scholarly journals Novel Mechanism to Prevent Denial of Service (DoS) Attacks in IPv6 Duplicate Address Detection Process

2016 ◽  
Vol 10 (4) ◽  
pp. 143-154 ◽  
Author(s):  
Shafiq Ul Rehman ◽  
Selvakumar Manickam
Keyword(s):  
Denial Of Service ◽  
Dos Attacks ◽  
Detection Process ◽  
Duplicate Address Detection

scholarly journals A Secure Protocol against Selfish and Pollution Attacker Misbehavior in Clustered WSNs

Electronics ◽  
2021 ◽  
Vol 10 (11) ◽  
pp. 1244
Author(s):  
Hana Rhim ◽  
Damien Sauveron ◽  
Ryma Abassi ◽  
Karim Tamine ◽  
Sihem Guemara
Keyword(s):  
Denial Of Service ◽  
Base Station ◽  
Hierarchical Organization ◽  
Secure Routing ◽  
Sensor Nodes ◽  
Dos Attacks ◽  
Linear Network ◽  
Secure Protocol ◽  
Misbehaving Nodes ◽  
Pollution Attacks

Wireless sensor networks (WSNs) have been widely used for applications in numerous fields. One of the main challenges is the limited energy resources when designing secure routing in such networks. Hierarchical organization of nodes in the network can make efficient use of their resources. In this case, a subset of nodes, the cluster heads (CHs), is entrusted with transmitting messages from cluster nodes to the base station (BS). However, the existence of selfish or pollution attacker nodes in the network causes data transmission failure and damages the network availability and integrity. Mainly, when critical nodes like CH nodes misbehave by refusing to forward data to the BS, by modifying data in transit or by injecting polluted data, the whole network becomes defective. This paper presents a secure protocol against selfish and pollution attacker misbehavior in clustered WSNs, known as (SSP). It aims to thwart both selfish and pollution attacker misbehaviors, the former being a form of a Denial of Service (DoS) attack. In addition, it maintains a level of confidentiality against eavesdroppers. Based on a random linear network coding (NC) technique, the protocol uses pre-loaded matrices within sensor nodes to conceive a larger number of new packets from a set of initial data packets, thus creating data redundancy. Then, it transmits them through separate paths to the BS. Furthermore, it detects misbehaving nodes among CHs and executes a punishment mechanism using a control counter. The security analysis and simulation results demonstrate that the proposed solution is not only capable of preventing and detecting DoS attacks as well as pollution attacks, but can also maintain scalable and stable routing for large networks. The protocol means 100% of messages are successfully recovered and received at the BS when the percentage of lost packets is around 20%. Moreover, when the number of misbehaving nodes executing pollution attacks reaches a certain threshold, SSP scores a reception rate of correctly reconstructed messages equal to 100%. If the SSP protocol is not applied, the rate of reception of correctly reconstructed messages is reduced by 90% at the same case.

scholarly journals Secure and DoS-Resilient Fragment Authentication in CCN-Based Vehicular Networks

2018 ◽  
Vol 2018 ◽  
pp. 1-12
Author(s):  
Sangwon Hyun ◽  
Hyoungshick Kim
Keyword(s):  
Vehicular Networks ◽  
Denial Of Service ◽  
Content Delivery ◽  
Dos Attacks ◽  
Promising Alternative ◽  
Content Centric Networking ◽  
Transmission Unit ◽  
Communication Environments ◽  
Maximum Transmission

Content-Centric Networking (CCN) is considered as a promising alternative to traditional IP-based networking for vehicle-to-everything communication environments. In general, CCN packets must be fragmented and reassembled based on the Maximum Transmission Unit (MTU) size of the content delivery path. It is thus challenging to securely protect fragmented packets against attackers who intentionally inject malicious fragments to disrupt normal services on CCN-based vehicular networks. This paper presents a new secure content fragmentation method that is resistant to Denial-of-Service (DoS) attacks in CCN-based vehicular networks. Our approach guarantees the authenticity of each fragment through the immediate fragment verification at interim nodes on the routing path. Our experiment results demonstrate that the proposed approach provides much stronger security than the existing approach named FIGOA, without imposing a significant overhead in the process. The proposed method achieves a high immediate verification probability of 98.2% on average, which is 52% higher than that of FIGOA, while requiring only 14% more fragments than FIGOA.

scholarly journals MANETs performance analysis with dos attack at different routing protocols

2015 ◽  
Vol 4 (2) ◽  
pp. 390 ◽  
Author(s):  
Alaa Zain ◽  
Heba El-khobby ◽  
Hatem M. Abd Elkader ◽  
Mostafa Abdelnaby
Keyword(s):  
Routing Protocol ◽  
Routing Protocols ◽  
Ad Hoc ◽  
Denial Of Service ◽  
Geographic Routing ◽  
Security Threat ◽  
Dos Attacks ◽  
Reactive Routing ◽  
Hoc Networks ◽  
The Impact

A Mobile Ad-Hoc Networks (MANET) is widely used in many industrial and people's life applications, such as earth monitoring, natural disaster prevention, agriculture biomedical related applications, and many other areas. Security threat is one of the major aspects of MANET, as it is one of the basic requirements of wireless sensor network, yet this problem has not been sufficiently explored. The main purpose of this paper is to study different MANETs routing protocols with three scenarios of Denial of Service (DoS) attacks on network layer using proactive routing protocol i.e. Optimized Link State Routing (OLSR) and Reactive routing protocols like Ad hoc On-Demand Distance Vector (AODV), Hybrid routing protocols like Geographic Routing Protocol (GRP). Moreover, a comparative analysis of DoS attacks for throughput, Data loss, delay and network load is taken into account. The performance of MANET under the attack is studied to find out which protocol is more vulnerable to the attack and how much is the impact of the attack on both protocols. The simulation is done using OPNET 17.

scholarly journals Evaluation of Takagi-Sugeno-Kang fuzzy method in entropy-based detection of DDoS attacks

2018 ◽  
Vol 15 (1) ◽  
pp. 139-162 ◽  
Author(s):  
Miodrag Petkovic ◽  
Ilija Basicevic ◽  
Dragan Kukolj ◽  
Miroslav Popovic
Keyword(s):  
Network Traffic ◽  
Fuzzy System ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Sudden Change ◽  
Change Point Detection ◽  
Statistical Characteristics ◽  
Ddos Attacks ◽  
Detection Process ◽  
Takagi Sugeno

The detection of distributed denial of service (DDoS) attacks based on internet traffic anomalies is a method which is general in nature and can detect unknown or zero-day attacks. One of the statistical characteristics used for this purpose is network traffic entropy: a sudden change in entropy may indicate a DDoS attack. However, this approach often gives false positives, and this is the main obstacle to its wider deployment within network security equipment. In this paper, we propose a new, two-step method for detection of DDoS attacks. This method combines the approaches of network traffic entropy and the Takagi-Sugeno-Kang fuzzy system. In the first step, the detection process calculates the entropy distribution of the network packets. In the second step, the Takagi-Sugeno-Kang fuzzy system (TSK-FS) method is applied to these entropy values. The performance of the TSK-FS method is compared with that of the typically used approach, in which cumulative sum (CUSUM) change point detection is applied directly to entropy time series. The results show that the TSK-FS DDoS detector reaches enhanced sensitivity and robustness in the detection process, achieving a high true-positive detection rate and a very low false-positive rate. As it is based on entropy, this combined method retains its generality and is capable of detecting various types of attack.

Sign in / Sign up

Export Citation Format

Share Document