scholarly journals MULTI-AGENT SIMULATION OF ATTACKS AND DEFENSE MECHANISMS IN COMPUTER NETWORKS

2014 ◽  
pp. 35-43
Author(s):  
Igor Kotenko
Keyword(s):  
Defense Mechanisms ◽  
Service Providers ◽  
Denial Of Service ◽  
Discrete Event ◽  
Cyber Attacks ◽  
Simulation Environment ◽  
Internet Service ◽  
Common Framework ◽  
Multi Agent ◽  
Attack And Defense

The paper considers the approach to investigation of distributed cooperative cyber-defense mechanisms against network infrastructure oriented attacks (Distributed Denial of Service, network worms, botnets, etc.). The approach is based on the agent-based simulation of cyber-attacks and cyber-protection mechanisms which combines discrete-event simulation, multi-agent approach and packet-level simulation of network protocols. The various methods of counteraction against cyber-attacks are explored by representing attack and defense components as agent teams using the software simulation environment under development. The teams of defense agents are able to cooperate as the defense system components of different organizations and Internet service providers (ISPs). The paper represents the common framework and implementation peculiarities of the simulation environment as well as the experiments aimed on the investigation of distributed network attacks and defense mechanisms.

scholarly journals Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning

2019 ◽  
Vol 2019 ◽  
pp. 1-15 ◽  
Author(s):  
Francisco Sales de Lima Filho ◽  
Frederico A. F. Silveira ◽  
Agostinho de Medeiros Brito Junior ◽  
Genoveva Vargas-Solar ◽  
Luiz F. Silveira
Keyword(s):  
Machine Learning ◽  
Network Traffic ◽  
Service Providers ◽  
Detection System ◽  
Denial Of Service ◽  
Sampling Rate ◽  
Attack Detection ◽  
Dos Attacks ◽  
Internet Service ◽  
Benchmark Datasets

Users and Internet service providers (ISPs) are constantly affected by denial-of-service (DoS) attacks. This cyber threat continues to grow even with the development of new protection technologies. Developing mechanisms to detect this threat is a current challenge in network security. This article presents a machine learning- (ML-) based DoS detection system. The proposed approach makes inferences based on signatures previously extracted from samples of network traffic. The experiments were performed using four modern benchmark datasets. The results show an online detection rate (DR) of attacks above 96%, with high precision (PREC) and low false alarm rate (FAR) using a sampling rate (SR) of 20% of network traffic.

scholarly journals Data-plane Defenses against Routing Attacks on Tor

2016 ◽  
Vol 2016 (4) ◽  
pp. 276-293 ◽  
Author(s):  
Henry Tan ◽  
Micah Sherr ◽  
Wenchao Zhou
Keyword(s):  
Defense Mechanisms ◽  
Service Providers ◽  
Statistical Techniques ◽  
Control Plane ◽  
Routing Attacks ◽  
Internet Service ◽  
Data Plane ◽  
Anonymity Network ◽  
Tor Network ◽  
Correlation Attacks

Abstract Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet’s control-plane can be manipulated to increase an adversary’s view of the network, and consequently, improve its ability to perform traffic correlation. This paper explores, in-depth, the effects of control-plane attacks on the security of the Tor network. Using accurate models of the live Tor network, we quantify Tor’s susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable and the advantage to the adversary of performing the attacks. We further propose defense mechanisms that protect Tor users from manipulations at the control-plane. Perhaps surprisingly, we show that by leveraging existing trust anchors in Tor, defenses deployed only in the data-plane are sufficient to detect most control-plane attacks. Our defenses do not assume the active participation of Internet Service Providers, and require only very small changes to Tor. We show that our defenses result in a more than tenfold decrease in the effectiveness of certain control-plane attacks.

scholarly journals PERFORMANCE ANALYSIS OF AGENT BASED DISTRIBUTED DEFENSE MECHANISMS AGAINST DDOS ATTACKS

2018 ◽  
pp. 15-24 ◽  
Author(s):  
Karanbir Singh ◽  
Kanwalvir Singh Dhindsa ◽  
Bharat Bhushan
Keyword(s):  
Defense Mechanisms ◽  
Denial Of Service ◽  
Detection Algorithm ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Defense System ◽  
Internet Service ◽  
Agent Based ◽  
Related Information ◽  
Edge Router

