ArticlePDF Available

Denial of Service Attack Techniques: Analysis, Implementation and Comparison

Authors:
Khaled Elleithy at University of Bridgeport
Khaled Elleithy
Drazen Blagovic
Drazen Blagovic
Drazen Blagovic
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Wang Cheng at Sacred Heart University
Wang Cheng
Paul Sideleau
Paul Sideleau
Paul Sideleau
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDFDownload full-text PDFDownload full-text PDFDownload full-text PDFDownload full-text PDFDownload full-text PDF
Read full-text
Download citation

Abstract and Figures

A denial of service attack (DOS) is any type of attack on a networking structure to disable a server from servicing its clients. Attacks range from sending millions of requests to a server in an attempt to slow it down, flooding a server with large packets of invalid data, to sending requests with an invalid or spoofed IP address. In this paper we show the implementation and analysis of three main types of attack: Ping of Death, TCP SYN Flood, and Distributed DOS. The Ping of Death attack will be simulated against a Microsoft Windows 95 computer. The TCP SYN Flood attack will be simulated against a Microsoft Windows 2000 IIS FTP Server. Distributed DOS will be demonstrated by simulating a distribution zombie program that will carry the Ping of Death attack. This paper will demonstrate the potential damage from DOS attacks and analyze the ramifications of the damage.
Figures - uploaded by Khaled Elleithy
Author content
All figure content in this area was uploaded by Khaled Elleithy
Content may be subject to copyright.
60.pdf
Content uploaded by Khaled Elleithy
Author content
All content in this area was uploaded by Khaled Elleithy
Content may be subject to copyright.
61.pdf
Content uploaded by Khaled Elleithy
Author content
All content in this area was uploaded by Khaled Elleithy
Content may be subject to copyright.
J10_Denial of Service Attack Techniques_Analysis, Implementation and Comparis
on.pdf
Content uploaded by Khaled Elleithy
Author content
All content in this area was uploaded by Khaled Elleithy
Content may be subject to copyright.
DofServiceAttackTechniqueImplementationComparis
on.pdf
Content uploaded by Khaled Elleithy
Author content
All content in this area was uploaded by Khaled Elleithy
Content may be subject to copyright.
DofServiceAttackTechniqueImplementationComparis
on.pdf
Content uploaded by Khaled Elleithy
Author content
All content in this area was uploaded by Khaled Elleithy
Content may be subject to copyright.
99.pdf
Content uploaded by Khaled Elleithy
Author content
All content in this area was uploaded by Khaled Elleithy
Content may be subject to copyright.
Denial of Service Attack Techniques: Analysis, Implementation and Comparison
Khaled M. Elleithy
Computer Science Department, University of Bridgeport
Bridgeport, CT 06604, USA
Drazen Blagovic, Wang Cheng, and Paul Sideleau
Computer Science Department, Sacred Heart University
Fairfield, CT 06825, USA
ABSTARCT
A denial of service attack (DOS) is any type of attack on a
networking structure to disable a server from servicing its
clients. Attacks range from sending millions of requests to a
server in an attempt to slow it down, flooding a server with
large packets of invalid data, to sending requests with an invalid
or spoofed IP address. In this paper we show the
implementation and analysis of three main types of attack: Ping
of Death, TCP SYN Flood, and Distributed DOS. The Ping of
Death attack will be simulated against a Microsoft Windows 95
computer. The TCP SYN Flood attack will be simulated
against a Microsoft Windows 2000 IIS FTP Server. Distributed
DOS will be demonstrated by simulating a distribution zombie
program that will carry the Ping of Death attack. This paper
will demonstrate the potential damage from DOS attacks and
analyze the ramifications of the damage.
Keywords: Communications systems security, Denial of
Service Attack (DOS), TCP SYN Flood, Ping of Death.
I. I
NTRODUCTION
Denial of services attacks (DOS) is a constant danger to web
sites. DOS has received increased attention as it can lead to a
severe lost of revenue if a site is taken offline for a substantial
amount of time; see [1-4]. There are many types of denial of
service attacks but two of the most common are Ping of Death
and TCP SYN Flood. We have chosen to implement these two
techniques and add Distributed DOS (DDOS) as well.
In a Ping of Death attack, a host sends hundreds of ping
requests (ICMP Echo Requests) with a large or illegal packet
size to another host in attempt to knock it offline or to keep it so
busy responding with ICMP Echo replies that it cannot service
its clients.
