Modern DDoS Attacks and Defences -- Survey

Denial of Service (DoS) and Distributed Denial of Service of Service (DDoS) attacks are commonly used to disrupt network services. Attack techniques are always improving and due to the structure of the internet and properties of network protocols it is difficult to keep detection and mitigation techniques up to date. A lot of research has been conducted in this area which has demonstrated the difficulty of preventing DDoS attacks altogether, therefore the primary aim of most research is to maximize quality of service (QoS) for legitimate users. This survey paper aims to provide a clear summary of DDoS attacks and focuses on some recently proposed techniques for defence. The research papers that are analysed in depth primarily focused on the use of virtual machines (VMs) (HoneyMesh) and network function virtualization (NFV) (VGuard and VFence).Comment: 6 pages, 6 figure

Malware and Exploits on the Dark Web

In recent years, the darknet has become the key location for the distribution of malware and exploits. We have seen scenarios where software vulnerabilities have been disclosed by vendors and shortly after, operational exploits are available on darknet forums and marketplaces. Many marketplace vendors offer zero-day exploits that have not yet been discovered or disclosed. This trend has led to security companies offering darknet analysis services to detect new exploits and malware, providing proactive threat intelligence. This paper presents information on the scale of malware distribution, the trends of malware types offered, the methods for discovering new exploits and the effectiveness of darknet analysis in detecting malware at the earliest possible stage.Comment: 5 pages, 0 figure

LSTM RNN: Detecting Exploit Kits using Redirection Chain Sequences

Abstract While consumers use the web to perform routine activities, they are under the constant threat of attack from malicious websites. Even when visiting ‘trusted’ sites, there is always a risk that site is compromised, and, hosting a malicious script. In this scenario, the injected script would typically force the victim’s browser to undergo a series of redirects before reaching an attacker-controlled domain, which, delivers the actual malware. Although these malicious redirection chains aim to frustrate detection and analysis efforts, they could be used to help identify web-based attacks. Building upon previous work, this paper presents the first known application of a Long Short-Term Memory (LSTM) network to detect Exploit Kit (EK) traffic, utilising the structure of HTTP redirects. Samples are processed as sequences, where each timestep represents a redirect and contains a unique combination of 48 features. The experiment is conducted using a ground-truth dataset of 1279 EK and 5910 benign redirection chains. Hyper-parameters are tuned via K-fold cross-validation (5f-CV), with the optimal configuration achieving an F1 score of 0.9878 against the unseen test set. Furthermore, we compare the results of isolated feature categories to assess their importance