21 research outputs found
Analisa Pengelompokan Cyber Crime Pada Penerapan Electronic Commerce
The rapid development of Information Technology (IT) greatly influences human needs and activities. One influence occurs in buying and selling transactions carried out by two parties, namely consumers and producers or more online. The transaction process is E-commerce (Electronic Commerce). Internet use certainly has risks, one of which is Cyber Crime. Cyber Crime is a crime committed in the internet world involving individuals or groups. Types of Cyber Crime consist of hacking, craking, sniffing and so forth. Cyber Crime cases are grouped into 4 groups namely Interruption, Interception, Modification, and Fabrication. This study uses a literature study method that analyzes 21 journals that discuss Cyber Crime in E-Commerce. The purpose of this study is to determine the Cyber Crime that often occurs in E-Commerce. The results of this study provide recommendations that can be used for developers related to the Cyber Crime group that need to be watched out and prevented.Keywords- E-Commerce, Cyber Crim
Analisa Pengelompokan Cyber Crime Pada Penerapan Electronic Commerce
The rapid development of Information Technology (IT) greatly influences human needs and activities. One influence occurs in buying and selling transactions carried out by two parties, namely consumers and producers or more online. The transaction process is E-commerce (Electronic Commerce). Internet use certainly has risks, one of which is Cyber Crime. Cyber Crime is a crime committed in the internet world involving individuals or groups. Types of Cyber Crime consist of hacking, craking, sniffing and so forth. Cyber Crime cases are grouped into 4 groups namely Interruption, Interception, Modification, and Fabrication. This study uses a literature study method that analyzes 21 journals that discuss Cyber Crime in E-Commerce. The purpose of this study is to determine the Cyber Crime that often occurs in E-Commerce. The results of this study provide recommendations that can be used for developers related to the Cyber Crime group that need to be watched out and prevented.Keywords- E-Commerce, Cyber Crim
DDoS Attack Detection Using Cooperative Overlay Networks and Gossip Protocol
DDoS attacks have major impact on the affected networks viz. packet transmission delays, network outage, website sabotage, financial losses, legitimate-user blockage and reputation damage. Existing DDoS detection techniques are either implemented at the victim node (but the damage is already done) or at many intermediate routers which run DDoS detection algorithms, that adds additional delay and more processing. We aim to detect DDoS attacks by using a new technique of cooperative overlay networks which overcomes the above problems by implementing the DDoS detection algorithm at one hop distance nodes (called defense nodes) from the victim.
DOI: 10.17762/ijritcc2321-8169.15062
Detection and Counter Measure of AL-DDoS Attacks in Web Traffic
Distributed Denial-of-Service (DDoS) assaults are a developing danger crosswise over Internet, disturbing access to Information and administrations. Presently days, these assaults are focusing on the application layer. Aggressors are utilizing systems that are exceptionally hard to recognize and relieve. In this task propose another technique to recognize AL-DDoS assaults. This work separates itself from past techniques by considering AL-DDoS assault location in overwhelming spine activity. In addition, the identification of AL-DDoS assaults is effectively deceived by glimmer group movement. By analyzing the entropy of AL-DDoS assaults and glimmer swarms, these model output be utilized to perceive the genuine AL-DDoS assaults. With a quick AL-DDoS identification speed, the channel is equipped for letting the real demands through yet the assault movement is halted
LOW INTERACTION HONEYPOT UNTUK MEMINIMALISIR SERANGAN DISTRIBUTED DENIAL OF SERVICE (DDOS) : Slowloris Terhadap Web Server
Slowloris merupakan salah satu open-source tool serangan DDoS yang pada umumnya menyerang web server berbasis software Apache. Selama ini, untuk mengurangi serangan Slowloris digunakanlah firewall, load balancer dan penambahan jumlah web server. Penelitian ini bertujuan untuk merancang mekanisme pertahanan yang terdiri dari Low Interaction Honeypot (HoneyPy) dan stateless firewall sehingga tak perlu menambahkan jumlah web server. Keandalan mekanisme pertahanan tersebut diuji dengan melakukan eksperimen dalam tiga kondisi, yaitu kondisi normal tanpa penyerangan sama sekali, kondisi penyerangan tanpa mekanisme pertahanan dan dengan mekanisme pertahanan. Dampak yang ditimbulkan oleh serangan Slowloris dilihat dari jumlah paket client error. Penyerangan dilakukan selama 5 menit dengan membuat 1000 koneksi ke web server. Ketika kondisi normal, jumlah paket client error tidak ada sama sekali karena tidak ada penyerangan. Ketika penyerangan tanpa mekanisme pertahanan, paket client error berjumlah 2142 paket. Sedangkan ketika dengan mekanisme pertahanan, jumlah paket client error turun menjadi 33 paket. Sehingga, dapat disimpulkan bahwa adanya Low Interaction Honeypot dalam mekanisme pertahanan dapat menurunkan dampak serangan Slowloris serta memperlambat penyerangan.;--Slowloris is an open-source DDoS attack tool that generally attacks Apache-based web servers. During this time, Firewalls, load balancers and additional numbers of web servers are used to mitigate the Slowloris attack. This research aims to design the defense mechanism consisting of Low Interaction Honeypot (HoneyPy) and the stateless firewall so we donāt need to use more web servers. The reliability of the defense mechanism was tested by conducting an experiment in three conditions, the normal condition when there are no attacks at all, the attacking condition with and without the defense mechanism. The impact caused by the Slowloris attack can be seen from the number of client error packets. The attack was carried out for 5 minutes by making 1000 connections to the webserver. There is no client error packets in the normal condition because there are no attacks. In the attacking condition without the defense mechanism, the client error packets are 2142 packets. Whereas, in the attacking condition with the defense mechanism, the number of client error packets drops to 33 packets. Thus, it can be concluded that the existence of Low Interaction Honeypot in defense mechanisms can reduce the impact of Slowloris attacks and slow down the attacks
