DDoS-Capable IoT Malwares: comparative analysis and Mirai Investigation

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far

A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks

Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack. © 1998-2012 IEEE

FAIR: Forwarding Accountability for Internet Reputability

This paper presents FAIR, a forwarding accountability mechanism that incentivizes ISPs to apply stricter security policies to their customers. The Autonomous System (AS) of the receiver specifies a traffic profile that the sender AS must adhere to. Transit ASes on the path mark packets. In case of traffic profile violations, the marked packets are used as a proof of misbehavior. FAIR introduces low bandwidth overhead and requires no per-packet and no per-flow state for forwarding. We describe integration with IP and demonstrate a software switch running on commodity hardware that can switch packets at a line rate of 120 Gbps, and can forward 140M minimum-sized packets per second, limited by the hardware I/O subsystem. Moreover, this paper proposes a "suspicious bit" for packet headers - an application that builds on top of FAIR's proofs of misbehavior and flags packets to warn other entities in the network.Comment: 16 pages, 12 figure

Defense Against Distributed Denial of Service Attacks in Computer Networks

Tohoku University亀山充隆課

Global DDoS Threat Landscape Tracking Network Anomalies using Elliptic Curve Cryptography

Devices, such as in mobile devices or RFID. In brief, ECC based algorithms can be easily comprised into existing protocols to get the same retrograde compatibility and security with lesser resources.: Recent variants of Distributed Denial-of-Service (DDoS) attacks influence the flexibility of application-layer procedures to disguise malicious activities as normal traffic patterns, while concurrently overwhelming the target destination with a large application rate. New countermeasures are necessary, aimed at guaranteeing an early and dependable identification of the compromised network nodes (the botnet). This work familiarizes a formal model for the above-mentioned class of attacks, and we devise an implication algorithm that estimates the botnet hidden in the network, converging to the true solution as time developments. Notably, the analysis is validated over real network traces. An important building block for digital communication is the Public-key cryptography systems. Public-Key cryptography (PKC) systems can be used to provide secure substructures over insecure channels without swapping a secret key. Applying Public-Key cryptography organizations is a challenge for most submission stages when several factors have to be considered in selecting the application platform. The most popular public-key cryptography systems nowadays are RSA and Elliptic Curve Cryptography (ECC). The compensations can be achieved from smaller key sizes including storing, speed and efficient use of power and bandwidth. The use of shorter keys means lower space necessities for key storage and quicker calculation operations. These advantages are essential when public-key cryptography is applied in constrained

An autonomous router-based solution to detect and defend low rate DDoS attacks

Internet security was not a concern when the Internet was invented, but we cannot deny this fact anymore. Since all forms of businesses and communications are aligned to the Internet in one form or the other, the security of these assets (both infrastructure and content) is of prime importance. Some of the well known consequences of an attack include gaining access to a network, intellectual property thefts, and denial of service. This thesis focuses on countering flood-type attacks that result in denial of service to end users. A new classification of this denial of service attacks, known as the low rate denial of service, will be the crux of our discussion. The average rate of this attack is so low that most routers or victims fail to detect the attack. Thus far, no solution can counter the low rate attacks without degrading the normal performance of the Transmission Control Protocol. This work proposes a router-based solution to detect and defend low as well as high rate distributed denial of service attacks (DDoS). A per flow approach coupled with the Deterministic Packet Marking scheme is used to detect and block attack flows autonomously. The solution provides a rapid detection and recovery procedure during an attack

Adaptive Response System for Distributed Denial-of-Service Attacks

The continued prevalence and severe damaging effects of the Distributed Denial of Service (DDoS) attacks in today’s Internet raise growing security concerns and call for an immediate response to come up with better solutions to tackle DDoS attacks. The current DDoS prevention mechanisms are usually inflexible and determined attackers with knowledge of these mechanisms, could work around them. Most existing detection and response mechanisms are standalone systems which do not rely on adaptive updates to mitigate attacks. As different responses vary in their “leniency” in treating detected attack traffic, there is a need for an Adaptive Response System. We designed and implemented our DDoS Adaptive ResponsE (DARE) System, which is a distributed DDoS mitigation system capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integrations for both signature-based and anomaly-based detection modules. Additionally, the design of DARE’s individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. These components consist of an Enhanced TCP SYN Attack Detector and Bloom-based Filter, a DDoS Flooding Attack Detector and Flow Identifier, and a Non Intrusive IP Traceback mechanism. The components work together interactively to adapt the detections and responses in accordance to the attack types. Experiments conducted on DARE show that the attack detection and mitigation are successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests is maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. We also designed and implemented a Traffic Redirection Attack Protection System (TRAPS), a stand-alone DDoS attack detection and mitigation system for IPv6 networks. In TRAPS, the victim under attack verifies the authenticity of the source by performing virtual relocations to differentiate the legitimate traffic from the attack traffic. TRAPS requires minimal deployment effort and does not require modifications to the Internet infrastructure due to its incorporation of the Mobile IPv6 protocol. Experiments to test the feasibility of TRAPS were carried out in a testbed environment to verify that it would work with the existing Mobile IPv6 implementation. It was observed that the operations of each module were functioning correctly and TRAPS was able to successfully mitigate an attack launched with spoofed source IP addresses

A review of cyber threats and defence approaches in emergency management

Emergency planners, first responders and relief workers increasingly rely on computational and communication systems that support all aspects of emergency management, from mitigation and preparedness to response and recovery. Failure of these systems, whether accidental or because of malicious action, can have severe implications for emergency management. Accidental failures have been extensively documented in the past and significant effort has been put into the development and introduction of more resilient technologies. At the same time researchers have been raising concerns about the potential of cyber attacks to cause physical disasters or to maximise the impact of one by intentionally impeding the work of the emergency services. Here, we provide a review of current research on the cyber threats to communication, sensing, information management and vehicular technologies used in emergency management. We emphasise on open issues for research, which are the cyber threats that have the potential to affect emergency management severely and for which solutions have not yet been proposed in the literature

A Review on Distributed Denial of Service Attack On Network Traffic

Distributed Denial of Service (DDoS) attacks is the most difficult issues for network security. The attacker utilizes vast number of traded off hosts to dispatch attack on victim. Different DDoS defense components go for distinguishing and keeping the attack traffic. The adequacy relies upon the purpose of sending. The reason for this paper is to examine different detection and defense mechanism, their execution and deployment attributes. This helps in understanding which barrier ought to be sent under what conditions and at what areas