The current internet infrastructure is susceptible to distributed denial of service (DDoS) attacks and has no built in mechanism to defend against them. The research on these kinds of attacks and their defense is significant for the security and reliability of the internet. We have already proposed a collaborative agent based distributed DDoS defense scheme which detect and prevents against DDoS attacks in ISP (Internet Service Provider) boundaries. The actual task of defense is carried out by agents and coordinators in each ISP. The defense system works by inspecting incoming traffic on edge router and identify the happening of DDoS attacks. The agent’s implements an entropy-threshold based detection algorithm. The coordinators share attack related information with neighboring ISPs in order to achieve distributed defense. The performance of defense system is evaluated on the basis of some identified metrics. The effectiveness of the defense system is evaluated in the presence and absence of defense system. The result indicates that the proposed defense system does accurate attack detection with very few false positives and false negatives.

scholarly journals AGENT-BASED SIMULATION OF DDOS ATTACKS AND DEFENSE MECHANISMS

2014 ◽  
pp. 113-123
Author(s):  
Igor Kotenko ◽  
Alexander Ulanov
Keyword(s):  
Modeling And Simulation ◽  
Defense Mechanisms ◽  
Denial Of Service ◽  
Software Agents ◽  
Ddos Attacks ◽  
Software Environment ◽  
Agent Based ◽  
Agent Simulation ◽  
Multi Agent ◽  
Main Components

The paper considers an approach to modeling and simulation of cyber-wars in Internet between the teams of software agents. According to this approach, the cybernetic opposition of malefactors and security systems is represented by the interaction of two different teams of software agents – malefactors’ team and defense team. The approach is considered by an example of modeling and simulation of “Distributed Denial of Service” (DDoS) attacks and protection against them. The paper also describes the software environment for multi-agent simulation of defense mechanisms against DDoS attacks developed by the authors and different experiments. The main components of the software environment are outlined. One of the numerous experiments on protection against DDoS attacks is described in detail. The environment developed is based OMNeT++ INET Framework.

scholarly journals Using honeynet data and a time series to predict the number of cyber attacks

2021 ◽  
pp. 40-40
Author(s):  
Matej Zuzcák ◽  
Petr Bujok
Keyword(s):  
Time Series ◽  
Service Providers ◽  
Effective Means ◽  
Autonomous Systems ◽  
Cyber Attacks ◽  
Remote Access ◽  
Real World Data ◽  
Internet Service ◽  
Geographical Regions ◽  
The Individual

A large number of cyber attacks are commonly conducted against home computers, mobile devices, as well as servers providing various services. One such prominently attacked service, or a protocol in this case, is the Secure Shell (SSH) used to gain remote access to manage systems. Besides hu man attackers, botnets are a major source of attacks on SSH servers. Tools such as honeypots allow an effective means of recording and analysing such attacks. However, is it also possible to use them to effectively predict these attacks? The prediction of SSH attacks, specifically the prediction of activity on certain subjects, such as autonomous systems, will be beneficial to system administrators, internet service providers, and CSIRT teams. This article presents multiple methods for using a time series, based on real-world data, to predict these attacks. It focuses on the overall prediction of attacks on the honeynet and the prediction of attacks from specific geographical regions. Multiple approaches are used, such as ARIMA, SARIMA, GARCH, and Bootstrapping. The article presents the viability, precision and usefulness of the individual approaches for various areas of IT security.

scholarly journals Generator of Slow Denial-of-Service Cyber Attacks

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5473
Author(s):  
Marek Sikora ◽  
Radek Fujdiak ◽  
Karel Kuchar ◽  
Eva Holasova ◽  
Jiri Misurec
Keyword(s):  
Cyber Security ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Future Research ◽  
The Internet ◽  
Small Data ◽  
Dos Attacks ◽  
Network Systems ◽  
Internet Service ◽  
Detection Techniques