EXECUĆĆO E ESTRATĆGIAS PARA MITIGAĆĆO DE ATAQUES DE NEGAĆĆO DE SERVIĆO EM SERVIDORES WEB: UM RELATO DE EXPERIĆNCIA
This paper describes the execution of denial of service attacks performed on web servers configured with different Apache versions, trying to reflect scenarios commonly found in Federal Institutions of Higher Education in Brazil. The approach consisted of the following steps: (i) tool selection for the experiment; (ii) definition of attack parameters; (iii) execution of attack with a selected tool in (i) on servers with similar characteristics to those in production; and (iv) execution of an attack with changes in the firewall as a strategy to mitigate the attack. Based on the observed result, the default configuration does not protect servers from simple denial of service attacks, but the settings implemented in (iv) were sufficient to prevent similar attacks from being successful in future executions.Este artigo descreve a execuĆ§Ć£o de ataques de negaĆ§Ć£o de serviƧo realizados em servidores web configurados com diferentes versƵes do Apache, buscando refletir cenĆ”rios comumente encontrados em InstituiƧƵes Federais de Ensino Superior do Brasil. A abordagem consistiu nas seguintes etapas: (i) seleĆ§Ć£o de ferramenta para o experimento; (ii) definiĆ§Ć£o de parĆ¢metros de ataque; (iii) execuĆ§Ć£o de ataque com uma ferramenta selecionada em (i), em servidores com caracterıĢsticas semelhantes aos em produĆ§Ć£o; e (iv) execuĆ§Ć£o de ataque com alteraƧƵes no firewall como estratĆ©gia para mitigaĆ§Ć£o do ataque. Com base no resultado observado, a configuraĆ§Ć£o padrĆ£o nĆ£o protege os servidores de ataques de negaĆ§Ć£o de serviƧo simples, mas as configuraƧƵes implementadas em (iv) foram suficientes para impedir que ataques semelhantes aos que foram realizados obtenham sucesso em execuƧƵes futuras
CALD : surviving various application-layer DDoS attacks that mimic flash crowd
Distributed denial of service (DDoS) attack is a continuous critical threat to the Internet. Derived from the low layers, new application-layer-based DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. The case may be more serious when suchattacks mimic or occur during the flash crowd event of a popular Website. In this paper, we present the design and implementation of CALD, an architectural extension to protect Web servers against various DDoS attacks that masquerade as flash crowds. CALD provides real-time detection using mess tests but is different from other systems that use resembling methods. First, CALD uses a front-end sensor to monitor thetraffic that may contain various DDoS attacks or flash crowds. Intense pulse in the traffic means possible existence of anomalies because this is the basic property of DDoS attacks and flash crowds. Once abnormal traffic is identified, the sensor sends ATTENTION signal to activate the attack detection module. Second, CALD dynamically records the average frequency of each source IP and check the total mess extent. Theoretically, the mess extent of DDoS attacks is larger than the one of flash crowds. Thus, with some parameters from the attack detection module, the filter is capable of letting the legitimate requests through but the attack traffic stopped. Third, CALD may divide the security modules away from the Web servers. As a result, it keeps maximum performance on the kernel web services, regardless of the harassment from DDoS. In the experiments, the records from www.sina.com and www.taobao.com have proved the value of CALD
Harnessing the power of BitTorrent for distributed denial-of-service attacks
BitTorrent is a popular peer-to-peer (P2P) file-sharing protocol that utilizes a central server, known as a \u27tracker\u27, to coordinate connections between peers in a \u27swarm\u27, a term used to describe a Bit Torrent ad-hoc file sharing network. The tracker of a swarm is specified by the original file distributor and trusted unconditionally by peers in the swarm. This central point of control provides an opportunity for a file distributor to deploy a modified tracker to provide peers in a swarm with malicious coordination data, directing peer connection traffic toward an arbitrary target machine on an arbitrary service port. Although such an attack does not generate huge amount of attack traffic, it would set up many connections with the victim server successfully, which could cause serious denial-of-service by exhausting the victim server\u27s connection resource. In this paper, we present and demonstrate such an attack that is entirely tracker-based, requiring no modifications to Bit Torrent client software and could be deployed by an attacker right now. The results from both emulation and real-world experiments show the applicability of this attack. Due to the skyrocketing popularity of Bit Torrent and numerous large-scale swarms existed in the Internet, Bit Torrent swarms provide an intriguing platform for launching distributed denial-of-service (DDoS) attacks based on connection exhaustion. Copyright (C) 2010 John Wiley & Sons, Ltd
ShutUp: End-to-End Containment of Unwanted Traffic
While the majority of Denial-of-Service (DoS) defense proposals
assume a purely infrastructure-based architecture, some recent
proposals suggest that the attacking endhost may be enlisted
as part of the solution, through tamper-proof software,
network-imposed incentives, or user altruism. While intriguing,
these proposals ultimately raise the deployment bar by requiring
both the infrastructure and endhosts to cooperate. In this
paper, we explore the design of a pure end-to-end architecture
based on tamper-proof endhost software implemented for instance
with trusted platforms and virtual machines. We present
the design of a ?Shutup Service?, whereby the recipient of unwanted
traffic can ask the sender to slowdown or stop. We show
that this service is effective in stopping DoS attacks, and in significantly
slowing down other types of unwanted traffic such as
worms. The Shutup service is incrementally deployable with
buy-in from OS or antivirus vendors, requiring only minimal
changes to the endhost software stack and no changes to the protocol
stack. We show through experimentation that the service
is effective and has little impact on legitimate traffic