782 research outputs found
An autonomous router-based solution to detect and defend low rate DDoS attacks
Internet security was not a concern when the Internet was invented, but we cannot deny this fact anymore. Since all forms of businesses and communications are aligned to the Internet in one form or the other, the security of these assets (both infrastructure and content) is of prime importance. Some of the well known consequences of an attack include gaining access to a network, intellectual property thefts, and denial of service.
This thesis focuses on countering flood-type attacks that result in denial of service to end users. A new classification of this denial of service attacks, known as the low rate denial of service, will be the crux of our discussion. The average rate of this attack is so low that most routers or victims fail to detect the attack. Thus far, no solution can counter the low rate attacks without degrading the normal performance of the Transmission Control Protocol. This work proposes a router-based solution to detect and defend low as well as high rate distributed denial of service attacks (DDoS). A per flow approach coupled with the Deterministic Packet Marking scheme is used to detect and block attack flows autonomously. The solution provides a rapid detection and recovery procedure during an attack
A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack Detection
Enterprise networks that host valuable assets and services are popular and
frequent targets of distributed network attacks. In order to cope with the
ever-increasing threats, industrial and research communities develop systems
and methods to monitor the behaviors of their assets and protect them from
critical attacks. In this paper, we systematically survey related research
articles and industrial systems to highlight the current status of this arms
race in enterprise network security. First, we discuss the taxonomy of
distributed network attacks on enterprise assets, including distributed
denial-of-service (DDoS) and reconnaissance attacks. Second, we review existing
methods in monitoring and classifying network behavior of enterprise hosts to
verify their benign activities and isolate potential anomalies. Third,
state-of-the-art detection methods for distributed network attacks sourced from
external attackers are elaborated, highlighting their merits and bottlenecks.
Fourth, as programmable networks and machine learning (ML) techniques are
increasingly becoming adopted by the community, their current applications in
network security are discussed. Finally, we highlight several research gaps on
enterprise network security to inspire future research.Comment: Journal paper submitted to Elseive
Adaptive Response System for Distributed Denial-of-Service Attacks
The continued prevalence and severe damaging effects of the Distributed Denial of Service (DDoS)
attacks in today’s Internet raise growing security concerns and call for an immediate response to come
up with better solutions to tackle DDoS attacks. The current DDoS prevention mechanisms are usually
inflexible and determined attackers with knowledge of these mechanisms, could work around them.
Most existing detection and response mechanisms are standalone systems which do not rely on
adaptive updates to mitigate attacks. As different responses vary in their “leniency” in treating
detected attack traffic, there is a need for an Adaptive Response System.
We designed and implemented our DDoS Adaptive ResponsE (DARE) System, which is a
distributed DDoS mitigation system capable of executing appropriate detection and mitigation
responses automatically and adaptively according to the attacks. It supports easy integrations for both
signature-based and anomaly-based detection modules. Additionally, the design of DARE’s individual
components takes into consideration the strengths and weaknesses of existing defence mechanisms,
and the characteristics and possible future mutations of DDoS attacks. These components consist of an
Enhanced TCP SYN Attack Detector and Bloom-based Filter, a DDoS Flooding Attack Detector and
Flow Identifier, and a Non Intrusive IP Traceback mechanism. The components work together
interactively to adapt the detections and responses in accordance to the attack types. Experiments
conducted on DARE show that the attack detection and mitigation are successfully completed within
seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate
and new legitimate requests is maintained. DARE is able to detect and trigger appropriate responses in
accordance to the attacks being launched with high accuracy, effectiveness and efficiency.
We also designed and implemented a Traffic Redirection Attack Protection System (TRAPS), a
stand-alone DDoS attack detection and mitigation system for IPv6 networks. In TRAPS, the victim
under attack verifies the authenticity of the source by performing virtual relocations to differentiate the
legitimate traffic from the attack traffic. TRAPS requires minimal deployment effort and does not
require modifications to the Internet infrastructure due to its incorporation of the Mobile IPv6
protocol. Experiments to test the feasibility of TRAPS were carried out in a testbed environment to
verify that it would work with the existing Mobile IPv6 implementation. It was observed that the
operations of each module were functioning correctly and TRAPS was able to successfully mitigate an
attack launched with spoofed source IP addresses
Machine and deep learning techniques for detecting internet protocol version six attacks: a review
The rapid development of information and communication technologies has increased the demand for internet-facing devices that require publicly accessible internet protocol (IP) addresses, resulting in the depletion of internet protocol version 4 (IPv4) address space. As a result, internet protocol version 6 (IPv6) was designed to address this issue. However, IPv6 is still not widely used because of security concerns. An intrusion detection system (IDS) is one example of a security mechanism used to secure networks. Lately, the use of machine learning (ML) or deep learning (DL) detection models in IDSs is gaining popularity due to their ability to detect threats on IPv6 networks accurately. However, there is an apparent lack of studies that review ML and DL in IDS. Even the existing reviews of ML and DL fail to compare those techniques. Thus, this paper comprehensively elucidates ML and DL techniques and IPv6-based distributed denial of service (DDoS) attacks. Additionally, this paper includes a qualitative comparison with other related works. Moreover, this work also thoroughly reviews the existing ML and DL-based IDSs for detecting IPv6 and IPv4 attacks. Lastly, researchers could use this review as a guide in the future to improve their work on DL and ML-based IDS
- …