"LUDO" - Kids playing Distributed Denial of Service

Distributed denial of service attacks pose a serious threat to the availability of the network infrastructures and services. GE̿ANT, the pan-European network with terabit capacities witnesses close to hundreds of DDoS attacks on a daily basis. The reason is that DDoS attacks are getting larger, more sophisticated and frequent. At the same time, it has never been easier to execute DDoS attacks, e.g., Booter services offer paying customers without any technical knowledge the possibility to perform DDoS attacks as a service. Given the increasing size, frequency and complexity of DDoS attacks, there is a need to perform a collaborative mitigation. Therefore, we developed (i) a DDoSDB to share real attack data and allow collaborators to query, compare, and download attacks, (ii) the Security attack experimentation framework to test mitigation and response capabilities and (iii) a collaborative mitigation and response process among trusted partners to disseminate security event information. In addition to these developments, we present and would like to discuss our latest research results with experienced networking operators and bridging the gap between academic research and operational business

Investigational Analysis of Security Measures Effectiveness in Cloud Computing: A Study

In the modern era of business operation, the technical adoption of cloud services are high on rise by the large scale to small scale business establishment on various products and services. Needless to say that with the rise of adoption also gives birth to security concerns as cloud runs on common internet which are also used by trillions of internet-users. There are various means by which introducing a malicious program inside the cloud is not that complicated task for attacker. The various services providers as well as past researcher have introduced some of the potential security features which is claimed to be highly effective. However, accomplishing fail-proof security systems in cloud is never witnessed nor reported by any user or researcher, which clearly specifies that security problems do persist and are on exponential rise. Therefore, this paper discusses about the security issues in cloud supported by brief description of standard security models currently available in cloud. With extensive literatures on the existing security solutions, a significant research gap is explored in robust authentication system in cloud services. Keywords-component; Security, Cloud Computing,attacks, security model

Forwarding loop attacks and counter measures in content centric networks

Content Centric Networking(CCN) is a novel networking approach that aims at overcoming some of the limitations of the current Internet. In particular, CCN aims at providing better security and privacy by focusing on the data rather than on the location of data. However, this new networking concept opens up avenues for launching several new types of attacks including the “Forwarding Loop attacks”. This paper describes how malicious customers can attack the availability of Content Centric Networks (CCNs) by creating forwarding loops. These loops cause one request to be processed repeatedly or even indefinitely, resulting in unwanted resource consumption and potential Denial-of-Service attacks. Next, we propose detection and mitigation techniques that will allow routers to identify and prevent the formation of such loops. To evaluate the practicality of such forwarding-loop attacks, we use the popular CCN simulation software, ndnSIM to simulate the occurrences of the loops and show how they can affect the overall service of the network

Common Mechanism for Detecting Multiple DDoS Attacks

An important principle of an internet-based system is information security. Information security is a very important aspect of distributed systems and IoT (Internet of Things) based wireless systems. The attack which is more harmful to the distributed system and IoT-based wireless system is a DDoS (Distributed Denial of Service) attack since in this attack, an attacker can stop the work of all other connected devices or users to the network. For securing distributed applications, various intrusion detection mechanisms are used. But most existing mechanisms are only concentrated on one kind of DDoS attack. This paper focuses on the basic architecture of IoT systems and an overview of single intrusion detection systems. This paper presents a single detection method for different DDoS attacks on distributed systems with an IoT interface. In the future, the system will provide support for detecting and preventing different DDoS attacks in IoT-based systems

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies