DDoS defense by offense

This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.National Science Foundation (U.S.) (NSF grant CNS-0225660)National Science Foundation (U.S.) (NSF grant CNS-0520241)United States. Dept. of Defense (National Security Science and Engineering Faculty Fellowship

A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks

Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack. © 1998-2012 IEEE

Scalable DDoS mitigation system for data centers

Abstract Distributed Denial of Service attacks (DDoS) have been used by attackers for over two decades because of their effectiveness. This type of the cyber-attack is one of the most destructive attacks in the Internet. In recent years, the intensity of DDoS attacks has been rapidly increasing and the attackers combine more often different techniques of DDoS to bypass the protection. Therefore, the main goal of our research is to propose a DDoS solution that allows to increase the filtering capacity linearly and allows to protect against the combination of attacks. The main idea is to develop the DDoS defense system in the form of a portable software image that can be installed on the reserve hardware capacities. During a DDoS attack, these servers will be used as filters of this DDoS attack. Our solution is suitable for data centers and eliminates some lacks of commercial solutions. The system employs modular DDoS filters in the form of special grids containing specific protocol parameters and conditions

USA v. Bruce Raisley

USDC for the District of New Jerse

Transnational Cyber Offenses: Overcoming Jurisdictional Challenges

In his 1996 Declaration of the Independence of Cyber Space, cyber activist (and former Grateful Dead lyricist) John Perry Barlow vividly described the Internet as a place beyond national borders: Governments of the Industrial World, you weary giants of flesh and steel, ... I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear. ... Cyberspac

War of Nerves: Russia\u27s Use of Cyber Warfare in Estonia, Georgia and Ukraine

This project examines how Soviet military thought has influenced present day Russian military doctrine and has evolved to include cyber warfare as part of the larger structure of Russian information warfare. The analysis of three case studies of Russian cyber activity, the attack on Estonia (2007), the Russian-Georgian war (2008) and the ongoing Ukrainian war (beginning 2014), demonstrates the continuity of military doctrine and the physical manifestation of Russia’s cyber capabilities

Making Cyberspace Safe for Democracy: The Challenge Posed by Denial-of-Service Attacks

In December 2010, the British government braced itself for a sudden threat: Overnight, tens of thousands of people had acquired a weapon called the Low Orbit lon Cannon (LOIC). The good news for British authorities was that this cannon is not actually a space laser or hardly even a weapon; it is an old diagnostic computer program that allows an individual to test a network\u27s capacity to handle traffic by sending information to the network\u27s servers. The bad news was that a nebulous online hacking collective called Anonymous was successfully encouraging these tens of thousands of people to use this tool to disrupt the availability of the websites of a few major corporations. The program allowed individuals to participate in organized attempts to overwhelm each company\u27s servers with information-so much information that those servers could not process other users\u27 normal requests for access. The goal of this type of assault, known as a denial-of-service (DOS) attack, is to disrupt a target organization\u27s online presence for as long as the attacking computers continue to send such information. The immediate consequence of a successful attack is somewhat anticlimactic: The target organization\u27s website simply fails to load upon request. Nevertheless, the idea that thousands of nameless, faceless individuals could have banded together to produce that result adds social significance to what would otherwise be a purely technical problem