150 research outputs found
An SDN-based Approach For Defending Against Reflective DDoS Attacks
Distributed Reflective Denial of Service (DRDoS) attacks are an immanent
threat to Internet services. The potential scale of such attacks became
apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel
services built upon UDP increase the need for automated mitigation mechanisms
that react to attacks without prior knowledge of the actual application
protocols used. With the flexibility that software-defined networks offer, we
developed a new approach for defending against DRDoS attacks; it not only
protects against arbitrary DRDoS attacks but is also transparent for the attack
target and can be used without assistance of the target host operator. The
approach provides a robust mitigation system which is protocol-agnostic and
effective in the defense against DRDoS attacks
Preventing DDoS using Bloom Filter: A Survey
Distributed Denial-of-Service (DDoS) is a menace for service provider and
prominent issue in network security. Defeating or defending the DDoS is a prime
challenge. DDoS make a service unavailable for a certain time. This phenomenon
harms the service providers, and hence, loss of business revenue. Therefore,
DDoS is a grand challenge to defeat. There are numerous mechanism to defend
DDoS, however, this paper surveys the deployment of Bloom Filter in defending a
DDoS attack. The Bloom Filter is a probabilistic data structure for membership
query that returns either true or false. Bloom Filter uses tiny memory to store
information of large data. Therefore, packet information is stored in Bloom
Filter to defend and defeat DDoS. This paper presents a survey on DDoS
defending technique using Bloom Filter.Comment: 9 pages, 1 figure. This article is accepted for publication in EAI
Endorsed Transactions on Scalable Information System
Distributed reflection denial of service attack: A critical review
As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks
Application of PSVR-DNS Algorithm for Attacker Detection and Isolation
The DNS (Domain Name System) is used to map and convert human-friendly domain names to the numeric IP (Internet Protocol) addresses. As with the operation of any communication system, there are some security risks associated with the operation of DNS. Actions targeting the availability or stability of a network\u27s DNS service are considered DNS attack. For example, a high volume of traffic and a large number of requests coming to DNS servers are part of a type of DoS (Denial of Service) attack that uses DNS for amplification. Although most DNS servers are open source, some commercial protective DNS services are available for network traffic control, filtering and automatic blocking of requests to undesirable, dangerous or malicious internet domains, but the price of such services is high. In this paper, a new PSVR-DNS (Probability Support Vector Regression-Domain Name System) algorithm is proposed for the purpose of detecting and isolating attackers who pose a threat to an uninterrupted work of the DNS servers. The main focus is on the prevention of the DNS cache poisoning. The collected results showed that the proposed PSVR-DNS algorithm achieves better performance related to faster detection and isolation of attacks compared to some existing algorithms
Resilience to DDoS attacks
Tese de mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasDistributed Denial-of-Service (DDoS) is one of the most common cyberattack used by malicious
actors. It has been evolving over the years, using more complex techniques to increase its attack power
and surpass the current defense mechanisms.
Due to the existent number of different DDoS attacks and their constant evolution, companies need
to be constantly aware of developments in DDoS solutions
Additionally, the existence of multiple solutions, also makes it hard for companies to decide which
solution best suits the company needs and must be implemented.
In order to help these companies, our work focuses in analyzing the existing DDoS solutions, for
companies to implement solutions that can lead to the prevention, detection, mitigation, and tolerance
of DDoS attacks, with the objective of improving the robustness and resilience of the companies against
DDoS attacks.
In our work, it is presented and described different DDoS solutions, some need to be purchased and
other are open-source or freeware, however these last solutions require more technical expertise by
cybersecurity agents.
To understand how cybersecurity agents protect their companies against DDoS attacks, nowadays, it
was built a questionnaire and sent to multiple cybersecurity agents from different countries and
industries.
As a result of the study performed about the different DDoS solutions and the information gathered
from the questionnaire, it was possible to create a DDoS framework to guide companies in the decisionmaking process of which DDoS solutions best suits their resources and needs, in order to ensure that
companies can develop their robustness and resilience to fight DDoS attacks.
