233 research outputs found
Preventing DDoS using Bloom Filter: A Survey
Distributed Denial-of-Service (DDoS) is a menace for service provider and
prominent issue in network security. Defeating or defending the DDoS is a prime
challenge. DDoS make a service unavailable for a certain time. This phenomenon
harms the service providers, and hence, loss of business revenue. Therefore,
DDoS is a grand challenge to defeat. There are numerous mechanism to defend
DDoS, however, this paper surveys the deployment of Bloom Filter in defending a
DDoS attack. The Bloom Filter is a probabilistic data structure for membership
query that returns either true or false. Bloom Filter uses tiny memory to store
information of large data. Therefore, packet information is stored in Bloom
Filter to defend and defeat DDoS. This paper presents a survey on DDoS
defending technique using Bloom Filter.Comment: 9 pages, 1 figure. This article is accepted for publication in EAI
Endorsed Transactions on Scalable Information System
FAIR: Forwarding Accountability for Internet Reputability
This paper presents FAIR, a forwarding accountability mechanism that
incentivizes ISPs to apply stricter security policies to their customers. The
Autonomous System (AS) of the receiver specifies a traffic profile that the
sender AS must adhere to. Transit ASes on the path mark packets. In case of
traffic profile violations, the marked packets are used as a proof of
misbehavior.
FAIR introduces low bandwidth overhead and requires no per-packet and no
per-flow state for forwarding. We describe integration with IP and demonstrate
a software switch running on commodity hardware that can switch packets at a
line rate of 120 Gbps, and can forward 140M minimum-sized packets per second,
limited by the hardware I/O subsystem.
Moreover, this paper proposes a "suspicious bit" for packet headers - an
application that builds on top of FAIR's proofs of misbehavior and flags
packets to warn other entities in the network.Comment: 16 pages, 12 figure
Flooding Distributed Denial of Service Attacks-A Review
Flaws either in users’ implementation of a network or in the standard
specification of protocols has resulted in gaps that allow various kinds of network attack to be
launched. Of the kinds of network attacks, denial-of-service flood attacks have caused the most severe
impact. Approach: This study reviews recent researches on flood attacks and their mitigation,
classifying such attacks as either high-rate flood or low-rate flood. Finally, the attacks are compared
against criteria related to their characteristics, methods and impacts. Results: Denial-of-service flood
attacks vary in their rates, traffic, targets, goals and impacts. However, they have general similarities
that are the methods used are flooding and the main purpose is to achieve denial of service to the
target. Conclusion/Recommendations: Mitigation of the denial-of-service flood attacks must
correspond to the attack rates, traffic, targets, goals and impacts in order to achieve effective solution
Flooding Distributed Denial of Service Attacks-A Review
Problem statement: Flaws either in users’ implementation of a network or in the standard specification of protocols has resulted in gaps that allow various kinds of network attack to be launched. Of the kinds of network attacks, denial-of service flood attacks have caused the most severe impact. Approach: This study reviews recent researches on flood attacks and their mitigation, classifying such attacks as either high-rate flood or low-rate flood. Finally, the attacks are compared against criteria related to their characteristics, methods and impacts. Results: Denial-of service flood attacks vary in their rates, traffic, targets, goals and impacts. However, they have general similarities that are the methods used are flooding and the main purpose is to achieve denial of service to the target. Conclusion/Recommendations: Mitigation of the denial-of service flood attacks must correspond to the attack rates, traffic, targets, goals and impacts in order to achieve effective solution
Detailed Review on The Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs) and Defense Strategies
The development of Software Defined Networking (SDN) has altered the landscape of computer networking in recent years. Its scalable architecture has become a blueprint for the design of several advanced future networks. To achieve improve and efficient monitoring, control and management capabilities of the network, software defined networks differentiate or decouple the control logic from the data forwarding plane. As a result, logical control is centralized solely in the controller. Due to the centralized nature, SDNs are exposed to several vulnerabilities such as Spoofing, Flooding, and primarily Denial of Service (DoS) and Distributed Denial of Service (DDoS) among other attacks. In effect, the performance of SDN degrades based on these attacks. This paper presents a comprehensive review of several DoS and DDoS defense/mitigation strategies and classifies them into distinct classes with regards to the methodologies employed. Furthermore, suggestions were made to enhance current mitigation strategies accordingly
- …