An Overview of Distributed Denial of Service Traffic Detection Approaches

The availability of information and communication (IC) resources is a growing problem caused by the increase in the number of users, IC services, and the capacity constraints. IC resources need to be available to legitimate users at the required time. The availability is of crucial importance in IC environments such as smart city, autonomous vehicle, or critical infrastructure management systems. In the mentioned and similar environments the unavailability of resources can also have negative consequences on people\u27s safety. The distributed denial of service (DDoS) attacks and traffic that such attacks generate, represent a growing problem in the last decade. Their goal is to disable access to the resources for legitimate users. This paper analyses the trends of such traffic which indicates the importance of its detection methods research. The paper also provides an overview of the currently used approaches used in detection system and model development. Based on the analysis of the previous research, the disadvantages of the used approaches have been identified which opens the space and gives the direction for future research. Besides the mentioned this paper highlights a DDoS traffic generated through Internet of things (IoT) devices as an evolving threat that needs to be taken into consideration in the future studies.</p

Beyond Counting: New Perspectives on the Active IPv4 Address Space

In this study, we report on techniques and analyses that enable us to capture Internet-wide activity at individual IP address-level granularity by relying on server logs of a large commercial content delivery network (CDN) that serves close to 3 trillion HTTP requests on a daily basis. Across the whole of 2015, these logs recorded client activity involving 1.2 billion unique IPv4 addresses, the highest ever measured, in agreement with recent estimates. Monthly client IPv4 address counts showed constant growth for years prior, but since 2014, the IPv4 count has stagnated while IPv6 counts have grown. Thus, it seems we have entered an era marked by increased complexity, one in which the sole enumeration of active IPv4 addresses is of little use to characterize recent growth of the Internet as a whole. With this observation in mind, we consider new points of view in the study of global IPv4 address activity. Our analysis shows significant churn in active IPv4 addresses: the set of active IPv4 addresses varies by as much as 25% over the course of a year. Second, by looking across the active addresses in a prefix, we are able to identify and attribute activity patterns to network restructurings, user behaviors, and, in particular, various address assignment practices. Third, by combining spatio-temporal measures of address utilization with measures of traffic volume, and sampling-based estimates of relative host counts, we present novel perspectives on worldwide IPv4 address activity, including empirical observation of under-utilization in some areas, and complete utilization, or exhaustion, in others.Comment: in Proceedings of ACM IMC 201

Algorithms for Constructing Overlay Networks For Live Streaming

We present a polynomial time approximation algorithm for constructing an overlay multicast network for streaming live media events over the Internet. The class of overlay networks constructed by our algorithm include networks used by Akamai Technologies to deliver live media events to a global audience with high fidelity. We construct networks consisting of three stages of nodes. The nodes in the first stage are the entry points that act as sources for the live streams. Each source forwards each of its streams to one or more nodes in the second stage that are called reflectors. A reflector can split an incoming stream into multiple identical outgoing streams, which are then sent on to nodes in the third and final stage that act as sinks and are located in edge networks near end-users. As the packets in a stream travel from one stage to the next, some of them may be lost. A sink combines the packets from multiple instances of the same stream (by reordering packets and discarding duplicates) to form a single instance of the stream with minimal loss. Our primary contribution is an algorithm that constructs an overlay network that provably satisfies capacity and reliability constraints to within a constant factor of optimal, and minimizes cost to within a logarithmic factor of optimal. Further in the common case where only the transmission costs are minimized, we show that our algorithm produces a solution that has cost within a factor of 2 of optimal. We also implement our algorithm and evaluate it on realistic traces derived from Akamai's live streaming network. Our empirical results show that our algorithm can be used to efficiently construct large-scale overlay networks in practice with near-optimal cost

On Factors Affecting the Usage and Adoption of a Nation-wide TV Streaming Service

Using nine months of access logs comprising 1.9 Billion sessions to BBC iPlayer, we survey the UK ISP ecosystem to understand the factors affecting adoption and usage of a high bandwidth TV streaming application across different providers. We find evidence that connection speeds are important and that external events can have a huge impact for live TV usage. Then, through a temporal analysis of the access logs, we demonstrate that data usage caps imposed by mobile ISPs significantly affect usage patterns, and look for solutions. We show that product bundle discounts with a related fixed-line ISP, a strategy already employed by some mobile providers, can better support user needs and capture a bigger share of accesses. We observe that users regularly split their sessions between mobile and fixed-line connections, suggesting a straightforward strategy for offloading by speculatively pre-fetching content from a fixed-line ISP before access on mobile devices.Comment: In Proceedings of IEEE INFOCOM 201

Addressing fragmentation in EU mobile telecom markets. Bruegel Policy Contribution ISSUE 2015/13, July 2015

- Mobile telecommunications markets are an important part of the European Commission’s strategy for the completion of the European Union Digital Single. The use of mobile telecommunications – particularly mobile data access – is growing and becoming an increasingly important input for the economy. - The EU currently does not have a unified mobile telecommunications market. The EU compares favourably to the United States in terms of prices and connection speed, but lags behind in terms of coverage of high-speed 4G wireless connections. -Europe’s long-term goal should be to make data access easier by increasing highspeed wireless coverage while keeping prices down for users. An increase in cross-border competition could help to achieve that goal. - The Commission has two important levers to help stimulate cross-border supply:(a) ensuring competition in intra-country mobile markets in order to provide an incentive for operators to expand into other jurisdictions, and (b) reducing mobile operators’ costs of expansion into multiple EU countries. The further development of policies on international roaming and radio spectrum management will be central to this effort