The proposed framework it is divided in three phases, in which the first and second phase is to
understand the company context and the asset that need to be protected. The last phase is where we
choose the DDoS solution based on the information gathered in the previous phases. We analyzed and
presented for each DDoS solutions, which DDoS attack types they can prevent, detect and/or mitigate
Dynamic Shifting of Virtual Network Topologies for Network Attack Prevention
Computer networks were not designed with security in mind, making research into the subject of network security vital. Virtual Networks are similar to computer networks, except the components of a Virtual Network are in software rather than hardware. With the constant threat of attacks on networks, security is always a big concern, and Virtual Networks are no different. Virtual Networks have many potential attack vectors similar to physical networks, making research into Virtual Network security of great importance. Virtual Networks, since they are composed of virtualized network components, have the ability to dynamically change topologies. In this paper, we explore Virtual Networks and their ability to quickly shift their network topology. We investigate the potential use of this flexibility to protect network resources and defend against malicious activities.
To show the ability of reactively shifting a Virtual Network’s topology to se- cure a network, we create a set of four experiments, each with a different dynamic topology shift, or “dynamic defense”. These four groups of experiments are called the Server Protection, Isolated Subnet, Distributed Port Group, and Standard Port Group experiments. The Server Protection experiments involve detecting an attack against a server and shifting the server behind a protected subnet. The other three sets of experiments, called Attacker Prevention experiments, involve detecting a malicious node in the internal network and initiating a dynamic de- fense to move the attacker behind a protected subnet. Each Attacker Prevention experiment utilizes a different dynamic defense to prevent the malicious node from attacking the rest of the Virtual Network. For each experiment, we run 6 different network attacks to validate the effectiveness of the dynamic defenses. The network attacks utilized for each experiment are ICMP Flooding, TCP Syn Flooding, Smurf attack, ARP Spoofing, DNS Spoofing, and NMAP Scanning. Our validation shows that our dynamic defenses, outside of the standard port group, are very effective in stopping each attack, consistently lowering the at- tacks’ success rate significantly. The Standard Port Group was the one dynamic defense that is ineffective, though there are also a couple of experiments that could benefit from being run with more attackers and with different situations to fully understand the effectiveness of the defenses. We believe that, as Virtual Networks become more common and utilized outside of data centers, the ability to dynamically shift topology can be used for network security purposes
Security attacks and solutions on SDN control plane: A survey
Sommario
Software Defined Networks (SDN) è un modello di rete programmabile aperto promosso da ONF ,
che è stato un fattore chiave per le recenti tendenze tecnologiche. SDN esplora la separazione dei dati
e del piano di controllo . Diversamente dai concetti passati, SDN introduce l’idea di separazione del
piano di controllo (decisioni di instradamento e traffico) e piano dati (decisioni di inoltro basate sul
piano di controllo) che sfida l’integrazione verticale raggiunta dalle reti tradizionali, in cui dispositivi
di rete come router e switch accumulano entrambe le funzioni.
SDN presenta alcuni vantaggi come la gestione centralizzata e la possibilitĂ di essere programmato
su richiesta. Oltre a questi vantaggi, SDN presenta ancora vulnerabilitĂ di sicurezza e, tra queste,le
piĂą letali prendono di mira il piano di controllo. Come i controllers che risiedono sul piano di con-
trollo gestiscono l’infrastruttura e i dispositivi di rete sottostanti (es. router/switch), anche qualsiasi
insicurezza, minacce, malware o problemi durante lo svolgimento delle attivitĂ da parte del controller,
possono causare interruzioni dell’intera rete. In particolare, per la sua posizione centralizzata, il con-
troller SDN è visto come un punto di fallimento. Di conseguenza, qualsiasi attacco o vulnerabilitĂ
che prende di mira il piano di controllo o il controller è considerato fatale al punto da sconvolgere
l’intera rete. In questa tesi, le minacce alla sicurezza e gli attacchi mirati al piano di controllo (SDN)
sono identificati e classificati in diversi gruppi in base a come causano l’impatto sul piano di controllo.
