Biblio

Distributed Denial of Service (DDoS) strike is a malevolent undertaking to irritate regular action of a concentrated on server, organization or framework by overwhelming the goal or its incorporating establishment with a flood of Internet development. DDoS ambushes achieve feasibility by utilizing different exchanged off PC structures as wellsprings of strike action. Mishandled machines can join PCs and other masterminded resources, for instance, IoT contraptions. From an anomalous express, a DDoS attack looks like a vehicle convergence ceasing up with the road, shielding standard action from meeting up at its pined for objective.

In recent years, the attacks on systems have increased and among such attack is Distributed Denial of Service (DDoS) attack. The path identifiers (PIDs) used for inter-domain routing are static, which makes it easier the attack easier. To address this vulnerability, this paper addresses the usage of Dynamic Path Identifiers (D-PIDs) for routing. The PID of inter-domain path connector is kept oblivious and changes dynamically, thus making it difficult to attack the system. The prototype designed with major components like client, server and router analyses the outcome of D-PID usage instead of PIDs. The results show that, DDoS attacks can be effectively prevented if Dynamic Path Identifiers (D-PIDs) are used instead of Static Path Identifiers (PIDs).

SYN flood attack is a very serious cause for disturbing the normal traffic in MANET. SYN flood attack takes advantage of the congestion caused by populating a specific route with unwanted traffic that results in the denial of services. In this paper, we proposed an Adaptive Detection Mechanism using Artificial Intelligence technique named as SYN Flood Attack Detection Based on Bayes Estimator (SFADBE) for Mobile ad hoc Network (MANET). In SFADBE, every node will gather the current information of the available channel and the secure and congested free (Best Path) channel for the traffic is selected. Due to constant congestion, the availability of the data path can be the cause of SYN Flood attack. By using this AI technique, we experienced the SYN Flood detection probability more than the others did. Simulation results show that our proposed SFADBE algorithm is low cost and robust as compared to the other existing approaches.

Distributed denial-of-service (DDoS) attack remains an exceptional security risk, alleviating these digital attacks are for all intents and purposes extremely intense to actualize, particularly when it faces exceptionally well conveyed attacks. The early disclosure of these attacks, through testing, is critical to ensure safety of end-clients and the wide-ranging expensive network resources. With respect to DDoS attacks - its hypothetical establishment, engineering, and calculations of a honeypot have been characterized. At its core, the honeypot consists of an intrusion prevention system (Interruption counteractive action framework) situated in the Internet Service Providers level. The IPSs then create a safety net to protect the hosts by trading chosen movement data. The evaluation of honeypot promotes broad reproductions and an absolute dataset is introduced, indicating honeypot's activity and low overhead. The honeypot anticipates such assaults and mitigates the servers. The prevailing IDS are generally modulated to distinguish known authority level system attacks. This spontaneity makes the honeypot system powerful against uncommon and strange vindictive attacks.

This research was an experimental analysis of the Intrusion Detection Systems(IDS) with Honey Pot conducting through a study of using Honey Pot in tricking, delaying or deviating the intruder to attack new media broadcasting server for IPTV system. Denial of Service(DoS) over wire network and wireless network consisted of three types of attacks: TCP Flood, UDP Flood and ICMP Flood by Honey Pot, where the Honeyd would be used. In this simulation, a computer or a server in the network map needed to be secured by the inactivity firewalls or other security tools for the intrusion of the detection systems and Honey Pot. The network intrusion detection system used in this experiment was SNORT (www.snort.org) developed in the form of the Open Source operating system-Linux. The results showed that, from every experiment, the internal attacks had shown more threat than the external attacks. In addition, attacks occurred through LAN network posted 50% more disturb than attacks occurred on WIFI. Also, the external attacks through LAN posted 95% more attacks than through WIFI. However, the number of attacks presented by TCP, UDP and ICMP were insignificant. This result has supported the assumption that Honey Pot was able to help detecting the intrusion. In average, 16% of the attacks was detected by Honey Pot in every experiment.

Software Defined Networking (SDN) is a paradigm shift that changes the working principles of IP networks by separating the control logic from routers and switches, and logically centralizing it within a controller. In this architecture the control plane (controller) communicates with the data plane (switches) through a control channel using a standards-compliant protocol, that is, OpenFlow. While having a centralized controller creates an opportunity to monitor and program the entire network, as a side effect, it causes the control plane to become a single point of failure. Denial of service (DoS) attacks or even heavy control traffic conditions can easily become real threats to the proper functioning of the controller, which indirectly detriments the entire network. In this paper, we propose a solution to reduce the control traffic generated primarily during table-miss events. We utilize the buffer\_id feature of the OpenFlow protocol, which has been designed to identify individually buffered packets within a switch, reusing it to identify flows buffered as a series of packets during table-miss, which happens when there is no related rule in the switch flow tables that matches the received packet. Thus, we allow the OpenFlow switch to send only the first packet of a flow to the controller for a table-miss while buffering the rest of the packets in the switch memory until the controller responds or time out occurs. The test results show that OpenFlow traffic is significantly reduced when the proposed method is used.

