Game-based Simulation of Distributed Denial of Service (DDoS) Attack and Defense Mechanisms of Critical Infrastructures

This article describes how in the summer of 1999, the Computer Incident Advisory Capability first reported about Distributed Denial of Service (DDoS) attack incidents and the nature of Denial of Service (DoS) attacks in a distributed environment that eliminates the availability of resources or data on a computer network. DDoS attack exhausts the network resources and disturbs the legitimate user. This article provides an explanation on DDoS attacks and nature of these attacks against Smartphones and Wi-Fi Technology and presents a taxonomy of various defense mechanisms. The smartphone is chosen for this study, as they have now become a necessity rather than a luxury item for the common people.

Download Full-text

Application Layer DDoS Attack Defense Methods and A new Defense Mechanism against Flooding

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.f6986.038620 ◽

2020 ◽

Vol 8 (6) ◽

pp. 208-212

Keyword(s):

Machine Learning ◽

Defense Mechanisms ◽

Defense Mechanism ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Network Environment ◽

Ddos Attacks ◽

Application Layer ◽

New Approach ◽

Ddos Attack

In a network environment, Distributed Denial of Service (DDoS) attacks eemploys a network or server is unavailable to its normal users. Application-layer Distributed Denial of Service (App-DDoS) attacks are serious issues for the webserver itself. The multitude and variety of such attacks and defense approaches are overwhelming. This paper here follows, we analyze the different defense mechanisms for application-layer DDoS attacks and proposes a new approach to defend using machine learning.

Download Full-text

Distributed Denial of Service (DDoS) Attacks and Defence Mechanism

International Journal of Computer Science and Mobile Computing ◽

10.47760/ijcsmc.2021.v10i03.010 ◽

2021 ◽

Vol 10 (3) ◽

pp. 83-88

Author(s):

Akhil K.M ◽

Rahul C.T ◽

Athira V.B

Keyword(s):

Defense Mechanisms ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Network Resources ◽

Advantages And Disadvantages ◽

Self Defense ◽

Short Period ◽

Attack And Defense

Denial of Service (DoS) attacks is one of the major threats to Internet sites and one of the major security problems Internet faces today. The nature of threats caused by Distributed Denial of Service (DDoS) attacks on networks. With little or no warning, a DDoS attack could easily destroy its victim's communication and network resources in a short period of time. This paper outlines the problem of DDoS attacks and developing a classification of DDoS attacks and DDoS defense mechanisms. Important features of each attack and defense system category are described and advantages and disadvantages of each proposed scheme are outlined. The goal of the paper is to set a certain order of existence methods of attack and defense mechanisms, for the better understanding DDoS attacks can be achieved with more effective methods and means of self-defense can be developed.

Download Full-text

Taxonomy of Distributed Denial of Service (DDoS) Attacks and Defense Mechanisms in Present Era of Smartphone Devices

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch022 ◽

2021 ◽

pp. 415-434

Author(s):

Kavita Sharma ◽

B. B. Gupta

Keyword(s):

Defense Mechanisms ◽

Computer Network ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Network Resources ◽

Common People ◽

Ddos Attack ◽

Legitimate User

This article describes how in the summer of 1999, the Computer Incident Advisory Capability first reported about Distributed Denial of Service (DDoS) attack incidents and the nature of Denial of Service (DoS) attacks in a distributed environment that eliminates the availability of resources or data on a computer network. DDoS attack exhausts the network resources and disturbs the legitimate user. This article provides an explanation on DDoS attacks and nature of these attacks against Smartphones and Wi-Fi Technology and presents a taxonomy of various defense mechanisms. The smartphone is chosen for this study, as they have now become a necessity rather than a luxury item for the common people.

Download Full-text

Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i1.1.9473 ◽

2017 ◽

Vol 7 (1.1) ◽

pp. 230

Author(s):

C. Vasan Sai Krishna ◽

Y. Bhuvana ◽

P. Pavan Kumar ◽

R. Murugan

Keyword(s):

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attack ◽

Computing Power ◽

Server Side ◽

Ddos Attack ◽

Client Machine ◽

Client Side

In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.

Download Full-text

Cluster-Based Countermeasures for DDoS Attacks

Network Security Attacks and Countermeasures - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-8761-5.ch008 ◽

2016 ◽

pp. 206-227

Author(s):

Mohammad Jabed Morshed Chowdhury ◽

Dileep Kumar G

Keyword(s):

Unsupervised Learning ◽

Network Traffic ◽

Denial Of Service ◽

Security Threats ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Ddos Attack ◽

Real Progress ◽

Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

Download Full-text

Detecting DDoS Attacks on Multiple Network Hosts

Developments in Information Security and Cybernetic Wars - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-8304-2.ch006 ◽

2019 ◽

pp. 121-139 ◽

Cited By ~ 1

Author(s):

Konstantinos F. Xylogiannopoulos ◽

Panagiotis Karampelas ◽

Reda Alhajj

Keyword(s):