Stellar: Network Attack Mitigation using Advanced Blackholing

© ACM 2018. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies - CoNEXT ’18, http://dx.doi.org/10.1145/3281411.3281413.Network attacks, including Distributed Denial-of-Service (DDoS), continuously increase in terms of bandwidth along with damage (recent attacks exceed 1.7 Tbps) and have a devastating impact on the targeted companies/governments. Over the years, mitigation techniques, ranging from blackholing to policy-based filtering at routers, and on to traffic scrubbing, have been added to the network operator’s toolbox. Even though these mitigation techniques pro- vide some protection, they either yield severe collateral damage, e.g., dropping legitimate traffic (blackholing), are cost-intensive, or do not scale well for Tbps level attacks (ACL filltering, traffic scrubbing), or require cooperation and sharing of resources (Flowspec). In this paper, we propose Advanced Blackholing and its system realization Stellar. Advanced blackholing builds upon the scalability of blackholing while limiting collateral damage by increasing its granularity. Moreover, Stellar reduces the required level of cooperation to enhance mitigation effectiveness. We show that fine-grained blackholing can be realized, e.g., at a major IXP, by combining available hardware filters with novel signaling mechanisms. We evaluate the scalability and performance of Stellar at a large IXP that interconnects more than 800 networks, exchanges more than 6 Tbps tra c, and witnesses many network attacks every day. Our results show that network attacks, e.g., DDoS amplification attacks, can be successfully mitigated while the networks and services under attack continue to operate untroubled.EC/H2020/679158/EU/Resolving the Tussle in the Internet: Mapping, Architecture, and Policy Making/ResolutioNetDFG, FE 570/4-1, Gottfried Wilhelm Leibniz-Preis 201

Resilience to DDoS attacks

Tese de mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasDistributed Denial-of-Service (DDoS) is one of the most common cyberattack used by malicious actors. It has been evolving over the years, using more complex techniques to increase its attack power and surpass the current defense mechanisms. Due to the existent number of different DDoS attacks and their constant evolution, companies need to be constantly aware of developments in DDoS solutions Additionally, the existence of multiple solutions, also makes it hard for companies to decide which solution best suits the company needs and must be implemented. In order to help these companies, our work focuses in analyzing the existing DDoS solutions, for companies to implement solutions that can lead to the prevention, detection, mitigation, and tolerance of DDoS attacks, with the objective of improving the robustness and resilience of the companies against DDoS attacks. In our work, it is presented and described different DDoS solutions, some need to be purchased and other are open-source or freeware, however these last solutions require more technical expertise by cybersecurity agents. To understand how cybersecurity agents protect their companies against DDoS attacks, nowadays, it was built a questionnaire and sent to multiple cybersecurity agents from different countries and industries. As a result of the study performed about the different DDoS solutions and the information gathered from the questionnaire, it was possible to create a DDoS framework to guide companies in the decisionmaking process of which DDoS solutions best suits their resources and needs, in order to ensure that companies can develop their robustness and resilience to fight DDoS attacks. The proposed framework it is divided in three phases, in which the first and second phase is to understand the company context and the asset that need to be protected. The last phase is where we choose the DDoS solution based on the information gathered in the previous phases. We analyzed and presented for each DDoS solutions, which DDoS attack types they can prevent, detect and/or mitigate

하이테크 전쟁: 중국의 부상에 대응하는 미국의 사이버 안보에 관한 연구

학위논문 (석사)-- 서울대학교 국제대학원 국제학과, 2017. 8. Jiyeoun Song.The United States hegemony is challenged by China. With Chinas economic and military rise, it is inevitable a power transition will take place. In this power transition from the United States to China, the use of cyberspace will be prevalent. This thesis proposes the United States public and private sector should form a partnership that uses a multifaceted approach in protecting its interests against China. The tenets of the multifaceted approach are: 1. Dialogue between the United States government and private sector which involves inviting private sector leaders to discuss pervasive issues in cyber security2. Create special commission on cyber security that passes legislation to update and protect cyber security of the public and private sector3. Reanalyze open source and consider block chain and create a comprehensive crisis management plan4. Honor the U.S.-China cyber agreement and discuss the importance of cyber security with Chinese stakeholders5. Punish Chinese citizens who engage in espionage and push for international law for cybersecurity. This multifaceted approach is a strategy that would enhance U.S. cyber defense and protect its vital interests against a rival China.1. Introduction 1 1. 1 Research Question 6 2. Background 8 2.1 Power Transition: United States and China 8 2.2 Cyberspace and Chinese Cyber Attacks 13 3. Previous Studies 20 4. Analysis 28 4.1 Statistics of Chinese cyber attacks 28 4.2 Titan Rain 33 4.3 Operation Aurora 37 5. U.S.- China Cyber agreement 42 6. Recommendations 46 6.1 Private and Public Sector Dialogue 46 6.2 United States Cybersecurity Special Committee and Cybersecurity Legislation 48 6.3 Block chain and a Crisis Management Plan 49 6.4 Honor the U.S.- China Cyber agreement and engage in dialogue 50 6.5 Punishment and International Law 52 7. Conclusion and Limitations 54 7.1. Limitations 54 7.2 Conclusion 55 References 57 Korean Abstract 63Maste