A TCP SYN Flood attack takes advantage of the standard
TCP three-way handshake by sending a request for connection
with an invalid return address.
In this paper we demonstrate DDOS by creating a worm like
program that installs programs on remote machines to attack a
particular server. These attackers listen in the background for a
message from a master program that will tell these attackers to
launch a DOS attack against a machine.
DDOS attacks are difficult to stop because they can be coming
from anywhere in the world. We will implement a DDOS
attack by launching the Ping of Death implementation against a
victim computer from several other workstations.
II. D
ISTRIBUTED
D
ENIAL OF
S
ERVICE WITH
P
ING OF
D
EATH
P
AYLOAD
I
MPLEMENTATION
To implement DDOS, a worm like program is created to
simulate self-propagation onto many hosts on a network.
However, creating an actual worm is beyond the scope of this
paper, therefore, we used a small Java program to simulate such
a worm. Though it carries the payload and waits to receive
orders from a master program, the worm does not self
propagate. We simply placed the application on each host
machine manually for simulation purposes.
The worm-like zombie program will launch a Ping of Death
attack from multiple hosts coordinated by a master program.
The applications handle all communication between each other.
When the master program orders the attack, a message is sent to
all the zombies that makes them release their Ping of Death
payload against a victim host that is specified by the master
program.
The Java implementation has been built using TCP sockets
and serializable Java objects. Serializable Java objects can be
transferred to remote servers and then executed with all of its
information intact. The serializable Java objects have all the
instructions needed to launch a particular type of attack. When
a user wishes to initiate an attack, he or she starts up the master
program and specifies which server to attack. The master
program then looks up the IP addresses of all known zombie
programs and what ports they are listening on by accessing a
configuration file. It then constructs a Java serializable object
based on the DOS attack type specified, and sends it to every
zombie listed in its configuration file over a TCP socket. The
zombie program recognizes that it has received a message and
reads from a TCP socket the serializable java object. It then
deserializes it and executes it, which in turn will launch the
DOS attack. Figures 1,2 show the scenario of this
implementation.
In figure 3, the DOSZombie class acts as a server that
services DOS attacks. It is created by specifying what port it
should listen on. It then creates a TCP socket and waits in the
background until a communication message is received. It is
multithreaded; therefore, it can receive multiple connections at
the same time.
The DOSAttackLauncher class acts as the client and can
communicate with a DOSZombie. It is created by specifying
the zombie’s IP address and the port that it is listening on. The
DOSAttackLauncher then creates a TCP connection to the
SYSTEMICS, CYBERNETICS AND INFORMATICS VOLUME 3 - NUMBER 166
zombie specified. Its method, “launchAttack”, takes a
DOSAttack object. It will then send this object to the
DOSZombie and the DOSZobmie will then invoke the
DOSAttack’s attack method. The DosZombie also sends a
return message to the DOSAttackLauncher notifying if it
successfully began the attack or if an error occurred.
The DOSAttackManager is used by the master program that
launches the attack. It finds all the zombies that are running,
constructs a DOSAttackLauncher for each zombie, and then
instructs all DOSAttackLaunchers to send the type of
DOSAttack to the zombie.
The DOSAttacker class is an abstract class to support
polymorphic behavior and implements the Java Serializable
interface so that it can be sent through a TCP socket and
executed on a remote server.
The PingDOSAttacker and SYNFloodAttacker have the
implementations for the “Ping of Death” attacker and the TCP
SYN flood attack, respectively. The PingDOSAttacker makes
an external call to the C# Ping of Death implementation
program when their attack methods are called.
There are two Ping of Death implementations. The first and
most simple implementation is simply by calling a ping
application that comes with any modern network operating
system. The packet sizes are modified to be larger then the
default 32 bytes. The strength of this attack is not in the ping
application itself by rather in the fact that when used in a DDOS
scenario, the victim computer is simply overwhelmed by the
large quantity of ICMP Echo Request packets.
The second implementation uses a C# program and RAW
Sockets to increase the amount and speed of the ECHO Request
packets in addition to the size. RAW Sockets are a form of TCP
sockets that allow the programmer to build each packet from
scratch. The application therefore, must define all the
parameters in the header as well as allocate all necessary buffers
to contain the packet. All checksums and validations have to be
done by the application rather then handled by the operating
system. The advantage is speed: by removing checks and
safeguards that the standard TCP socket has in place and
allocating exact buffers, resource use is significantly reduced as
a whole when considered in volume. This also allows the
application to do things like ignore ECHO Reply packets and
concentrate solely on sending ECHO Request packets. The
implementation is extremely straightforward being small and
concise, perfect for use in a covert DOS attack.
