS paling melumpuhkan web server IIS pada sistem operasi proprietary dengan penurunan performa server sebesar 78%, akurasi peningkatan trafik jaringan sebesar 92,84% alert 150 kali. Implementasi firewall pada network layer dalam menghentikan DDoS memiliki keberhasilan sebesar 98.91%. Hal ini menunjukkan metode ADDIE berhasil diterapkan dalam penelitian dan menyatakan DDoS pelumpuh server berhasil dideteksi pada metode HIDS dan berhasil dihentikan oleh firewall pada sistem operasi proprietary

An intelligent, distributed and collaborative DDoS defense system

The Distributed Denial-of-Service (DDoS) attack is known as one of the most destructive attacks on the Internet. With the advent of new computing paradigms, such as Cloud and Mobile computing, and the emergence of pervasive technology, such as the Internet of Things, on one hand, these revolutionized technologies enable the availability of services and applications to everyone. On the other hand, these techniques also benefit attackers to exploit the vulnerabilities and deploy attacks in more efficient ways. Latest network security reports have shown that distributed Denial of Service (DDoS) attacks have been growing dramatically in volume, frequency, sophistication and impact, making it one of the most challenging threats in the Internet. An unfortunate state of affairs is that the remediation strategies have fallen behind attackers. The severe impact caused by recent DDoS attacks strongly indicates the need for an effective DDoS defense system. We study the current existing solution space, and summarize three fundamental requirements for an effective DDoS defense system: 1) an accurate detection with minimal false alarms; 2) an effective inline inspection and instant mitigation, and 3) a dynamic, distributed and collaborative defense infrastructure. This thesis aims at providing such a defense system that fulfills all the requirements. In this thesis, we explore and address the problem from three directions: 1) we strive to understand the existing detection strategies and provide a survey of an empirical analysis of machine learning based detection techniques; 2) we develop a novel hybrid detection model which ensembles a deep learning model for a practical flow by flow detection and a classic machine learning model that is aware of the network status, and 3) we present the design and implementation of an intelligent, distributed and collaborative DDoS defense system that effectively mitigate the impact of DDoS attacks. The performance evaluation results show that our proposed defense system is capable of effectively mitigating DDoS attacks impacts and maintaining a limited disturbing for legitimate services

Distributed Reinforcement Learning for Network Intrusion Response

The increasing adoption of technologies and the exponential growth of networks has made the area of information technology an integral part of our lives, where network security plays a vital role. One of the most serious threats in the current Internet is posed by distributed denial of service (DDoS) attacks, which target the availability of the victim system. Such an attack is designed to exhaust a server's resources or congest a network's infrastructure, and therefore renders the victim incapable of providing services to its legitimate users or customers. To tackle the distributed nature of these attacks, a distributed and coordinated defence mechanism is necessary, where many defensive nodes, across different locations cooperate in order to stop or reduce the flood. This thesis investigates the applicability of distributed reinforcement learning to intrusion response, specifically, DDoS response. We propose a novel approach to respond to DDoS attacks called Multiagent Router Throttling. Multiagent Router Throttling provides an agent-based distributed response to the DDoS problem, where multiple reinforcement learning agents are installed on a set of routers and learn to rate-limit or throttle traffic towards a victim server. One of the novel characteristics of the proposed approach is that it has a decentralised architecture and provides a decentralised coordinated response to the DDoS problem, thus being resilient to the attacks themselves. Scalability constitutes a critical aspect of a defence system since a non-scalable mechanism will never be considered, let alone adopted, for wide deployment by a company or organisation. We propose Coordinated Team Learning (CTL) which is a novel design to the original Multiagent Router Throttling approach based on the divide-and-conquer paradigm, that uses task decomposition and coordinated team rewards. To better scale-up CTL is combined with a form of reward shaping. The scalability of the proposed system is successfully demonstrated in experiments involving up to 1000 reinforcement learning agents. The significant improvements on scalability and learning speed lay the foundations for a potential real-world deployment

Resilience Strategies for Network Challenge Detection, Identification and Remediation

