3,703 research outputs found
A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks
Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack. © 1998-2012 IEEE
Packet filter performance monitor (anti-DDOS algorithm for hybrid topologies)
DDoS attacks are increasingly becoming a major problem. According to Arbor Networks, the largest DDoS attack reported by a respondent in 2015 was 500 Gbps. Hacker News stated that the largest DDoS attack as of March 2016 was over 600 Gbps, and the attack targeted the entire BBC website.
With this increasing frequency and threat, and the average DDoS attack duration at about 16 hours, we know for certain that DDoS attacks will not be going away anytime soon. Commercial companies are not effectively providing mitigation techniques against these attacks, considering that major corporations face the same challenges. Current security appliances are not strong enough to handle the overwhelming traffic that accompanies current DDoS attacks. There is also a limited research on solutions to mitigate DDoS attacks. Therefore, there is a need for a means of mitigating DDoS attacks in order to minimize downtime. One possible solution is for organizations to implement their own architectures that are meant to mitigate DDoS attacks.
In this dissertation, we present and implement an architecture that utilizes an activity monitor to change the states of firewalls based on their performance in a hybrid network. Both firewalls are connected inline. The monitor is mirrored to monitor the firewall states. The monitor reroutes traffic when one of the firewalls become overwhelmed due to a HTTP DDoS flooding attack. The monitor connects to the API of both firewalls. The communication between the rewalls and monitor is encrypted using AES, based on PyCrypto Python implementation.
This dissertation is structured in three parts. The first found the weakness of the hardware firewall and determined its threshold based on spike and endurance tests. This was achieved by flooding the hardware firewall with HTTP packets until the firewall became overwhelmed and unresponsive. The second part implements the same test as the first, but targeted towards the virtual firewall. The same parameters, test factors, and determinants were used; however a different load tester was utilized. The final part was the implementation and design of the firewall performance monitor. The main goal of the dissertation is to minimize downtime when network firewalls are overwhelmed as a result of a DDoS attack
Autonomous Threat Hunting: A Future Paradigm for AI-Driven Threat Intelligence
The evolution of cybersecurity has spurred the emergence of autonomous threat
hunting as a pivotal paradigm in the realm of AI-driven threat intelligence.
This review navigates through the intricate landscape of autonomous threat
hunting, exploring its significance and pivotal role in fortifying cyber
defense mechanisms. Delving into the amalgamation of artificial intelligence
(AI) and traditional threat intelligence methodologies, this paper delineates
the necessity and evolution of autonomous approaches in combating contemporary
cyber threats. Through a comprehensive exploration of foundational AI-driven
threat intelligence, the review accentuates the transformative influence of AI
and machine learning on conventional threat intelligence practices. It
elucidates the conceptual framework underpinning autonomous threat hunting,
spotlighting its components, and the seamless integration of AI algorithms
within threat hunting processes.. Insightful discussions on challenges
encompassing scalability, interpretability, and ethical considerations in
AI-driven models enrich the discourse. Moreover, through illuminating case
studies and evaluations, this paper showcases real-world implementations,
underscoring success stories and lessons learned by organizations adopting
AI-driven threat intelligence. In conclusion, this review consolidates key
insights, emphasizing the substantial implications of autonomous threat hunting
for the future of cybersecurity. It underscores the significance of continual
research and collaborative efforts in harnessing the potential of AI-driven
approaches to fortify cyber defenses against evolving threats
- …