The second implementation uses a C# program and RAW
Sockets to increase the amount and speed of the ECHO Request
packets in addition to the size. RAW Sockets are a form of TCP
sockets that allow the programmer to build each packet from
scratch. The application therefore, must define all the
parameters in the header as well as allocate all necessary buffers
to contain the packet. All checksums and validations have to be
done by the application rather then handled by the operating
system. The advantage is speed: by removing checks and
safeguards that the standard TCP socket has in place and
allocating exact buffers, resource use is significantly reduced as
a whole when considered in volume. This also allows the
application to do things like ignore ECHO Reply packets and
concentrate solely on sending ECHO Request packets. The
implementation is extremely straightforward being small and
concise, perfect for use in a covert DOS attack.
VICTIM
ZOMBIE
DOSLAUNCHER
Java Serializable
object transferred
via TCP
D es eria lize d J a va O bje ct
launching TCP SYN Flood
or PING of DEATH
Fig. 1. Communication Framework
Victim
Router Router
Router
DosAttacker
Zombie Zombie
Zombie
Zombie Zombie
Zombie
TCP
TCP
Ping of Death | TCP SYN
Flood
Fig. 2. Overview of communication process.
SYSTEMICS, CYBERNETICS AND INFORMATICS VOLUME 3 - NUMBER 1 67
+run()
+stop()
+DOSZombie(in port : int)
DOSZombie
+launchAttack(in DOSAttacker)
+DosAttackLauncher(in DestinationHost : string, in DestinationPort : string)
DOSAttackLauncher
+attack()
+getPropertiesBundle() : <unspecified>
DOSAttacker
SYNFloodDOSAttacker PingDOSAttacker
«uses»
«uses»
DOSAttackManager
«uses»
Figure 3. Class Diagram of Java DDOS
Figure 4. Data Flow Diagram
III. TCP
SYN
F
LOOD
I
MPLEMENTATION
When hosts need to establish communications via the TCP
transport protocol, they must do a session initiation, which
consists of a three-way handshake:
1. The source host initiated the communication by sending a
TCP packet to the destination host the SYN flag (SYNchronize
sequence numbers) set to 1. In this packet reside the source IP
address and port number as well as the destination IP address
and port numbers (in addition to several other fields which are
inconsequential for this discussion).
2. The destination host responds by sending a TCP packet to
the source host with the flags SYN and ACK (ACKnowledge)
set to 1. The response is sent to the source IP address and port
of the initial packet in step 1.
3. The source host sends the destination host another TCP
packet with the ACK flag set to 1. This completes the 3-way
handshake and normal data communication can start.
In a TCP SYN Flood attack, the source (attacker) host
simply fails to complete step 3 leaving the destination (victim)
host with an unfinished communication session. When the
victim’s TCP socket receives the message in step one, it
allocates buffers, increments counters, initiates timers, and
increases communication stacks in preparation for the
communication that is to follow. In addition, processor time is
spent building the reply packet (step 2) and sending it back.
The attacker can overwhelm the victim’s computer resources by
sending a “flood” of packets with the SYN flag set to 1 (step 1)
and never bothering returning any response (step 3).
The TCP SYN Flood attack implemented is the Neptune
algorithm and implementation. In this algorithm, not only is
step 3 of the TCP handshake ignored, the source address in the
SYN packet of step 1 is set to an unreachable destination (for
SYSTEMICS, CYBERNETICS AND INFORMATICS VOLUME 3 - NUMBER 168
example a non-routable IP address). IP spoofing is used in this
implementation therefore; it is virtually impossible to track the
origin of the packet since the return address is fake. The
victim’s computer now expends time to try to deliver a packet to
an inexistent destination.
The Neptune implementation also allows the attacker to
specify a specific service to deny. In a classical TCP SYN
Flood attack, the attacker generally tries to prevent the victim’s
computer from servicing any legitimate requests. The Neptune
implementation however, allows the attacker to choose a
specific TCP service port to overwhelm. In other words, the
attacker can choose to bring down only a web server for
example (port 80).
A simulation for an attack on a FTP server running
Windows 2000 IIS FTP has been tested. Figure 5 shows a
small TCP SYN Flood attack against an FTP server (IP address
148.166.161.115). Notice that the source IP address is spoofed
(part of the non-routable 10.x.x.x class B range). In this
particular attack, only three SYN flood packets were sent (Nos.