Denial Of Service ◽

Attack Detection ◽

Detection Methods ◽

Distributed Denial Of Service ◽

Secondary Sources ◽

Ddos Attack ◽

Timely Fashion ◽

Multiple Network ◽

Ddos Attack Detection ◽

Low Traffic

The proliferation of low security internet of things devices has widened the range of weapons that malevolent users can utilize in order to attack legitimate services in new ways. In the recent years, apart from very large volumetric distributed denial of service attacks, low and slow attacks initiated from intelligent bot networks have been detected to target multiple hosts in a network in a timely fashion. However, even if the attacks seem to be “innocent” at the beginning, they generate huge traffic in the network without practically been detected by the traditional DDoS attack detection methods. In this chapter, an advanced pattern detection method is presented that is able to collect and classify in real time all the incoming traffic and detect a developing slow and low DDoS attack by monitoring the traffic in all the hosts of the network. The experimental analysis on a real dataset provides useful insights about the effectiveness of the method by identifying not only the main source of attack but also secondary sources that produce low traffic, targeting though multiple hosts.

Download Full-text

Defending against Distributed Denial of Service

Encyclopedia of Information Ethics and Security ◽

10.4018/978-1-59140-987-8.ch019 ◽

2011 ◽

pp. 121-129

Author(s):

Yang Xiang ◽

Wanlei Zhou

Keyword(s):

Web Sites ◽

Credit Card ◽

Denial Of Service ◽

Online Gambling ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Web Traffic ◽

Internet Applications ◽

Ddos Attack ◽

Interactive Advertising

Recently the notorious Distributed Denial of Service (DDoS) attacks made people aware of the importance of providing available data and services securely to users. A DDoS attack is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resource (CERT, 2006). For example, in February 2000, many Web sites such as Yahoo, Amazon.com, eBuy, CNN.com, Buy. com, ZDNet, E*Trade, and Excite.com were all subject to total or regional outages by DDoS attacks. In 2002, a massive DDoS attack briefly interrupted Web traffic on nine of the 13 DNS “root” servers that control the Internet (Naraine, 2002). In 2004, a number of DDoS attacks assaulted the credit card processor Authorize. net, the Web infrastructure provider Akamai Systems, the interactive advertising company DoubleClick (left that company’s servers temporarily unable to deliver ads to thousands of popular Web sites), and many online gambling sites (Arnfield, 2004). Nowadays, Internet applications face serious security problems caused by DDoS attacks. For example, according to CERT/CC Statistics 1998-2005 (CERT, 2006), computer-based vulnerabilities reported have increased exponentially since 1998. Effective approaches to defeat DDoS attacks are desperately demanded (Cisco, 2001; Gibson, 2002).

Download Full-text

On Distributed Denial of Service Current Defense Schemes

Technologies ◽

10.3390/technologies7010019 ◽

2019 ◽

Vol 7 (1) ◽

pp. 19 ◽

Cited By ~ 9

Author(s):

Seth Kotey ◽

Eric Tchao ◽

James Gadze

Keyword(s):

Service Provider ◽

Defense Mechanisms ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Major Threat ◽

Highly Skilled

Distributed denial of service (DDoS) attacks are a major threat to any network-based service provider. The ability of an attacker to harness the power of a lot of compromised devices to launch an attack makes it even more complex to handle. This complexity can increase even more when several attackers coordinate to launch an attack on one victim. Moreover, attackers these days do not need to be highly skilled to perpetrate an attack. Tools for orchestrating an attack can easily be found online and require little to no knowledge about attack scripts to initiate an attack. Studies have been done severally to develop defense mechanisms to detect and defend against DDoS attacks. As defense schemes are designed and developed, attackers are also on the move to evade these defense mechanisms and so there is a need for a continual study in developing defense mechanisms. This paper discusses the current DDoS defense mechanisms, their strengths and weaknesses.

Download Full-text

A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors

Applied Sciences ◽

10.3390/app9214633 ◽

2019 ◽

Vol 9 (21) ◽

pp. 4633 ◽

Cited By ~ 3

Author(s):

Jian Zhang ◽

Qidi Liang ◽

Rui Jiang ◽

Xi Li

Keyword(s):

Success Rate ◽

Denial Of Service ◽

Detection Algorithm ◽

Feature Analysis ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Detection Capability ◽

Ddos Attack ◽

Attack Mitigation ◽

Multiple Attack

In recent years, distributed denial of service (DDoS) attacks have increasingly shown the trend of multiattack vector composites, which has significantly improved the concealment and success rate of DDoS attacks. Therefore, improving the ubiquitous detection capability of DDoS attacks and accurately and quickly identifying DDoS attack traffic play an important role in later attack mitigation. This paper proposes a method to efficiently detect and identify multivector DDoS attacks. The detection algorithm is applicable to known and unknown DDoS attacks.

Download Full-text