202 research outputs found
Near-Optimal Defense Strategies against DDoS Attacks Based upon Packet Filtering and Blocking Enabled by Packet Marking
In the paper, the DDoS scenario is modelled as a mathematical programming problem. The defender strategically utilizes the limited resources to maximize the legitimate traffic, and he can adopt packet marking to observe the network status. The information extracts from the marking field can help the defender develop a defense strategy which combines packet filtering and packet blocking. A Lagrangean relaxation-based algorithm is proposed to optimally solve the problem
Network attack detection at flow level
In this paper, we propose a new method for detecting unauthorized network
intrusions, based on a traffic flow model and Cisco NetFlow protocol
application. The method developed allows us not only to detect the most common
types of network attack (DDoS and port scanning), but also to make a list of
trespassers' IP-addresses. Therefore, this method can be applied in intrusion
detection systems, and in those systems which lock these IP-addresses
Reaction to New Security Threat Class
Each new identified security threat class triggers new research and
development efforts by the scientific and professional communities. In this
study, we investigate the rate at which the scientific and professional
communities react to new identified threat classes as it is reflected in the
number of patents, scientific articles and professional publications over a
long period of time. The following threat classes were studied: Phishing; SQL
Injection; BotNet; Distributed Denial of Service; and Advanced Persistent
Threat. Our findings suggest that in most cases it takes a year for the
scientific community and more than two years for industry to react to a new
threat class with patents. Since new products follow patents, it is reasonable
to expect that there will be a window of approximately two to three years in
which no effective product is available to cope with the new threat class
DDoS Attack Detection Using Cooperative Overlay Networks and Gossip Protocol
DDoS attacks have major impact on the affected networks viz. packet transmission delays, network outage, website sabotage, financial losses, legitimate-user blockage and reputation damage. Existing DDoS detection techniques are either implemented at the victim node (but the damage is already done) or at many intermediate routers which run DDoS detection algorithms, that adds additional delay and more processing. We aim to detect DDoS attacks by using a new technique of cooperative overlay networks which overcomes the above problems by implementing the DDoS detection algorithm at one hop distance nodes (called defense nodes) from the victim.
DOI: 10.17762/ijritcc2321-8169.15062
DESIGN A SECURITY FIREWALL POLICY TO FILTER INCOMING TRAFFIC IN PACKET SWITCHED NETWORKS USING CLASSIFICATION METHODS
Firewalls are core elements in network security. However, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to correctly implement the security policy. In addition, inserting or modifying a filtering rule requires to overcome and filter a range of special attacks or issues in network. In this paper, we present a machine learning based algorithm that filter Denial of Service (DoS) attacks in networks. This filtering algorithm has been designed by using a classification algorithm based on principal component and correlation based filters. We show good quality and performance of our algorithm experimentally by executing our algorithm on a several packet flow data sets.Firewalls are core elements in network security. However, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to correctly implement the security policy. In addition, inserting or modifying a filtering rule requires to overcome and filter a range of special attacks or issues in network. In this paper, we present a machine learning based algorithm that filter Denial of Service (DoS) attacks in networks. This filtering algorithm has been designed by using a classification algorithm based on principal component and correlation based filters. We show good quality and performance of our algorithm experimentally by executing our algorithm on a several packet flow data sets
An Efficient Analytical Solution to Thwart DDoS Attacks in Public Domain
In this paper, an analytical model for DDoS attacks detection is proposed, in
which propagation of abrupt traffic changes inside public domain is monitored
to detect a wide range of DDoS attacks. Although, various statistical measures
can be used to construct profile of the traffic normally seen in the network to
identify anomalies whenever traffic goes out of profile, we have selected
volume and flow measure. Consideration of varying tolerance factors make
proposed detection system scalable to the varying network conditions and attack
loads in real time. NS-2 network simulator on Linux platform is used as
simulation testbed. Simulation results show that our proposed solution gives a
drastic improvement in terms of detection rate and false positive rate.
However, the mammoth volume generated by DDoS attacks pose the biggest
challenge in terms of memory and computational overheads as far as monitoring
and analysis of traffic at single point connecting victim is concerned. To
address this problem, a distributed cooperative technique is proposed that
distributes memory and computational overheads to all edge routers for
detecting a wide range of DDoS attacks at early stage.Comment: arXiv admin note: substantial text overlap with arXiv:1203.240
- …