1, 3, 5) against an FTP server (port 21 destination). For each of
the packets, the server replies with and ACK-SYN packet which
in turn ends up nowhere (Nos. 2, 4, 6). The server then retries
to send replies a further two times before giving up (Nos. 7-12).
When looking closer at the actual packets we can see the
spoofed packet clearly with the SYN flag set to 1 (Figure 6) and
the spoofed source IP address of 10.10.1.1. Similarly, the
return packet (Figure 7) is destined for nowhere and has the
ACK and SYN flags set to 1. The application also takes care of
using different source port numbers and sequence numbers.
This prevents the victim’s computer from assuming that packets
all come from the same client in the same host. By changing
the return port and sequence numbers, a single computer can
force another host to allocate several connection resources.
IV. A
NALYSIS
Figure 8 shows an excerpt from the source code. At this
point, the TCP header is being built. Notice the random source
port, sequence number, and SYN flag set to one in the bolded
sections. In this particular example three packets where sent,
however, when a true flood of invalid packets are sent, it will
overwhelm the computer and the more specifically the targeted
service. The packets are very small (since they contain no data)
so that even a slow computer with a slow dial-up connection
can overwhelm a server in a matter of seconds. As the server
spends time and resources trying to handle these fake
connections, it starts to drop packets as it becomes
overwhelmed, in doing so, it starts to also drop legitimate
packets from legitimate users. If such an attack were to be
delivered via DDOS, the results could be devastating for a
victim’s computer. One simple computer can already
overwhelm most TCP stacks; a distributed attack would most
likely crash those stacks and the operating systems with them.
The DDOS program is implemented in Java and can be used
in virtually any operating environment that supports a Java JIT
compiler making it cross-platform. Since every operating
system with a TCP socket support has a ping application, it
would be easy enough to launch a Ping of Death attack from a
wide range of hosts. The only part missing is the self-
propagation piece of the zomebie worm. The architecture is
also open to allow it to deploy almost any attack via serializable
objects. This is to say, it could deliver any attack as its payload,
even our TCP SYN Flood application that is written to take
command line parameters as well. The TCP SYN Flood
application however, has the draw back of only working in a
Linux environment. It can be ported to a UNIX environment
and with the advent of RAW sockets in Microsoft Windows
2000/XP, it could also be ported over to the Windows world.
V. C
ONCLUSION
All the implementations done in these simulations consist of
very simple and light loaded attacks, which can cause severe
amounts of damage. DOS attacks can be stealthy covert and
easily delivered. The Neptune implementation for example, is
only 10Kbytes in size and can cause devastation to a service.
When combined with the power of a DDOS attack, Denial of
Service is a truly powerful attack. Although our
implementations are not sophisticated, they serve as examples
of what such programs can do and the damage they can cause.
VI. R
EFERENCES
[1] Christoph L. Schuba, et. al., “Analysis of a Denial of
Service Attack on TCP,” 1997 IEEE Symposium on
Security and Privacy , May 1997, pp. 208.
[2] Frank Kargl, Joern Maier, Michael Weber, “Protecting
web servers from distributed denial of service attacks,”
Proceedings of the tenth international conference on
World Wide Web, April 2001, pp. 514.
[3] Errin Fulp et. al. “Preventing Denial of Service Attacks on
Quality of Service,” DARPA Information Survivability
Conference and Exposition (DISCEX II'01)Volume II-
Volume 2 , June 2001, pp. 1155.
[4] Gresty, Q. Shi, M. Merabti, “Requirements for a General
Framework for Response to Distributed Denial-of-
Service,” 17th Annual Computer Security Applications
Conference (ACSAC'01), December 2001, pp. 422.
VII. B
IOGRAPHIES
Khaled M. Elleithy (M’1988) received
the B.Sc. degree in computer science
and automatic control from Alexandria
University in 1983, the M.Sc. Degree in
computer networks from the same
university in 1986, and the M.Sc. and
Ph.D. degrees in computer science from
The Center for Advanced Computer
Studies at the University of
Southwestern Louisiana in 1988 and
1990, respectively.
From 1983 to 1986 he was with the Computer Science
Department, Alexandria University, Egypt, as a lecturer. From
September 1990 to May 1995 he worked as an assistant
professor at the Department of Computer Engineering, King
Fahd University of Petroleum and Minerals, Dhahran, Saudi
Arabia. From May 1995 to December 2000 he has worked as an
Associate Professor in the same department. In January 2000
Professor Elleithy joined the Department of Computer Science
and Engineering in University of Bridgeport as an associate
professor. In May 2003 he was promoted to full professor.
