102,627 research outputs found
An ISP Level Solution to Combat DDoS Attacks using Combined Statistical Based Approach
Disruption from service caused by DDoS attacks is an immense threat to
Internet today. These attacks can disrupt the availability of Internet services
completely, by eating either computational or communication resources through
sheer volume of packets sent from distributed locations in a coordinated manner
or graceful degradation of network performance by sending attack traffic at low
rate. In this paper, we describe a novel framework that deals with the
detection of variety of DDoS attacks by monitoring propagation of abrupt
traffic changes inside ISP Domain and then characterizes flows that carry
attack traffic. Two statistical metrics namely, Volume and Flow are used as
parameters to detect DDoS attacks. Effectiveness of an anomaly based detection
and characterization system highly depends on accuracy of threshold value
settings. Inaccurate threshold values cause a large number of false positives
and negatives. Therefore, in our scheme, Six-Sigma and varying tolerance factor
methods are used to identify threshold values accurately and dynamically for
various statistical metrics. NS-2 network simulator on Linux platform is used
as simulation testbed to validate effectiveness of proposed approach. Different
attack scenarios are implemented by varying total number of zombie machines and
at different attack strengths. The comparison with volume-based approach
clearly indicates the supremacy of our proposed system
Scalability and Resilience of Software-Defined Networking: An Overview
Software-Defined Networking (SDN) allows to control the available network
resources by an intelligent and centralized authority in order to optimize
traffic flows in a flexible manner. However, centralized control may face
scalability issues when the network size or the number of traffic flows
increases. Also, a centralized controller may form a single point of failure,
thereby affecting the network resilience.
This article provides an overview of SDN that focuses on (1) scalability
concerning the increased control overhead faced by a central controller, and
(2) resiliency in terms of protection against controller failure, network
topology failure and security in terms of malicious attacks
Privacy-Preserving DDoS Attack Detection Using Cross-Domain Traffic in Software Defined Networks
Existing distributed denial-of-service attack detection in software defined
networks (SDNs) typically perform detection in a single domain. In reality,
abnormal traffic usually affects multiple network domains. Thus, a cross-domain
attack detection has been proposed to improve detection performance. However,
when participating in detection, the domain of each SDN needs to provide a
large amount of real traffic data, from which private information may be
leaked. Existing multiparty privacy protection schemes often achieve privacy
guarantees by sacrificing accuracy or increasing the time cost. Achieving both
high accuracy and reasonable time consumption is a challenging task. In this
paper, we propose Predis, which is a privacypreserving cross-domain attack
detection scheme for SDNs. Predis combines perturbation encryption and data
encryption to protect privacy and employs a computationally simple and
efficient algorithm k-Nearest Neighbors (kNN) as its detection algorithm. We
also improve kNN to achieve better efficiency. Via theoretical analysis and
extensive simulations, we demonstrate that Predis is capable of achieving
efficient and accurate attack detection while securing sensitive information of
each domain
RCNF: Real-time Collaborative Network Forensic Scheme for Evidence Analysis
Network forensic techniques help in tracking different types of cyber attack
by monitoring and inspecting network traffic. However, with the high speed and
large sizes of current networks, and the sophisticated philosophy of attackers,
in particular mimicking normal behaviour and/or erasing traces to avoid
detection, investigating such crimes demands intelligent network forensic
techniques. This paper suggests a real-time collaborative network Forensic
scheme (RCNF) that can monitor and investigate cyber intrusions. The scheme
includes three components of capturing and storing network data, selecting
important network features using chi-square method and investigating abnormal
events using a new technique called correntropy-variation. We provide a case
study using the UNSW-NB15 dataset for evaluating the scheme, showing its high
performance in terms of accuracy and false alarm rate compared with three
recent state-of-the-art mechanisms
A highly optimized flow-correlation attack
Deciding that two network flows are essentially the same is an important
problem in intrusion detection and in tracing anonymous connections. A stepping
stone or an anonymity network may try to prevent flow correlation by adding
chaff traffic, splitting the flow in several subflows or adding random delays.
A well-known attack for these types of systems is active watermarking. However,
active watermarking systems can be detected and an attacker can modify the flow
in such a way that the watermark is removed and can no longer be decoded. This
leads to the two basic features of our scheme: a highlyoptimized algorithm that
achieves very good performance and a passive analysis that is undetectable. We
propose a new passive analysis technique where detection is based on
Neyman-Pearson lemma. We correlate the inter-packet delays (IPDs) from both
flows. Then, we derive a modification to deal with stronger adversary models
that add chaff traffic, split the flows or add random delays. We empirically
validate the detectors with a simulator. Afterwards, we create a watermarkbased
version of our scheme to study the trade-off between performance and
detectability. Then, we compare the results with other state-of-the-art traffic
watermarking schemes in several scenarios concluding that our scheme
outperforms the rest. Finally, we present results using an implementation of
our method on live networks, showing that the conclusions can be extended to
real-world scenarios. Our scheme needs only tens of packets under normal
network interference and a few hundreds of packets when a number of
countermeasures are taken
Parallel contact-aware simulations of deformable particles in 3D Stokes flow
We present a parallel-scalable method for simulating non-dilute suspensions
of deformable particles immersed in Stokesian fluid in three dimensions. A
critical component in these simulations is robust and accurate collision
handling. This work complements our previous work [L. Lu, A. Rahimian, and D.
