An autonomous router-based solution to detect and defend low rate DDoS attacks

Internet security was not a concern when the Internet was invented, but we cannot deny this fact anymore. Since all forms of businesses and communications are aligned to the Internet in one form or the other, the security of these assets (both infrastructure and content) is of prime importance. Some of the well known consequences of an attack include gaining access to a network, intellectual property thefts, and denial of service. This thesis focuses on countering flood-type attacks that result in denial of service to end users. A new classification of this denial of service attacks, known as the low rate denial of service, will be the crux of our discussion. The average rate of this attack is so low that most routers or victims fail to detect the attack. Thus far, no solution can counter the low rate attacks without degrading the normal performance of the Transmission Control Protocol. This work proposes a router-based solution to detect and defend low as well as high rate distributed denial of service attacks (DDoS). A per flow approach coupled with the Deterministic Packet Marking scheme is used to detect and block attack flows autonomously. The solution provides a rapid detection and recovery procedure during an attack

Analysis of Effects of BGP Black Hole Routing on a Network like the NIPRNET

The Department of Defense (DoD) relies heavily on the Non-secure Internet Protocol Router Network (NIPRNET) to exchange information freely between departments, services, bases, posts, and ships. The NIPRNET is vulnerable to various attacks, to include physical and cyber attacks. One of the most frequently used cyber attacks by criminally motivated hackers is a Distributed Denial of Service (DDoS) attack. DDoS attacks can be used to exhaust network bandwidth and router processing capabilities, and as a leveraging tool for extortion. Border Gateway Protocol (BGP) black hole routing is a responsive defensive network technique for mitigating DDoS attacks. BGP black hole routing directs traffic destined to an Internet address under attack to a null address, essentially stopping the DDoS attack by dropping all traffic to the targeted system. This research examines the ability of BGP black hole routing to effectively defend a network like the NIPRNET from a DDoS attack, as well as examining two different techniques for triggering BGP black hole routing during a DDoS attack. This thesis presents experiments with three different DDoS attack scenarios to determine the effectiveness of BGP black hole routing. Remote-triggered black hole routing is then compared against customer-triggered black hole routing to examine how well each technique reacts under a DDoS attack. The results from this study show BGP black hole routing to be highly successful. It also shows that remote-triggered black hole routing is much more effective than customer-triggered

Security of Electrical, Optical and Wireless On-Chip Interconnects: A Survey

The advancement of manufacturing technologies has enabled the integration of more intellectual property (IP) cores on the same system-on-chip (SoC). Scalable and high throughput on-chip communication architecture has become a vital component in today's SoCs. Diverse technologies such as electrical, wireless, optical, and hybrid are available for on-chip communication with different architectures supporting them. Security of the on-chip communication is crucial because exploiting any vulnerability would be a goldmine for an attacker. In this survey, we provide a comprehensive review of threat models, attacks, and countermeasures over diverse on-chip communication technologies as well as sophisticated architectures.Comment: 41 pages, 24 figures, 4 table