DDoS-Capable IoT Malwares: comparative analysis and Mirai Investigation

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far

Defense Against Distributed Denial of Service Attacks in Computer Networks

Tohoku University亀山充隆課

Flow-oriented anomaly-based detection of denial of service attacks with flow-control-assisted mitigation

Flooding-based distributed denial-of-service (DDoS) attacks present a serious and major threat to the targeted enterprises and hosts. Current protection technologies are still largely inadequate in mitigating such attacks, especially if they are large-scale. In this doctoral dissertation, the Computer Network Management and Control System (CNMCS) is proposed and investigated; it consists of the Flow-based Network Intrusion Detection System (FNIDS), the Flow-based Congestion Control (FCC) System, and the Server Bandwidth Management System (SBMS). These components form a composite defense system intended to protect against DDoS flooding attacks. The system as a whole adopts a flow-oriented and anomaly-based approach to the detection of these attacks, as well as a control-theoretic approach to adjust the flow rate of every link to sustain the high priority flow-rates at their desired level. The results showed that the misclassification rates of FNIDS are low, less than 0.1%, for the investigated DDOS attacks, while the fine-grained service differentiation and resource isolation provided within the FCC comprise a novel and powerful built-in protection mechanism that helps mitigate DDoS attacks

DoS and DDoS Attacks: Defense, Detection and Traceback Mechanisms - A Survey

Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks are typically explicit attempts to exhaust victim2019;s bandwidth or disrupt legitimate users2019; access to services. Traditional architecture of internet is vulnerable to DDoS attacks and it provides an opportunity to an attacker to gain access to a large number of compromised computers by exploiting their vulnerabilities to set up attack networks or Botnets. Once attack network or Botnet has been set up, an attacker invokes a large-scale, coordinated attack against one or more targets. Asa result of the continuous evolution of new attacks and ever-increasing range of vulnerable hosts on the internet, many DDoS attack Detection, Prevention and Traceback mechanisms have been proposed, In this paper, we tend to surveyed different types of attacks and techniques of DDoS attacks and their countermeasures. The significance of this paper is that the coverage of many aspects of countering DDoS attacks including detection, defence and mitigation, traceback approaches, open issues and research challenges

Validating User Flows to Protect Software Defined Network Environments

Software Defined Network is a promising network paradigm which has led to several security threats in SDN applications that involve user flows, switches, and controllers in the network. Threats as spoofing, tampering, information disclosure, Denial of Service, flow table overloading, and so on have been addressed by many researchers. In this paper, we present novel SDN design to solve three security threats: flow table overloading is solved by constructing a star topology-based architecture, unsupervised hashing method mitigates link spoofing attack, and fuzzy classifier combined with L1-ELM running on a neural network for isolating anomaly packets from normal packets. For effective flow migration Discrete-Time Finite-State Markov Chain model is applied. Extensive simulations using OMNeT++ demonstrate the performance of our proposed approach, which is better at preserving holding time than are other state-of-the-art works from the literature

REDESIGNING THE COUNTER UNMANNED SYSTEMS ARCHITECTURE

Includes supplementary material. Please contact [email protected] for access.When the Islamic State used Unmanned Aerial Vehicles (UAV) to target coalition forces in 2014, the use of UAVs rapidly expanded, giving weak states and non-state actors an asymmetric advantage over their technologically superior foes. This asymmetry led the Department of Defense (DOD) and the Department of Homeland Security (DHS) to spend vast sums of money on counter-unmanned aircraft systems (C-UAS). Despite the market density, many C-UAS technologies use expensive, bulky, and high-power-consuming electronic attack methods for ground-to-air interdiction. This thesis outlines the current technology used for C-UAS and proposes a defense-in-depth framework using airborne C-UAS patrols outfitted with cyber-attack capabilities. Using aerial interdiction, this thesis develops a novel C-UAS device called the Detachable Drone Hijacker—a low-size, weight, and power C-UAS device designed to deliver cyber-attacks against commercial UAVs using the IEEE 802.11 wireless communication specification. The experimentation results show that the Detachable Drone Hijacker, which weighs 400 grams, consumes one Watt of power, and costs $250, can interdict adversarial UAVs with no unintended collateral damage. This thesis recommends that the DOD and DHS incorporates aerial interdiction to support its C-UAS defense-in-depth, using technologies similar to the Detachable Drone Hijacker.DASN-OE, Washington DC, 20310Captain, United States Marine CorpsApproved for public release. Distribution is unlimited