Measuring internet activity: a (selective) review of methods and metrics

Two Decades after the birth of the World Wide Web, more than two billion people around the world are Internet users. The digital landscape is littered with hints that the affordances of digital communications are being leveraged to transform life in profound and important ways. The reach and influence of digitally mediated activity grow by the day and touch upon all aspects of life, from health, education, and commerce to religion and governance. This trend demands that we seek answers to the biggest questions about how digitally mediated communication changes society and the role of different policies in helping or hindering the beneficial aspects of these changes. Yet despite the profusion of data the digital age has brought upon us—we now have access to a flood of information about the movements, relationships, purchasing decisions, interests, and intimate thoughts of people around the world—the distance between the great questions of the digital age and our understanding of the impact of digital communications on society remains large. A number of ongoing policy questions have emerged that beg for better empirical data and analyses upon which to base wider and more insightful perspectives on the mechanics of social, economic, and political life online. This paper seeks to describe the conceptual and practical impediments to measuring and understanding digital activity and highlights a sample of the many efforts to fill the gap between our incomplete understanding of digital life and the formidable policy questions related to developing a vibrant and healthy Internet that serves the public interest and contributes to human wellbeing. Our primary focus is on efforts to measure Internet activity, as we believe obtaining robust, accurate data is a necessary and valuable first step that will lead us closer to answering the vitally important questions of the digital realm. Even this step is challenging: the Internet is difficult to measure and monitor, and there is no simple aggregate measure of Internet activity—no GDP, no HDI. In the following section we present a framework for assessing efforts to document digital activity. The next three sections offer a summary and description of many of the ongoing projects that document digital activity, with two final sections devoted to discussion and conclusions

CALD : surviving various application-layer DDoS attacks that mimic flash crowd

Distributed denial of service (DDoS) attack is a continuous critical threat to the Internet. Derived from the low layers, new application-layer-based DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. The case may be more serious when suchattacks mimic or occur during the flash crowd event of a popular Website. In this paper, we present the design and implementation of CALD, an architectural extension to protect Web servers against various DDoS attacks that masquerade as flash crowds. CALD provides real-time detection using mess tests but is different from other systems that use resembling methods. First, CALD uses a front-end sensor to monitor thetraffic that may contain various DDoS attacks or flash crowds. Intense pulse in the traffic means possible existence of anomalies because this is the basic property of DDoS attacks and flash crowds. Once abnormal traffic is identified, the sensor sends ATTENTION signal to activate the attack detection module. Second, CALD dynamically records the average frequency of each source IP and check the total mess extent. Theoretically, the mess extent of DDoS attacks is larger than the one of flash crowds. Thus, with some parameters from the attack detection module, the filter is capable of letting the legitimate requests through but the attack traffic stopped. Third, CALD may divide the security modules away from the Web servers. As a result, it keeps maximum performance on the kernel web services, regardless of the harassment from DDoS. In the experiments, the records from www.sina.com and www.taobao.com have proved the value of CALD

A Study of Very Short Intermittent DDoS Attacks on the Performance of Web Services in Clouds

Distributed Denial-of-Service (DDoS) attacks for web applications such as e-commerce are increasing in size, scale, and frequency. The emerging elastic cloud computing cannot defend against ever-evolving new types of DDoS attacks, since they exploit various newly discovered network or system vulnerabilities even in the cloud platform, bypassing not only the state-of-the-art defense mechanisms but also the elasticity mechanisms of cloud computing. In this dissertation, we focus on a new type of low-volume DDoS attack, Very Short Intermittent DDoS Attacks, which can hurt the performance of web applications deployed in the cloud via transiently saturating the critical bottleneck resource of the target systems by means of external attack HTTP requests outside the cloud or internal resource contention inside the cloud. We have explored external attacks by modeling the n-tier web applications with queuing network theory and implementing the attacking framework based-on feedback control theory. We have explored internal attacks by investigating and exploiting resource contention and performance interference to locate a target VM (virtual machine) and degrade its performance