SYSTEMICS, CYBERNETICS AND INFORMATICS VOLUME 3 - NUMBER 1 69
Professor Elleithy published more than sixty research papers
in international journals and conferences. He has research
interests in the areas of network security, mobile / wireless
communications, computer arithmetic and formal approaches
for design and verification.
Figure 5. TCP SYN Flood run against an FTP server
Figure 6. SYN Flood packet with SYN flag set to 1
Figure 7. Response packet with ACK-SYN flags set to 1
SYSTEMICS, CYBERNETICS AND INFORMATICS VOLUME 3 - NUMBER 170
/* IP address information */
struct sockaddr_in sin;
register int i=0,j=0;
int floodcontrol=0;
unsigned short sport=161+getpid();
. . .
/* Build TCP header */
packet.tcp.source=sport; /* 16-bit Source port number */
packet.tcp.dest=htons(dport); /* 16-bit Destination port */
packet.tcp.seq=49358353+getpid(); /* 32-bit Sequence Number */
packet.tcp.ack_seq=0; /* 32-bit Acknowledgement Number */
packet.tcp.doff=5; /* Data offset */
packet.tcp.res1=0; /* reserved */
packet.tcp.urg=0; /* Urgent offset valid flag */
packet.tcp.ack=0; /* ACK flag */
packet.tcp.psh=0; /* Push flag */
packet.tcp.rst=0; /* Reset flag */
packet.tcp.syn=1; /* SYN flag */
packet.tcp.fin=0; /* Finish sending flag */
packet.tcp.window=htons(242); /* 16-bit Window size */
packet.tcp.check=0; /* 16-bit checksum (to be filled in below) */
packet.tcp.urg_ptr=0; /* 16-bit urgent offset */
/* Build IP header */
packet.ip.version=4; /* 4-bit Version */
packet.ip.ihl=5; /* 4-bit Header Length */
packet.ip.tos=0; /* 8-bit Type of service */
packet.ip.tot_len=htons(40); /* 16-bit Total length */
packet.ip.id=getpid(); /* 16-bit ID field */
packet.ip.frag_off=0; /* 13-bit Fragment offset */
packet.ip.ttl=255; /* 8-bit Time To Live */
packet.ip.protocol=IPPROTO_TCP; /* 8-bit Protocol */
packet.ip.check=0; /* 16-bit Header checksum (filled in below) */
packet.ip.saddr=sadd; /* 32-bit Source Address */
packet.ip.daddr=dadd; /* 32-bit Destination Address */
Figure 8. Excerpt from the source code
SYSTEMICS, CYBERNETICS AND INFORMATICS VOLUME 3 - NUMBER 1 71
... CAMbase v2.0, has been running on the same 32-bit OS since its release. As the database can be accessed publicly, it has been at risk of being attacked, e.g., by denial-of-service attacks (DOS) [13] or intrusions with mostly bad and unethical intentions [14,15]. Despite the wide spectrum of securing an OS, selecting the right one already shows that it may be used to improve an intrusion-tolerant system [16]. ...
Reliability and Performance of the Online Literature Database CAMbase after Changing from a Semantic Search to a Score Ranking Algorithm
Article
Full-text available
  • Sep 2023
Despite the increase in scientific publications in the field of integrative medicine over the past decades, a valid overview of published evidence remains challenging to get. The online literature database CAMbase (available at https://cambase.de ) is one of the established databases designed to provide such an overview. In 2020, the database was migrated from a 32-bit to a 64-bit operating system, which resulted in unexpected, technical issues and forced the replacement of the semantic search algorithm with Solr , an open-source platform that uses a score ranking algorithm. Although semantic search was replaced, the goal was to create a literature database that is essentially no different from the legacy system. Therefore, a before-after analysis was conducted to compare first the number of retrieved documents and then their titles, while the titles were syntactically compared using two Sentence-Bidirectional Encoder Representations from Transformers (SBERT) models. Analysis with a paired t-test revealed no significant overall differences between the legacy system and the final system in the number of documents ( t =− 1.41 , d f = 35 , p = 0.17 ), but an increase in performance ( t = 4.13 , d f = 35 , p < 0.01 ). Analysis with a t-test for independent samples of the values from the models also revealed a high degree of consistency between the retrieved documents. The results show that an equivalent search can be provided by using Solr , while improving the performance, making this technical report a viable blueprint for projects with similar contexts.