Advanced Metering Infrastructure (AMI) have rapidly become a topic of international interest as governments have sponsored their deployment for the purposes of utility service reliability and efficiency, e.g., water and electricity conservation. Two problems plague such deployments. First is the protection of consumer privacy. Second is the problem of huge amounts of data from such deployments. A new architecture is proposed to address these problems through the use of Aggregators, which incorporate temporary data buffering and the modularization of utility grid analysis. These Aggregators are used to deliver anonymized summary data to the central utility while preserving billing and automated connection services.

As DDOS attacks interrupt internet services, DDOS tools confirm the effectiveness of the current attack. DDOS attack and countermeasures continue to increase in number and complexity. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. A contemporary escalation of application layer distributed denial of service attacks on the web services has quickly transferred the focus of the research community from conventional network based denial of service. As a result, new genres of attacks were explored like HTTP GET Flood, HTTP POST Flood, Slowloris, R-U-Dead-Yet (RUDY), DNS etc. Also after a brief introduction to DDOS attacks, we discuss the characteristics of newly proposed application layer distributed denial of service attacks and embellish their impact on modern web services.

As Internet of things (IoT) continue to ensconce into our homes, offices, hospitals, electricity grids and other walks of life, the stakes are too high to leave security to chance. IoT devices are resource constrained devices and hence it is very easy to exhaust them of their resources or deny availability. One of the most prominent attacks on the availability is the Distributed Denial of service (DDoS) attack. Although, DDoS is not a new Internet attack but a large number of new, constrained and globally accessible IoT devices have escalated the attack surface beyond imagination. This paper provides a broad anatomy of IoT protocols and their inherent weaknesses that can enable attackers to launch successful DDoS attacks. One of the major contributions of this paper is the implementation and demonstration of UDP (User Datagram Protocol) flood attack in the Contiki operating system, an open-source operating system for the IoT. This attack has been implemented and demonstrated in Cooja simulator, an inherent feature of the Contiki operating system. Furthermore, in this paper, a rate limiting mechanism is proposed that must be incorporated in the Contiki OS to mitigate UDP flood attacks. This proposed scheme reduces CPU power consumption of the victim by 9% and saves the total transmission power of the victim by 55%.

In this paper, we propose a hardware-based defense system in Software-Defined Networking architecture to protect against the HTTP GET Flooding attacks, one of the most dangerous Distributed Denial of Service (DDoS) attacks in recent years. Our defense system utilizes per-URL counting mechanism and has been implemented on FPGA as an extension of a NetFPGA-based OpenFlow switch.

Information security deals with a large number of subjects like spoofed message detection, audio processing, video surveillance and cyber-attack detections. However the biggest threat for the homeland security is cyber-attacks. Distributed Denial of Service attack is one among them. Interconnected systems such as database server, web server, cloud computing servers etc., are now under threads from network attackers. Denial of service is common attack in the internet which causes problem for both the user and the service providers. Distributed attack sources can be used to enlarge the attack in case of Distributed Denial of Service so that the effect of the attack will be high. Distributed Denial of Service attacks aims at exhausting the communication and computational power of the network by flooding the packets through the network and making malicious traffic in the network. In order to be an effective service the DDoS attack must be detected and mitigated quickly before the legitimate user access the attacker's target. The group of systems that is used to perform the DoS attack is known as the botnets. This paper introduces the overview of the state of art in DDoS attack detection strategies.

Attacks on airport information network services in the form of Denial of Service (DoS), Distributed DoS (DDoS), and hijacking are the most effective schemes mostly explored by cyber terrorists in the aviation industry running Mission Critical Services (MCSs). This work presents a case for Airport Information Resource Management Systems (AIRMS) which is a cloud based platform proposed for the Nigerian aviation industry. Granting that AIRMS is susceptible to DoS attacks, there is need to develop a robust counter security network model aimed at pre-empting such attacks and subsequently mitigating the vulnerability in such networks. Existing works in literature regarding cyber security DoS and other schemes have not explored embedded Stateful Packet Inspection (SPI) based on OpenFlow Application Centric Infrastructure (OACI) for securing critical network assets. As such, SPI-OACI was proposed to address the challenge of Vulnerability Bandwidth Depletion DDoS Attacks (VBDDA). A characterization of the Cisco 9000 router firewall as an embedded network device with support for Virtual DDoS protection was carried out in the AIRMS threat mitigation design. Afterwards, the mitigation procedure and the initial phase of the design with Riverbed modeler software were realized. For the security Quality of Service (QoS) profiling, the system response metrics (i.e. SPI-OACI delay, throughput and utilization) in cloud based network were analyzed only for normal traffic flows. The work concludes by offering practical suggestion for securing similar enterprise management systems running on cloud infrastructure against cyber terrorists.

Denial of Service (DoS) attacks is one of the major threats and among the hardest security problems in the Internet world. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With little or no advance warning, an attacker can easily exhaust the computing resources of its victim within a short period of time. In this paper, we study the impact of a UDP flood attack on TCP throughput, round-trip time, and CPU utilization for a Web Server with the new generation of Linux platform, Linux Ubuntu 13. This paper also evaluates the impact of various defense mechanisms, including Access Control Lists (ACLs), Threshold Limit, Reverse Path Forwarding (IP Verify), and Network Load Balancing. Threshold Limit is found to be the most effective defense.

Cultivation of Smart Grid refurbish with brisk and ingenious. The delinquent breed and sow mutilate in massive. This state of affair coerces security as a sapling which incessantly is to be irrigated with Research and Analysis. The Cyber Security is endowed with resiliency to the SYN flooding induced Denial of Service attack in this work. The proposed secure web server algorithm embedded in the LPC1768 processor ensures the smart resources to be precluded from the attack.

In cyberspace, availability of the resources is the key component of cyber security along with confidentiality and integrity. Distributed Denial of Service (DDoS) attack has become one of the major threats to the availability of resources in computer networks. It is a challenging problem in the Internet. In this paper, we present a detailed study of DDoS attacks on the Internet specifically the attacks due to protocols vulnerabilities in the TCP/IP model, their countermeasures and various DDoS attack mechanisms. We thoroughly review DDoS attacks defense and analyze the strengths and weaknesses of different proposed mechanisms.

Distributed Denial of Service (DoS) attacks is one of the major threats and among the hardest security problems in the Internet world. In this paper, we study the impact of a UDP flood attack on TCP throughputs, round-trip time, and CPU utilization on the latest version of Windows and Linux platforms, namely, Windows Server 2012 and Linux Ubuntu 13. This paper also evaluates several defense mechanisms including Access Control Lists (ACLs), Threshold Limit, Reverse Path Forwarding (IP Verify), and Network Load Balancing. Threshold Limit defense gave better results than the other solutions.

Botnet is one of the most widespread and serious malware which occur frequently in today's cyber attacks. A botnet is a group of Internet-connected computer programs communicating with other similar programs in order to perform various attacks. HTTP-based botnet is most dangerous botnet among all the different botnets available today. In botnets detection, in particularly, behavioural-based approaches suffer from the unavailability of the benchmark datasets and this lead to lack of precise results evaluation of botnet detection systems, comparison, and deployment which originates from the deficiency of adequate datasets. Most of the datasets in the botnet field are from local environment and cannot be used in the large scale due to privacy problems and do not reflect common trends, and also lack some statistical features. To the best of our knowledge, there is not any benchmark dataset available which is infected by HTTP-based botnet (HBB) for performing Distributed Denial of Service (DDoS) attacks against Web servers by using HTTP-GET flooding method. In addition, there is no Web access log infected by botnet is available for researchers. Therefore, in this paper, a complete test-bed will be illustrated in order to implement a real time HTTP-based botnet for performing variety of DDoS attacks against Web servers by using HTTP-GET flooding method. In addition to this, Web access log with http bot traces are also generated. These real time datasets and Web access logs can be useful to study the behaviour of HTTP-based botnet as well as to evaluate different solutions proposed to detect HTTP-based botnet by various researchers.
 

Infrastructure-based Vehicular Networks can be applied in different social contexts, such as health care, transportation and entertainment. They can easily take advantage of the benefices provided by wireless mesh networks (WMNs) to mobility, since WMNs essentially support technological convergence and resilience, required for the effective operation of services and applications. However, infrastructure-based vehicular networks are prone to attacks such as ARP packets flooding that compromise mobility management and users' network access. Hence, this work proposes MIRF, a secure mobility scheme based on reputation and filtering to mitigate flooding attacks on mobility management. The efficiency of the MIRF scheme has been evaluated by simulations considering urban scenarios with and without attacks. Analyses show that it significantly improves the packet delivery ratio in scenarios with attacks, mitigating their intentional negative effects, as the reduction of malicious ARP requests. Furthermore, improvements have been observed in the number of handoffs on scenarios under attacks, being faster than scenarios without the scheme.

Advanced Metering Infrastructure (AMI) is the core component in a smart grid that exhibits a highly complex network configuration. AMI shares information about consumption, outages, and electricity rates reliably and efficiently by bidirectional communication between smart meters and utilities. However, the numerous smart meters being connected through mesh networks open new opportunities for attackers to interfere with communications and compromise utilities assets or steal customers private information. In this paper, we present a new DoS attack, called puppet attack, which can result in denial of service in AMI network. The intruder can select any normal node as a puppet node and send attack packets to this puppet node. When the puppet node receives these attack packets, this node will be controlled by the attacker and flood more packets so as to exhaust the network communication bandwidth and node energy. Simulation results show that puppet attack is a serious and packet deliver rate goes down to 20%-10%.