Packet Resonance Strategy: A Spoof Attack Detection and Prevention Mechanism in Cloud Computing Environment

Distributed Denial of Service (DDoS) is a major threat to server availability. The attackers hide from view by impersonating their IP addresses as the legitimate users. This Spoofed IP helps the attacker to pass through the authentication phase and to launch the attack. Surviving spoof detection techniques could not resolve different styles of attacks. Packet Resonance Strategy (PRS) armed to detect various types of spoof attacks that destruct the server resources or data theft at Datacenter. PRS ensembles to any Cloud Service Provider (CSP) as they are exclusively responsible for any data leakage and sensitive information hack. PRS uses two-level detection scheme, allows the clients to access Datacenter only when they surpass initial authentication at both levels. PRS provides faster data transmission and time sensitiveness of cloud computing tasks to the authenticated clients. Experimental results proved that the proposed methodology is a better light-weight solution and deployable at server-end

Development of Internet Protocol Traceback Scheme for Detection of Denial-of-Service Attack

To mitigate the challenges that Flash Event (FE) poses to IP-Traceback techniques, this paper presents an IP Traceback scheme for detecting the source of a DoS attack based on Shark Smell Optimization Algorithm (SSOA). The developed model uses a discrimination policy with the hop-by-hop search. Random network topologies were generated using the WaxMan model in NS2 for different simulations of DoS attacks. Discrimination policies used by SSOA-DoSTBK for the attack source detection in each case were set up based on the properties of the detected attack packets. SSOA-DoSTBK was compared with a number of IP Traceback schemes for DoS attack source detection in terms of their ability to discriminate FE traffics from attack traffics and the detection of the source of Spoofed IP attack packets. SSOA-DoSTBK IP traceback scheme outperformed ACS-IPTBK that it was benchmarked with by 31.8%, 32.06%, and 28.45% lower FER for DoS only, DoS with FE, and spoofed DoS with FE tests respectively, and 4.76%, 11.6%, and 5.2% higher performance in attack path detection for DoS only, DoS with FE, and Spoofed DoS with FE tests, respectively. However, ACS-IPTBK was faster than SSOA-DoSTBK by 0.4%, 0.78%, and 1.2% for DoS only, DoS with FE, and spoofed DoS with FE tests, respectively. Keywords: DoS Attacks Detection, Denial-of-Service, Internet Protocol, IP Traceback, Flash Event, Optimization Algorithm

A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks

Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack. © 1998-2012 IEEE

Implementing Flash Event Discrimination in IP Traceback using Shark Smell Optimisation Algorithm

 Denial of service attack and its variants are the largest ravaging network problems. They are used to cause damage to network by disrupting its services in order to harm a business or organization. Flash event is a network phenomenon that causes surge in normal network flow due to sudden increase in number of network users, To curtail the menace of the Denial of service attack it is pertinent to expose the perpetrator and take appropriate action against it. Internet protocol traceback is a network forensic tool that is used to identify source of an Internet protocol packet. Most of presently available Internet protocol traceback tools that are based on bio-inspired algorithm employ flow-based search method for tracing source of a Denial of service attack without facility to differentiate flash event from the attack. Surge in network due to flash event can mislead such a traceback tool that uses flow-based search. This work present a solution that uses hop-by-hop search with an incorporated discrimination policy implemented by shark smell optimization algorithm to differentiate the attack traffic from other traffics. It was tested on performance and convergence against an existing bio-inspired traceback tool that uses flow-base method and yielded outstanding results in all the test

Botnets and Distributed Denial of Service Attacks

With their ever increasing malicious capabilities and potential to infect a vast majority of computers on the Internet, botnets are emerging as the single biggest threat to Internet security. The aim of this project is to perform a detailed analysis of botnets and the vulnerabilities exploited by them to spread themselves and perform various malicious activities such as DDoS attacks. DDoS attacks are without doubt the most potent form of attacks carried out by botnets. In order to better understand this growing phenomenon and develop effective counter measures, it is necessary to be able to simulate DDoS attacks in a controlled environment. Simulating a DDoS attack with control over various simulation and attack parameters will give us insights into how attacks achieve stealth and avoid detection. A detailed analysis of existing DDoS defense strategies and proposals combined with the insights derived from simulation should enable us to come up with innovative and feasible solutions to prevent and mitigate DDoS attacks carried out using Botnet

Economic Denial of Sustainability Attacks Mitigation in the Cloud

Cyber security is one of the most attention seeking issues with the increasing advancement of technology specifically when the network availability is threaten by attacks such as Denial of Service attacks (DoS), Distributed DoS attacks (DDoS), and Economic Denial of Sustainability (EDoS). The loss of the availability and accessibility of cloud services have greater impacts than those in the traditional enterprises networks. This paper introduces a new technique to mitigate the impacts of attacks which is called Enhanced DDoS-Mitigation System (Enhanced DDoS-MS) that helps in overcoming the determined security gap. The proposed technique is evaluated experimentally and the result shows that the proposed method adds lower delays as a result of the enhanced security. The paper also suggests some future directions to improve the proposed framework