Entropy-based collaborative detection of DDOS attacks on community networks

A community network often operates with the same Internet service provider domain or the virtual network of different entities who are cooperating with each other. In such a federated network environment, routers can work closely to raise early warning of DDoS attacks to void catastrophic damages. However, the attackers simulate the normal network behaviors, e.g. pumping the attack packages as poisson distribution, to disable detection algorithms. It is an open question: how to discriminate DDoS attacks from surge legitimate accessing. We noticed that the attackers use the same mathematical functions to control the speed of attack package pumping to the victim. Based on this observation, the different attack flows of a DDoS attack share the same regularities, which is different from the real surging accessing in a short time period. We apply information theory parameter, entropy rate, to discriminate the DDoS attack from the surge legitimate accessing. We proved the effectiveness of our method in theory, and the simulations are the work in the near future. We also point out the future directions that worth to explore in the future.<br /

Performing integrated system tests using malicious component insertion

AbstractIn this paper, a testing method suitable for strengthening fault tolerance in the event of unexpected situations within a software system is presented. It is based on the idea of testing an integrated system, by substituting system components with other, similar in design and functionality that operate in an erroneous and even malicious manner. The approach adopted, is similar to the concept of inserting a virus within an organization so that the defense mechanisms of the latter can be tested and the necessary lines of defense are formed, so that the virus cannot affect any of the organization critical parts. The focal point is to ensure that in case of a module malfunction, the integrated system will continue to operate, isolating the malfunctioning software at the greatest possible extend, preventing the erroneous behavior from affecting other (and sometimes critical) modules. The testing method proposed is based first on isolated components testing adopting and enhancing the Component Off The Self method, and second on integrated system testing using malicious components that emulate erroneous operation