Visible to the public Biblio

Filters: Keyword is distributed denial-of-service attacks  [Clear All Filters]
2021-02-16
Yeom, S., Kim, K..  2020.  Improving Performance of Collaborative Source-Side DDoS Attack Detection. 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS). :239—242.
Recently, as the threat of Distributed Denial-of-Service attacks exploiting IoT devices has spread, source-side Denial-of-Service attack detection methods are being studied in order to quickly detect attacks and find their locations. Moreover, to mitigate the limitation of local view of source-side detection, a collaborative attack detection technique is required to share detection results on each source-side network. In this paper, a new collaborative source-side DDoS attack detection method is proposed for detecting DDoS attacks on multiple networks more correctly, by considering the detecting performance on different time zone. The results of individual attack detection on each network are weighted based on detection rate and false positive rate corresponding to the time zone of each network. By gathering the weighted detection results, the proposed method determines whether a DDoS attack happens. Through extensive evaluation with real network traffic data, it is confirmed that the proposed method reduces false positive rate by 35% while maintaining high detection rate.
2020-06-08
van den Berg, Eric, Robertson, Seth.  2019.  Game-Theoretic Planning to Counter DDoS in NEMESIS. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :1–6.
NEMESIS provides powerful and cost-effective defenses against extreme Distributed Denial of Service (DDos) attacks through a number of network maneuvers. However, selection of which maneuvers to deploy when and with what parameters requires great care to achieve optimal outcomes in the face of overwhelming attack. Analytical wargaming allows game theoretic optimal Courses of Action (COA) to be created real-time during live operations, orders of magnitude faster than packet-level simulation and with equivalent outcomes to even expert human hand-crafted COAs.
2019-03-22
Kumar, A., Abdelhadi, A., Clancy, C..  2018.  Novel Anomaly Detection and Classification Schemes for Machine-to-Machine Uplink. 2018 IEEE International Conference on Big Data (Big Data). :1284-1289.

Machine-to-Machine (M2M) networks being connected to the internet at large, inherit all the cyber-vulnerabilities of the standard Information Technology (IT) systems. Since perfect cyber-security and robustness is an idealistic construct, it is worthwhile to design intrusion detection schemes to quickly detect and mitigate the harmful consequences of cyber-attacks. Volumetric anomaly detection have been popularized due to their low-complexity, but they cannot detect low-volume sophisticated attacks and also suffer from high false-alarm rate. To overcome these limitations, feature-based detection schemes have been studied for IT networks. However these schemes cannot be easily adapted to M2M systems due to the fundamental architectural and functional differences between the M2M and IT systems. In this paper, we propose novel feature-based detection schemes for a general M2M uplink to detect Distributed Denial-of-Service (DDoS) attacks, emergency scenarios and terminal device failures. The detection for DDoS attack and emergency scenarios involves building up a database of legitimate M2M connections during a training phase and then flagging the new M2M connections as anomalies during the evaluation phase. To distinguish between DDoS attack and emergency scenarios that yield similar signatures for anomaly detection schemes, we propose a modified Canberra distance metric. It basically measures the similarity or differences in the characteristics of inter-arrival time epochs for any two anomalous streams. We detect device failures by inspecting for the decrease in active M2M connections over a reasonably large time interval. Lastly using Monte-Carlo simulations, we show that the proposed anomaly detection schemes have high detection performance and low-false alarm rate.

2018-11-19
Huang, X., Du, X., Song, B..  2017.  An Effective DDoS Defense Scheme for SDN. 2017 IEEE International Conference on Communications (ICC). :1–6.

In this paper, we propose a scheme to protect the Software Defined Network(SDN) controller from Distributed Denial-of-Service(DDoS) attacks. We first predict the amount of new requests for each openflow switch periodically based on Taylor series, and the requests will then be directed to the security gateway if the prediction value is beyond the threshold. The requests that caused the dramatic decrease of entropy will be filtered out and rules will be made in security gateway by our algorithm; the rules of these requests will be sent to the controller. The controller will send the rules to each switch to make them direct the flows matching with the rules to the honey pot. The simulation shows the averages of both false positive and false negative are less than 2%.

2018-05-24
Huyn, Joojay.  2017.  A Scalable Real-Time Framework for DDoS Traffic Monitoring and Characterization. Proceedings of the Fourth IEEE/ACM International Conference on Big Data Computing, Applications and Technologies. :265–266.

