A Defense Framework Against Denial-of-Service in Computer Networks

Denial-of-Service (DoS) is a computer security problem that poses a serious challenge totrustworthiness of services deployed over computer networks. The aim of DoS attacks isto make services unavailable to legitimate users, and current network architectures alloweasy-to-launch, hard-to-stop DoS attacks. Particularly challenging are the service-level DoSattacks, whereby the victim service is flooded with legitimate-like requests, and the jammingattack, in which wireless communication is blocked by malicious radio interference. Theseattacks are overwhelming even for massively-resourced services, and effective and efficientdefenses are highly needed. This work contributes a novel defense framework, which I call dodging, against service-level DoS and wireless jamming. Dodging has two components: (1) the careful assignment ofservers to clients to achieve accurate and quick identification of service-level DoS attackersand (2) the continuous and unpredictable-to-attackers reconfiguration of the client-serverassignment and the radio-channel mapping to withstand service-level and jamming DoSattacks. Dodging creates hard-to-evade baits, or traps, and dilutes the attack "fire power".The traps identify the attackers when they violate the mapping function and even when theyattack while correctly following the mapping function. Moreover, dodging keeps attackers"in the dark", trying to follow the unpredictably changing mapping. They may hit a fewtimes but lose "precious" time before they are identified and stopped. Three dodging-based DoS defense algorithms are developed in this work. They are moreresource-efficient than state-of-the-art DoS detection and mitigation techniques. Honeybees combines channel hopping and error-correcting codes to achieve bandwidth-efficientand energy-efficient mitigation of jamming in multi-radio networks. In roaming honeypots, dodging enables the camouflaging of honeypots, or trap machines, as real servers,making it hard for attackers to locate and avoid the traps. Furthermore, shuffling requestsover servers opens up windows of opportunity, during which legitimate requests are serviced.Live baiting, efficiently identifies service-level DoS attackers by employing results fromthe group-testing theory, discovering defective members in a population using the minimumnumber of tests. The cost and benefit of the dodging algorithms are analyzed theoretically,in simulation, and using prototype experiments

Defense Against Distributed Denial of Service Attacks in Computer Networks

Tohoku University亀山充隆課

The Security of IP-based Video Surveillance Systems

IP-based Surveillance systems protect industrial facilities, railways, gas stations, and even one's own home. Therefore, unauthorized access to these systems has serious security implications. In this survey, we analyze the system's (1) threat agents, (2) attack goals, (3) practical attacks, (4) possible attack outcomes, and (5) provide example attack vectors

SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets

The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats

Mobile Firewall System For Distributed Denial Of Service Defense In Internet Of Things Networks

Internet of Things (IoT) has seen unprecedented growth in the consumer space over the past ten years. The majority of IoT device manufacturers do not, however, build their products with cybersecurity in mind. The goal of the mobile firewall system is to move mitigation of network-diffused attacks closer to their source. Attack detection and mitigation is enforced using a machine that physically traverses the area. This machine uses a suite of security tools to protect the network. Our system provides advantages over current network attack mitigation techniques. Mobile firewalls can be deployed when there is no access to the network gateway or when no gateway exists, such as in IoT mesh networks. The focus of this thesis is to refine an explicit implementation for the mobile firewall system and evaluate its effectiveness. Evaluation of the mobile firewall system is analyzed using three simulated distributed denial of service case studies. Mobility is shown to be a great benefit when defending against physically distant attackers – the system takes no more than 131 seconds to fully nullify a worst-case attack

The InfoSec Handbook

Computer scienc