Per ottenere risultati, è stata condotta un’ampia ricerca bibliografica attraverso uno studio appro-
fondito degli articoli di ricerca esistenti che discutono di una serie di attacchi e delle relative soluzioni
per il piano di controllo SDN. Principalmente, come soluzioni intese a rilevare, mitigare o proteggere
il (SDN) sono stati presi in considerazione le potenziali minacce gli attachi al piano di controllo. Sulla
base di questo compito, gli articoli selezionati sono stati classificati rispetto al loro impatto potenziale
sul piano di controllo (SDN) come diretti e indiretti. Ove applicabile, è stato fornito un confronto
tra le soluzioni che affrontano lo stesso attacco. Inoltre, sono stati presentati i vantaggi e gli svantaggi
delle soluzioni che affrontano diversi attacchi . Infine, una discussione sui risultati e sui esitti ottenuti
durante questo processo di indagine e sono stati affrontatti suggerimenti di lavoro futuri estratti du-
rante il processo di revisione.
Parole chiave : SDN, Sicurezza, Piano di controllo, Denial of Service, Attacchi alla topologiaAbstract
Software Defined Networks (SDN) is an open programmable network model promoted by ONF that
has been a key-enabler of recent technology trends. SDN explores the separation of data and control
plane. Different from the past concepts, SDN introduces the idea of separation of the control plane
(routing and traffic decisions) and data plane (forwarding decisions based on the control plane) that
challenges the vertical integration achieved by the traditional networks, in which network devices such
as router and switches accumulate both functions.
SDN presents some advantages such as centralized management and the ability to be programmed
on demand. Apart from these benefits, SDN still presents security vulnerabilities and among them,
the most lethal ones are targeting the control plane. As the controllers residing on the control plane
manages the underlying networking infrastructure and devices (i.e., routers/switches), any security
threat, malware, or issues during the carrying out of activities by the controller can lead to disruption
of the entire network. In particular, due to its centralized position, the (SDN) controller is seen as a
single point of failure. As a result, any attack or vulnerability targeting the control plane or controller
is considered fatal to the point of disrupting the whole network. In this thesis, the security threats
and attacks targeting the (SDN) control plane are identified and categorized into different groups by
considering how they cause an impact to the control plane.
To obtain results, extensive literature research has been carried out by performing an in-depth study
of the existing research articles that discusses an array of attacks and their corresponding solutions for
the (SDN) control plane. Mainly, the solutions intended to detect, mitigate, or protect the (SDN)
control plane against potential threats and attacks have been considered. On basis of this task, the
potential articles selected were categorized with respect to their impact to the (SDN) control plane as
direct and indirect. Where applicable a comparison of the solutions addressing the same attack has
been provided. Moreover, the advantages and disadvantages of the solutions addressing the respective
attacks are presented. Finally, a discussion regarding the findings and results obtained during this su-
veying process and future work suggestions extracted during the review process have been discussed.
Keywords: SDN, Security, Control Plane, Denial of Service, Topology Attacks, Openflo
Review of Detection Denial of Service Attacks using Machine Learning through Ensemble Learning
Today's network hacking is more resource-intensive because the goal is to prohibit the user from using the network's resources when the target is either offensive or for financial gain, especially in businesses and organizations. That relies on the Internet like Amazon Due to this, several techniques, such as artificial intelligence algorithms like machine learning (ML) and deep learning (DL), have been developed to identify intrusion and network infiltration and discriminate between legitimate and unauthorized users. Application of machine learning and ensemble learning algorithms to various datasets, consideration of homogeneous ensembles using a single algorithm type or heterogeneous ensembles using several algorithm types, and evaluation of the discovery outcomes in terms of accuracy or discovery error for detecting attacks. The survey literature provides an overview of the many approaches and approaches of one or more machine-learning algorithms used in various datasets to identify denial of service attacks. It has also been shown that employing the hybrid approach is the most common and produces better attack detection outcomes than using the sole approaches. Numerous machine learning techniques, including support vector machines (SVM), K-Nearest Neighbors (KNN), and ensemble learning like random forest (RF), bagging, and boosting, are illustrated in this work (DT). That is employed in several articles to identify different denial of service (DoS) assaults, including the trojan horse, teardrop, land, smurf, flooding, and worm. That attacks network traffic and resources to deny users access to the resources or to steal confidential information from the company without damaging the system and employs several algorithms to obtain high attack detection accuracy and low false alarm rates
- …