Volumetric DDoS attacks continue to inflict serious damage. Many proposed defenses for mitigating such attacks assume that a monitoring system has already detected the attack. However, many proposed DDoS monitoring systems do not focus on efficiently analyzing high volume network traffic to provide important characterizations of the attack in real-time to downstream traffic filtering systems. We propose a scalable real-time framework for an effective volumetric DDoS monitoring system that leverages modern big data technologies for streaming analytics of high volume network traffic to accurately detect and characterize attacks.

2018-02-06
Andrea, K., Gumusalan, A., Simon, R., Harney, H..  2017.  The Design and Implementation of a Multicast Address Moving Target Defensive System for Internet-of-Things Applications. MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM). :531–538.

Distributed Denial of Service (DDoS) attacks serve to diminish the ability of the network to perform its intended function over time. The paper presents the design, implementation and analysis of a protocol based upon a technique for address agility called DDoS Resistant Multicast (DRM). After describing the our architecture and implementation we show an analysis that quantifies the overhead on network performance. We then present the Simple Agile RPL multiCAST (SARCAST), an Internet-of-Things routing protocol for DDoS protection. We have implemented and evaluated SARCAST in a working IoT operating system and testbed. Our results show that SARCAST provides very high levels of protection against DDoS attacks with virtually no impact on overall performance.

2018-01-16
Viet, A. N., Van, L. P., Minh, H. A. N., Xuan, H. D., Ngoc, N. P., Huu, T. N..  2017.  Mitigating HTTP GET flooding attacks in SDN using NetFPGA-based OpenFlow switch. 2017 14th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON). :660–663.

In this paper, we propose a hardware-based defense system in Software-Defined Networking architecture to protect against the HTTP GET Flooding attacks, one of the most dangerous Distributed Denial of Service (DDoS) attacks in recent years. Our defense system utilizes per-URL counting mechanism and has been implemented on FPGA as an extension of a NetFPGA-based OpenFlow switch.

2015-05-06
Sgouras, K.I., Birda, A.D., Labridis, D.P..  2014.  Cyber attack impact on critical Smart Grid infrastructures. Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES. :1-5.

Electrical Distribution Networks face new challenges by the Smart Grid deployment. The required metering infrastructures add new vulnerabilities that need to be taken into account in order to achieve Smart Grid functionalities without considerable reliability trade-off. In this paper, a qualitative assessment of the cyber attack impact on the Advanced Metering Infrastructure (AMI) is initially attempted. Attack simulations have been conducted on a realistic Grid topology. The simulated network consisted of Smart Meters, routers and utility servers. Finally, the impact of Denial-of-Service and Distributed Denial-of-Service (DoS/DDoS) attacks on distribution system reliability is discussed through a qualitative analysis of reliability indices.
 

2015-05-01
Sgouras, K.I., Birda, A.D., Labridis, D.P..  2014.  Cyber attack impact on critical Smart Grid infrastructures. Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES. :1-5.

Electrical Distribution Networks face new challenges by the Smart Grid deployment. The required metering infrastructures add new vulnerabilities that need to be taken into account in order to achieve Smart Grid functionalities without considerable reliability trade-off. In this paper, a qualitative assessment of the cyber attack impact on the Advanced Metering Infrastructure (AMI) is initially attempted. Attack simulations have been conducted on a realistic Grid topology. The simulated network consisted of Smart Meters, routers and utility servers. Finally, the impact of Denial-of-Service and Distributed Denial-of-Service (DoS/DDoS) attacks on distribution system reliability is discussed through a qualitative analysis of reliability indices.

2015-04-30
Anwar, Z., Malik, A.W..  2014.  Can a DDoS Attack Meltdown My Data Center? A Simulation Study and Defense Strategies Communications Letters, IEEE. 18:1175-1178.

The goal of this letter is to explore the extent to which the vulnerabilities plaguing the Internet, particularly susceptibility to distributed denial-of-service (DDoS) attacks, impact the Cloud. DDoS has been known to disrupt Cloud services, but could it do worse by permanently damaging server and switch hardware? Services are hosted in data centers with thousands of servers generating large amounts of heat. Heating, ventilation, and air-conditioning (HVAC) systems prevent server downtime due to overheating. These are remotely managed using network management protocols that are susceptible to network attacks. Recently, Cloud providers have experienced outages due to HVAC malfunctions. Our contributions include a network simulation to study the feasibility of such an attack motivated by our experiences of such a security incident in a real data center. It demonstrates how a network simulator can study the interplay of the communication and thermal properties of a network and help prevent the Cloud provider's worst nightmare: meltdown of the data center as a result of a DDoS attack.