An Approach for Mitigating Denial of Service Attack

Distributed Denial of Service (DDoS) attacks are the most common types of cyber-attack on the internet and are rapidly increasing. Denial of service/distributed denial of service attack is an explicit attempt to make a machine or a network resource unavailable to its intended users. Attackers interrupt/suspend services of the host connected to internet temporarily or indefinitely.It involves saturating the target machine with external communication requests such that it cannot either respond to legitimate traffic or responds so slowly as to be rendered effectively unavailable. Two general form of Dos attacks are - those attacks that crashes services (computer attack) and those that flood services (network attack). Flooding DDoS attacks produce adverse effects for critical infrastructure availability, integrity and confidentiality. Current defense approaches cannot efficiently detect and filter out the attack traffic in real time. Based on the assumption that the attacker flows are very aggressive than the legitimate users the proposed work provides sufficient bandwidth to genuine users during flooding DDoS attack.The aim of the project is to implement an approach for mitigating DDoS based on “The Interface Based Rate Limiting (IBRL) algorithm”, used to mitigate the identified DDoS attacks. The implementation is carried out on a simulation tool Omnett++ installed on linux machine. The results are the plots that show that there is considerable increase in the two important and significant measures, response time and packet drop metrics for legitimate users even under DoS and DDoS attacks

Discriminating DDoS flows from flash crowds using information distance

Discriminating DDoS flooding attacks from flash crowds poses a tough challenge for the network security community. Because of the vulnerability of the original design of the Internet, attackers can easily mimic the patterns of legitimate network traffic to fly under the radar. The existing fingerprint or feature based algorithms are incapable to detect new attack strategies. In this paper, we aim to differentiate DDoS attack flows from flash crowds. We are motivated by the following fact: the attack flows are generated by the same prebuilt program (attack tools), however, flash crowds come from randomly distributed users all over the Internet. Therefore, the flow similarity among DDoS attack flows is much stronger than that among flash crowds. We employ abstract distance metrics, the Jeffrey distance, the Sibson distance, and the Hellinger distance to measure the similarity among flows to achieve our goal. We compared the three metrics and found that the Sibson distance is the most suitable one for our purpose. We apply our algorithm to the real datasets and the results indicate that the proposed algorithm can differentiate them with an accuracy around 65%.<br /

Active router approach to defeating denial-of-service attacks in networks

Denial-of-service attacks represent a major threat to modern organisations who are increasingly dependent on the integrity of their computer networks. A new approach to combating such threats introduces active routers into the network architecture. These active routers offer the combined benefits of intrusion detection, firewall functionality and data encryption and work collaboratively to provide a distributed defence mechanism. The paper provides a detailed description of the design and operation of the algorithms used by the active routers and demonstrates how this approach is able to defeat a SYN and SMURF attack. Other approaches to network design, such as the introduction of a firewall and intrusion detection systems, can be used to protect networks, however, weaknesses remain. It is proposed that the adoption of an active router approach to protecting networks overcomes many of these weaknesses and therefore offers enhanced protection

An Approach to Develop Security Aspect of MANET using NS2 Field

A Mobile network is a open area network in which any user can enter to the system and increases the network traffic. Large amount of useless traffic over the network results the congestion on the network nodes. As the data is transferred over these nodes, it increases the network delay and the data loss over the network. To identify the safe path over the network, we have defined an association mining based adaptive approach under different parameters. A Mobile network always undergoes from different kind of external and internal attacks. One of such internal attack is DOS attack (Denial-of-Service). A DOS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the network. In this type of attack a particular user flooded the bandwidth with useless traffic and disturbs flow of data to other users. So a reliable communication path over the network is required with minimum delay & loss. Data mining approach is used to present the solution for this problem with effective throughput and minimum loss over the network. DOI: 10.17762/ijritcc2321-8169.15064

Enriched Model of Case Based Reasoning and Neutrosophic Intelligent System for DDoS Attack Defence in Software Defined Network based Cloud

Software Defined Networking in Cloud paradigm is most suitable for dynamic functionality and reduces the computation complexity. The routers and switches located at the network's boundaries are managed by software-defined netwrking (SDN) using open protocols and specialised open programmable interfaces. But the security threats often degrade the performance of SDN due to its constraints of resource usage. The most sensitive components which are vulnerable to DDoS attacks are controller and control plane bandwidth. The existing conventional classification algorithms lacks in detection of new or unknown traffic packets which are malicious and results in degradation of SDN performance in cloud resources. Hence, in this paper double filtering methodology is devised to detect both known and unknown pattern of malicious packets which affects the bandwidth of the control panel and the controller. The case-based reasoning is adapted for determining the known incoming traffic patterns before entering the SDN system. It classifies the packets are normal or abnormal based on the previous information gathered. The traffic patterns which is not matched from the previous patterns is treated as indeterministic packet and it is defined more precisely using the triplet representation of Neutrosophic intelligent system. The grade of belongingness, non-belongingness and indeterminacyis used as the main factors to detect the new pattern of attacking packets more effectively. From the experimental outcomes it is proved that DDoS attack detection in SDN based cloud environment is improved by adopting CBR-NIS compared to the existing classification model