The enormous growth of the Internet and its use in everyday life make it an attractive target for malicious users. As the network becomes more complex and sophisticated it becomes more vulnerable to attack. There is a pressing need for the future internet to be resilient, manageable and secure. Our research is on distributed challenge detection and is part of the EU Resumenet Project (Resilience and Survivability for Future Networking: Framework, Mechanisms and Experimental Evaluation). It aims to make networks more resilient to a wide range of challenges including malicious attacks, misconfiguration, faults, and operational overloads. Resilience means the ability of the network to provide an acceptable level of service in the face of significant challenges; it is a superset of commonly used definitions for survivability, dependability, and fault tolerance. Our proposed resilience strategy could detect a challenge situation by identifying an occurrence and impact in real time, then initiating appropriate remedial action. Action is autonomously taken to continue operations as much as possible and to mitigate the damage, and allowing an acceptable level of service to be maintained. The contribution of our work is the ability to mitigate a challenge as early as possible and rapidly detect its root cause. Also our proposed multi-stage policy based challenge detection system identifies both the existing and unforeseen challenges. This has been studied and demonstrated with an unknown worm attack. Our multi stage approach reduces the computation complexity compared to the traditional single stage, where one particular managed object is responsible for all the functions. The approach we propose in this thesis has the flexibility, scalability, adaptability, reproducibility and extensibility needed to assist in the identification and remediation of many future network challenges

Resilience to DDoS attacks

Tese de mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasDistributed Denial-of-Service (DDoS) is one of the most common cyberattack used by malicious actors. It has been evolving over the years, using more complex techniques to increase its attack power and surpass the current defense mechanisms. Due to the existent number of different DDoS attacks and their constant evolution, companies need to be constantly aware of developments in DDoS solutions Additionally, the existence of multiple solutions, also makes it hard for companies to decide which solution best suits the company needs and must be implemented. In order to help these companies, our work focuses in analyzing the existing DDoS solutions, for companies to implement solutions that can lead to the prevention, detection, mitigation, and tolerance of DDoS attacks, with the objective of improving the robustness and resilience of the companies against DDoS attacks. In our work, it is presented and described different DDoS solutions, some need to be purchased and other are open-source or freeware, however these last solutions require more technical expertise by cybersecurity agents. To understand how cybersecurity agents protect their companies against DDoS attacks, nowadays, it was built a questionnaire and sent to multiple cybersecurity agents from different countries and industries. As a result of the study performed about the different DDoS solutions and the information gathered from the questionnaire, it was possible to create a DDoS framework to guide companies in the decisionmaking process of which DDoS solutions best suits their resources and needs, in order to ensure that companies can develop their robustness and resilience to fight DDoS attacks. The proposed framework it is divided in three phases, in which the first and second phase is to understand the company context and the asset that need to be protected. The last phase is where we choose the DDoS solution based on the information gathered in the previous phases. We analyzed and presented for each DDoS solutions, which DDoS attack types they can prevent, detect and/or mitigate

Defending Against IoT-Enabled DDoS Attacks at Critical Vantage Points on the Internet

The number of Internet of Things (IoT) devices continues to grow every year. Unfortunately, with the rise of IoT devices, the Internet is also witnessing a rise in the number and scale of IoT-enabled distributed denial-of-service (DDoS) attacks. However, there is a lack of network-based solutions targeted directly for IoT networks to address the problem of IoT-enabled DDoS. Unlike most security approaches for IoT which focus on hardening device security through hardware and/or software modification, which in many cases is infeasible, we introduce network-based approaches for addressing IoT-enabled DDoS attacks. We argue that in order to effectively defend the Internet against IoT-enabled DDoS attacks, it is necessary to consider network-wide defense at critical vantage points on the Internet. This dissertation is focused on three inherently connected and complimentary components: (1) preventing IoT devices from being turned into DDoS bots by inspecting traffic towards IoT networks at an upstream ISP/IXP, (2) detecting DDoS traffic leaving an IoT network by inspecting traffic at its gateway, and (3) mitigating attacks as close to the devices in an IoT network originating DDoS traffic. To this end, we present three security solutions to address the three aforementioned components to defend against IoT-enabled DDoS attacks