A New Approach for DDoS attacks to discriminate the attack level and provide security for DDoS nodes in MANET

Mobile Ad Hoc Networks (MANETs) enable versatile hosts to frame a correspondence arrange without a prefixed framework. In military applications portable specially appointed system assumes essential part since it is particularly planned network for on request necessity and in circumstances where set up of physical network isn't conceivable. Despite the fact that it gives high adaptability, it likewise conveys more difficulties for MANETs to battle against malicious assaults. In any case, the property of mobility and excess additionally motivates new plans to outline safeguard procedure. In this paper, we propose a procedure to relieve DDoS assaults in MANETs. Expect that a malicious attacker ordinarily targets particular victims. The attacker will surrender if the assault neglected to accomplish the coveted objectives after a specific length of assaulting time. In our assurance system, we exploit high excess and select a protection node. Once a DDoS attack has been identified, the suspicious movement will be diverted to the protection node. The victim will work typically, and it is sensible to expect that the attacker will stop the trivial endeavors. Through escalated recreation test utilizing NS-2, we have confirmed the viability of our approach and assessed the cost and overhead of the framework

Naïve Bayes Classifier to Mitigate the DDoS Attacks Severity in Ad-Hoc Networks

Ad-Hoc networks are becoming more popular due to their unique characteristics. As there is no centralized control, these networks are more vulnerable to various attacks, out of which Distributed Denial of Service (DDoS) attacks are considered as more severe attacks. DDoS attack detection and mitigation is still a challenging issue in Ad-Hoc Networks. The existing solutions consider the fixed or dynamic threshold value to detect the DDoS attacks without any trained data, and very few existing solutions use machine learning algorithms to detect these attacks. However, existing solutions are inefficient to handle when DDoS attackers’ perform this attack through bursty traffic, packet size, and fake packets flooding. We have proposed DDoS attack severity mitigation solution. Out DDoS mitigation solution consists of new network node authentication module and naïve bayes classifier module to detect and isolate the DDoS attack traffic patterns. Our simulation results show that naïve bayes DDoS attack traffic classification out performs in the hostile environment and secure the legitimate traffic from DDoS attack

Towards DoS attack prevention based on clustering architecture in mobile IP communication

Mobile IP communication, like wired communication and mobile ad hoc networking, is vulnerable to Denial-of-Service (DoS) attacks. In this paper, we propose using a lightweight packet filtering technique in different domains and base stations to reduce/eliminate the threat of DoS attacks on mobile IP networks. The proposed technique will be able to detect and filter out any suspected packets containing spoofed IP address created by DoS attackers. The results of our experiments indicate that our proposed technique can significantly reduce the effect of DoS attacks and improves performance of mobile IP communication

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies

Spectrum sharing security and attacks in CRNs: a review

Cognitive Radio plays a major part in communication technology by resolving the shortage of the spectrum through usage of dynamic spectrum access and artificial intelligence characteristics. The element of spectrum sharing in cognitive radio is a fundament al approach in utilising free channels. Cooperatively communicating cognitive radio devices use the common control channel of the cognitive radio medium access control to achieve spectrum sharing. Thus, the common control channel and consequently spectrum sharing security are vital to ensuring security in the subsequent data communication among cognitive radio nodes. In addition to well known security problems in wireless networks, cognitive radio networks introduce new classes of security threats and challenges, such as licensed user emulation attacks in spectrum sensing and misbehaviours in the common control channel transactions, which degrade the overall network operation and performance. This review paper briefly presents the known threats and attacks in wireless networks before it looks into the concept of cognitive radio and its main functionality. The paper then mainly focuses on spectrum sharing security and its related challenges. Since spectrum sharing is enabled through usage of the common control channel, more attention is paid to the security of the common control channel by looking into its security threats as well as protection and detection mechanisms. Finally, the pros and cons as well as the comparisons of different CR - specific security mechanisms are presented with some open research issues and challenges

A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks

Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack. © 1998-2012 IEEE