In today’s world, the volume of cyber attacks grows every year. These attacks can cause many people or companies high financial losses or loss of private data. One of the most common types of attack on the Internet is a DoS (denial-of-service) attack, which, despite its simplicity, can cause catastrophic consequences. A slow DoS attack attempts to make the Internet service unavailable to users. Due to the small data flows, these attacks are very similar to legitimate users with a slow Internet connection. Accurate detection of these attacks is one of the biggest challenges in cybersecurity. In this paper, we implemented our proposal of eleven major and most dangerous slow DoS attacks and introduced an advanced attack generator for testing vulnerabilities of protocols, servers, and services. The main motivation for this research was the absence of a similarly comprehensive generator for testing slow DoS vulnerabilities in network systems. We built an experimental environment for testing our generator, and then we performed a security analysis of the five most used web servers. Based on the discovered vulnerabilities, we also discuss preventive and detection techniques to mitigate the attacks. In future research, our generator can be used for testing slow DoS security vulnerabilities and increasing the level of cyber security of various network systems.

scholarly journals Secure asymmetry and deployability for decoy routing systems

2018 ◽  
Vol 2018 (3) ◽  
pp. 43-62 ◽  
Author(s):  
Cecylia Bocovich ◽  
Ian Goldberg
Keyword(s):  
Service Providers ◽  
Denial Of Service ◽  
Autonomous Systems ◽  
Relay Station ◽  
Security Vulnerabilities ◽  
Internet Service ◽  
Asymmetric Flows ◽  
Pass Through ◽  
Censorship Circumvention ◽  
The Impact

Abstract Censorship circumvention is often characterized as a cat-and-mouse game between a nation-state censor and the developers of censorship resistance systems. Decoy routing systems offer a solution to censor- ship resistance that has the potential to tilt this race in the favour of the censorship resistor by using real connections to unblocked, overt sites to deliver censored content to users. This is achieved by employing the help of Internet Service Providers (ISPs) or Autonomous Systems (ASes) that own routers in the middle of the net- work. However, the deployment of decoy routers has yet to reach fruition. Obstacles to deployment such as the heavy requirements on routers that deploy decoy router relay stations, and the impact on the quality of service for customers that pass through these routers have deterred potential participants from deploying existing systems. Furthermore, connections from clients to overt sites often follow different paths in the upstream and downstream direction, making some existing designs impractical. Although decoy routing systems that lessen the burden on participating routers and accommodate asymmetric flows have been proposed, these arguably more deployable systems suffer from security vulnerabilities that put their users at risk of discovery or make them prone to censorship or denial of service attacks. In this paper, we propose a technique for supporting route asymmetry in previously symmetric decoy routing systems. The resulting asymmetric solution is more secure than previous asymmetric proposals and provides an option for tiered deployment, allowing more cautious ASes to deploy a lightweight, non-blocking relay station that aids in defending against routing-capable adversaries. We also provide an experimental evaluation of relay station performance on off-the-shelf hardware and additional security improvements to recently proposed systems.

scholarly journals Distributed Denial of Service (DDoS) Attacks and Defence Mechanism

2021 ◽  
Vol 10 (3) ◽  
pp. 83-88
Author(s):  
Akhil K.M ◽  
Rahul C.T ◽  
Athira V.B
Keyword(s):  
Defense Mechanisms ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Network Resources ◽  
Advantages And Disadvantages ◽  
Self Defense ◽  
Short Period ◽  
Attack And Defense

Denial of Service (DoS) attacks is one of the major threats to Internet sites and one of the major security problems Internet faces today. The nature of threats caused by Distributed Denial of Service (DDoS) attacks on networks. With little or no warning, a DDoS attack could easily destroy its victim's communication and network resources in a short period of time. This paper outlines the problem of DDoS attacks and developing a classification of DDoS attacks and DDoS defense mechanisms. Important features of each attack and defense system category are described and advantages and disadvantages of each proposed scheme are outlined. The goal of the paper is to set a certain order of existence methods of attack and defense mechanisms, for the better understanding DDoS attacks can be achieved with more effective methods and means of self-defense can be developed.

Sign in / Sign up

Export Citation Format

Share Document