Zorin. Contact-aware simulations of particulate Stokesian suspensions. Journal
of Computational Physics 347C: 160-182] by extending it to 3D and by
introducing new parallel algorithms for collision detection and handling. We
use a well-established boundary integral formulation with spectral Galerkin
method to solve the fluid flow. The key idea is to ensure an interference-free
particle configuration by introducing explicit contact constraints into the
system. While such constraints are typically unnecessary in the formulation
they make it possible to eliminate catastrophic loss of accuracy in the
discretized problem by preventing contact explicitly. The incorporation of
contact constraints results in a significant increase in stable time-step size
for locally-implicit time-stepping and a reduction in the necessary number of
discretization points for stability. Our method maintains the accuracy of
previous methods at a significantly lower cost for dense suspensions and the
time step size is independent from the volume fraction. Our method permits
simulations with high volume fractions; we report results with up to 60% volume
fraction. We demonstrated the parallel scaling of the algorithms on up to 16K
CPU cores
Network Traffic Anomaly Detection
This paper presents a tutorial for network anomaly detection, focusing on
non-signature-based approaches. Network traffic anomalies are unusual and
significant changes in the traffic of a network. Networks play an important
role in today's social and economic infrastructures. The security of the
network becomes crucial, and network traffic anomaly detection constitutes an
important part of network security. In this paper, we present three major
approaches to non-signature-based network detection: PCA-based, sketch-based,
and signal-analysis-based. In addition, we introduce a framework that subsumes
the three approaches and a scheme for network anomaly extraction. We believe
network anomaly detection will become more important in the future because of
the increasing importance of network security.Comment: 26 page
HybridTE: Traffic Engineering for Very Low-Cost Software-Defined Data-Center Networks
The size of modern data centers is constantly increasing. As it is not
economic to interconnect all machines in the data center using a
full-bisection-bandwidth network, techniques have to be developed to increase
the efficiency of data-center networks. The Software-Defined Network paradigm
opened the door for centralized traffic engineering (TE) in such environments.
Up to now, there were already a number of TE proposals for SDN-controlled data
centers that all work very well. However, these techniques either use a high
amount of flow table entries or a high flow installation rate that overwhelms
available switching hardware, or they require custom or very expensive
end-of-line equipment to be usable in practice.
We present HybridTE, a TE technique that uses (uncertain) information about
large flows. Using this extra information, our technique has very low hardware
requirements while maintaining better performance than existing TE techniques.
This enables us to build very low-cost, high performance data-center networks
Multi-Flow Attacks Against Network Flow Watermarks: Analysis and Countermeasures
In this paper, we analyze several recent schemes for watermarking network
flows that are based on splitting the flow into timing intervals. We show that
this approach creates time-dependent correlations that enable an attack that
combines multiple watermarked flows. Such an attack can easily be mounted in
nearly all applications of network flow watermarking, both in anonymous
communication and stepping stone detection. The attack can be used to detect
the presence of a watermark, recover the secret parameters, and remove the
watermark from a flow. The attack can be effective even if different flows are
marked with different values of a watermark.
We analyze the efficacy of our attack using a probabilistic model and a
Markov-Modulated Poisson Process (MMPP) model of interactive traffic. We also
implement our attack and test it using both synthetic and real-world traces,
showing that our attack is effective with as few as 10 watermarked flows.
Finally, we propose possible countermeasures to defeat the multi-flow attack
Tag Spotting at the Interference Range
In wireless networks, the presence of interference among wireless links in-
troduces dependencies among flows that do not share a single link or node. As a
result, when designing a resource allocation scheme, be it a medium access
scheduler or a flow rate controller, one needs to consider the interdependence
among nodes within interference range of each other. Specifically, control
plane information needs to reach nearby nodes which often lie outside the
communi- cation range, but within the interference range of a node of interest.
But how can one communicate control plane information well beyond the existing
communication range? To address this fundamental need we introduce tag
spotting. Tag spotting refers to a communication system which allows re- liable
control data transmission at SNR values as low as 0 dB. It does this by
employing a number of signal encoding techniques including adding redundancy to
multitone modulation, shaping the spectrum to reduce inter-carrier interfer-
ence, and the use of algebraic coding. Making use of a detection theory-based
model we analyze the performance achievable by our modulation as well as the
trade-off between the rate of the information transmitted and the likelihood of
error. Using real-world experiments on an OFDM system built with software
radios, we show that we can transmit data at the target SNR value of 0 dB with
a 6% overhead; that is, 6% of our packet is used for our low-SNR decodable tags
(which carry up to a couple of bytes of data in our testbed), while the remain-
ing 94% is used for traditional header and payload data. We also demonstrate
via simulations how tag spotting can be used in implementing fair and efficient
rate control and scheduling schemes.Comment: 30 page
- …