An Evolutionary Approach for Learning Attack Specifications in Network Graphs

This paper presents an evolutionary algorithm that learns attack scenarios, called attack specifications, from a network graph. This learning process aims to find attack specifications that minimise cost and maximise the value that an attacker gets from a successful attack. The attack specifications that the algorithm learns are represented using an approach based on Hoare's CSP (Communicating Sequential Processes). This new approach is able to represent several elements found in attacks, for example synchronisation. These attack specifications can be used by network administrators to find vulnerable scenarios, composed from the basic constructs Sequence, Parallel and Choice, that lead to valuable assets in the network

Defesa psicológica e segurança cibernética

Disruptive developments in the field of information and communication technology have enabled malicious actors to turn elements of the digital ecosystem into information weapons in hybrid conflict.&nbsp; Estonia has tackled the new security realm with comprehensive national defence that is built upon understanding that the society itself is object of security and should provide appropriate safeguards and responses. Estonian conceptualisations of national cybersecurity, cyber psychological defence, strategic communications are elaborated in the light of actual seminal threat situations. Analysis of evolvement of the strategic documents guides the recommendations for even deeper blend of the technical cybersecurity culture with value-centric psychological defence and internationalisation of information security situational awareness and planning.Los avances disruptivos en el campo de la tecnología de la información y las comunicaciones han permitido a los actores malintencionados convertir elementos del ecosistema digital en armas de información en conflictos híbridos. Estonia ha abordado el nuevo ámbito de la seguridad con una defensa nacional integral que se basa en el entendimiento de que la propia sociedad es objeto de seguridad y debe proporcionar las salvaguardias y las respuestas adecuadas. Las conceptualizaciones estonias de la ciberseguridad nacional, la ciberdefensa psicológica y las comunicaciones estratégicas se elaboran a la luz de situaciones reales de amenazas seminales. El análisis de la evolución de los documentos estratégicos guía las recomendaciones para una combinación aún más profunda de la cultura técnica de ciberseguridad con la defensa psicológica centrada en el valor y la internacionalización de la planificación y el conocimiento de la situación de la seguridad de la información.Desenvolvimentos disruptivos no campo da tecnologia da informação e comunicação permitiram que atores maliciosos transformassem elementos do ecossistema digital em armas de informação em conflitos híbridos. A Estônia abordou o novo domínio da segurança com uma defesa nacional abrangente, baseada na compreensão de que a própria sociedade é objeto de segurança e deve fornecer salvaguardas e respostas adequadas. As conceituações estonianas de cibersegurança nacional, defesa psicológica cibernética e comunicações estratégicas são elaboradas à luz de situações reais de ameaças seminais. A análise da evolução dos documentos estratégicos orienta as recomendações para uma mistura ainda mais profunda da cultura técnica de segurança cibernética com a defesa psicológica centrada em valores e a internacionalização da consciência situacional e do planejamento da segurança da informação

Preventing State-Led Cyberattacks Using the Bright Internet and Internet Peace Principles

The Internet has engendered serious cybersecurity problems due to its anonymity, transnationality, and technical shortcomings. This paper addresses state-led cyberattacks (SLCAs) as a particular source of threats. Recently, the concept of the Bright Internet was proposed as a means of shifting the cybersecurity paradigm from self-defensive protection to the preventive identification of malevolent origins through adopting five cohesive principles. To design a preventive solution against SLCAs, we distinguish the nature of SLCAs from that of private-led cyberattacks (PLCAs). We then analyze what can and cannot be prevented according to the principles of the Bright Internet. For this research, we collected seven typical SLCA cases and selected three illustrative PLCA cases with eleven factors. Our analysis demonstrated that Bright Internet principles alone are insufficient for preventing threats from the cyberterror of noncompliant countries. Thus, we propose a complementary measure referred to here as the Internet Peace Principles, which define that the Internet should be used only for peaceful purposes in accordance with international laws and norms. We derive these principles using an approach that combines the extension of physical conventions to cyberspace, the expansion of international cybersecurity conventions to global member countries, and analogical international norms. Based on this framework, we adopt the Charter of the United Nations, the Responsibility of States for Internationally Wrongful Acts, Recommendations by the United Nations Group of Governmental Experts, the Tallinn Manual, and Treaty of the Non-Proliferation of Nuclear Weapons, and others as reference norms that we use to derive the consistent international order embodied by the Internet Peace Principles