On the Efficacy of Live DDoS Detection with Hadoop

Distributed Denial of Service flooding attacks are one of the biggest challenges to the availability of online services today. These DDoS attacks overwhelm the victim with huge volume of traffic and render it incapable of performing normal communication or crashes it completely. If there are delays in detecting the flooding attacks, nothing much can be done except to manually disconnect the victim and fix the problem. With the rapid increase of DDoS volume and frequency, the current DDoS detection technologies are challenged to deal with huge attack volume in reasonable and affordable response time. In this paper, we propose HADEC, a Hadoop based Live DDoS Detection framework to tackle efficient analysis of flooding attacks by harnessing MapReduce and HDFS. We implemented a counter-based DDoS detection algorithm for four major flooding attacks (TCP-SYN, HTTP GET, UDP and ICMP) in MapReduce, consisting of map and reduce functions. We deployed a testbed to evaluate the performance of HADEC framework for live DDoS detection. Based on the experiments we showed that HADEC is capable of processing and detecting DDoS attacks in affordable time

Distributed Denial of Service Attack Detection

Distributed Denial of Service (DDoS) attacks on web applications has been a persistent threat. Successful attacks can lead to inaccessible service to legitimate users in time and loss of business reputation. Most research effort on DDoS focused on network layer attacks. Existing approaches on application layer DDoS attack mitigation have limitations such as the lack of detection ability for low rate DDoS and not being able to detect attacks targeting resource files. In this work, we propose DDoS attack detection using concepts from information retrieval and machine learning. We include two popular concepts from information retrieval: Term Frequency (TF)-Inverse Document Frequency (IDF) and Latent Semantic Indexing (LSI). We analyzed web server log data generated in a distributed environment. Our evaluation results indicate that while all the approaches can detect various ranges of attacks, information retrieval approaches can identify attacks ongoing in a given session. All the approaches can detect three well known application level DDoS attacks (trivial, intermediate, advanced). Further, these approaches can enable an administrator identifying new pattern of DDoS attacks

Torrent Poisoning Protection with a Reverse Proxy Server

A Distributed Denial-of-Service attack uses multiple sources operating in concert to attack a network or site. A typical DDoS flood attack on a website targets a web server with multiple valid requests, exhausting the server’s resources. The participants in this attack are usually compromised/infected computers controlled by the attackers. There are several variations of this kind of attack, and torrent index poisoning is one. A Distributed Denial-of-Service (DDoS) attack using torrent poisoning, more specifically using index poisoning, is one of the most effective and disruptive types of attacks. These web flooding attacks originate from BitTorrent-based file-sharing communities, where the participants using the BitTorrent applications cannot detect their involvement. The antivirus and other tools cannot detect the altered torrent file, making the BitTorrent client target the webserver. The use of reverse proxy servers can block this type of request from reaching the web server, preventing the severity and impact on the service of the DDoS. In this paper, we analyze a torrent index poisoning DDoS to a higher education institution, the impact on the network systems and servers, and the mitigation measures implemented.info:eu-repo/semantics/publishedVersio

Investigation of Afghanistan network infrastructure for cyber security

06.03.2018 tarihli ve 30352 sayılı Resmi Gazetede yayımlanan “Yükseköğretim Kanunu İle Bazı Kanun Ve Kanun Hükmünde Kararnamelerde Değişiklik Yapılması Hakkında Kanun” ile 18.06.2018 tarihli “Lisansüstü Tezlerin Elektronik Ortamda Toplanması, Düzenlenmesi ve Erişime Açılmasına İlişkin Yönerge” gereğince tam metin erişime açılmıştır.Anahtar Kelimeler: Siber güvenlik, siber saldırılar, siber savaşlar, güvenlik açığı, gizlilik, bütünlük, ağ altyapısı, iletişim ve bilgi sistemleri. Global endüstriler büyük ölçüde bilgi ve veri güvenliğine yatırım yapıyor. Sanal iletişim zamanında, herhangi bir topolojisinde, öncelikle geçerlik ve güvenliği garanti altına almalı. Aksi takdirde bu tür iletişim karmaşık sorunlara ve kaynakların ağlar üzerinde zarar görmesine neden olur. Halbuki iletişim sistemleri savunmasızdır, Ülkenin bilgi bütünlüğüne, gizliliğine ve kullanılabilirliğine güvenmesi, siber güvenliğinin yetersizliğinden tam tersidir. Aslında, iletişim sistemleri veya internet öncelikle odaklı veya insan zihnindeki güvenlikle tasarlanmamıştır. Diğer bir deyişle, çok sayıda ağ bileşeninin koordinasyonu, öncelikle hava-arayüzü üzerinden kurulan veya ağ üzerinden önceden tanımlanmış protokoller altında fiziksel olarak entegre edilmiş güvenli bir bağlantıya ihtiyaç duyar. Ayrıca, bir hükümetin gerçekleştirme sorumluluğundan biri, siber ortamda ya da gerçekçi saldırı ve tehditlerle mücadele etmek için bir caydırma ekibi ya da teşkilatı oluşturmaktır. Modern iletişim sistemlerinde, siber saldırılar casusluk açısından gittikçe artmaktadır ve bilgi sistemlerine ciddi zarar vermek suretiyle siber alanın geleceğinde büyük bir sorun çıkarmaktadır. Öte yandan, Afganistan hükümeti, herhangi bir dışa bağımlı siber saldırılara karşı iyi tanımlanmış bir stratejiye sahip değilken, casusluktan sorumlu olan ve Afganistan'daki siber alanda katastrofik sorunlar çıkaran ülkelerden aktarılan değiştirilebilir verilerin büyük bir çoğunluğu bulunmaktadır. Bu sorunlar dikkate alındığında, bu çalışma Afganistan'da siber saldırılar ve siber istismar, bilgi güvenliği ile ilgili zorluklar, siber saldırıların mevcut Afganistan ağ altyapıları üzerindeki etkileri ve analizleri de dahil olmak üzere siber tehditlerle ilgilidir. Siberayla ilgili belirgin ve belirgin olmayan siber saldırılar için bir şekilde çözümün yanı sıra, mevcut ve gelecekteki siber krizin, modellerin ve simülasyon özelliklerinin bu raporun kısmen bir bölümünde analizi tanımlanmıştır. Bununla birlikte, güvenlik açısından Afganistan'ın mevcut siber durumuna, yaygın gelecekteki siber güvenlik ve siber güvenlik zorluklarına ilişkin sorunlar da bu raporda gösterilmektedir.Global industries are investing heavily in information and data security. At the time of virtual communication under any types of topologies, firstly, the validity and security must be guaranteed. Otherwise, such communication cause complex problems and resources damage over the networks. However, communication systems are vulnerable, the nation's reliance on the integrities, confidentialities, and availabilities of information stand in stark contrast to the inadequacy of their cybersecurity. In fact, communication systems or internet was not primarily designed with security in oriented or human minds. On the other word, coordinating of huge numbers of network components, first of all, need to a secure connection, either such connection established via air-interface or integrated physically under predefined protocols over the network. Additionally, one of the accomplishment responsibility of a government is creating a deterrence team or military to combat any types of attack and threat either on cyberspace or on realistic. In modern communication systems cyber-attacks becoming increasingly in terms of espionage, and it would make a big challenge in the future of cyberspace by causing serious damage to information systems. From the other hand, the government of Afghanistan does not have a well-defined strategy against any types of outsider cyberattacks while the huge amount of the exchangeable data transferring from the countries who are in charge of espionage and attempt to make catastrophic problems on Afghanistan's cyberspace. In consideration to these issues, this study concerned in Afghanistan's cyber-threats including cyber-attacks and cyber-exploit, information security challenges, analysis and effects of cyber-attacks on current Afghanistan network infrastructures. Definition of somewhat solution for distinctive and non-distinctive cyber-attacks over cyberspace, as well as the analysis of current and future cyberspace crisis, models and simulations aspect in some partial part of this report, has been also covered. However, current cyberspace status of Afghanistan in term of security, challenges of prevalent future cyber security and cyber security difficulties have also illustrated in this report