View
... Denial of service attack (DoS) adalah semua jenis serangan pada struktur jaringan untuk menonaktifkan server. Serangan yang dilakukan yaitu mengirim jutaan permintaan ke suatu server untuk memperlambat performa server tersebut, kemudian membanjiri server dengan paket besar data yang tidak valid sehingga server akan mengalami kegagalan [12]. Penelitian ini akan menguji performa CPU dan kapasitas memori pada sistem operasi RedHat Linux dan FreeBSD menggunakan tools hping3 untuk melancarkan serangan Denial of Service, kemudian menganlisis hasil serangan terhadap kedua sistem operasi tersebut. ...
Comparative Analysis of CPU Performance on FreeBSD 64-bit and RedHat 64-bit Operating System Against Denial of Service (DoS) Using Hping3
Article
Full-text available
  • Jan 2023
Denial of Services (Dos) attack is a type of attack against server traffic. DoS works by placing a heavy load on the server, so that the server cannot accommodate connections from other users and can cause system failure on the server. On the other hand, Denial of Services (DoS) attacks can be used to test server resilience. The servers to be tested are using RedHat Linux and FreeBSD operating systems. Testing is carried out by flooding the system with DoS attacks using the hping3 tool, then comparing the test results in the form of percentages of CPU consumption and memory consumption between operating systems to determine vulnerabilities in each operating system. Based on a comparison of test results between operating systems, the FreeBSD operating system has better CPU performance than the RedHat Linux operating system, but has a vulnerability in internal memory to DoS attacks. Meanwhile, the RedHat Linux operating system has better internal memory performance than the FreeBSD operating system, but has a vulnerability in CPU performance against DoS attacks.
View
... A denial of service (DoS) attack aims to make the service unavailable to the authorized user by flooding the server with false requests [44,45]. This attack disrupts the availability factor in the CIA triad. ...
Cyber Attacks in Cyber-Physical Microgrid Systems: A Comprehensive Review
Article
Full-text available
  • Jun 2023
The importance of and need for cyber security have increased in the last decade. The critical infrastructure of the country, modeled with cyber-physical systems (CPS), is becoming vulnerable because of a lack of efficient safety measures. Attackers are becoming more innovative, and attacks are becoming undetectable, thereby causing huge risks to these systems. In this scenario, intelligent and evolving detection methods should be introduced to replace basic and outworn methods. The ability of artificial intelligence (AI) to analyze data and predict outcomes has created an opportunity for researchers to explore the power of AI in cyber security. This article discusses new-age intelligence and smart techniques such as pattern recognition models, deep neural networks, generative adversarial networks, and reinforcement learning for cyber security in CPS. The differences between the traditional security methods used in information technology and the security methods used in CPS are analyzed, and the need for a transition into intelligent methods is discussed in detail. A deep neural network-based controller that detects and mitigates cyber attacks is designed for microgrid systems. As a case study, a stealthy local covert attack that overcomes the existing microgrid protection is modeled. The ability of the DNN controller to detect and mitigate the SLCA is observed. The experiment is performed in a simulation and also in real-time to analyze the effectiveness of AI in cyber security.
View
... HTTPS 159 spoofing, SSL hijacking, SSL stripping and SSL beast are the methods often used to decrypt 160 the messages [36]. A denial of service attack aims to make the service unavailable to the authorized user 163 by flooding the server with false requests [37,38]. This attack causes disruption in the 164 availability factor in the CIA triad. ...
Cyber-attacks in Cyber-Physical Microgrid Systems: A Comprehensive Review
Preprint
Full-text available
  • Apr 2023
Importance and need for cyber security have increased in folds since a decade. Indirectly, the country’s security depends on the country’s cyber-physical systems. Attackers are becoming more innovative, and attacks are becoming undetectable, causing huge risks to the systems. In this scenario, intelligent and evolving detection methods should be introduced to replace the basic and outworn ones. This article discusses about new-age intelligence and smart techniques dealing with artificial intelligence (AI) models. Artificial intelligence for cyber security is reviewed, and the performance of machine learning models (ML) and deep learning (DL) models are analysed. A real-time case study of stealthy local covert attacks with false data injection attacks is implemented on the DC-DC converter. A deep learning model is designed to mitigate cyber attacks, and its performance is evaluated.
View
... HTTPS 157 spoofing, SSL hijacking, SSL stripping and SSL beast are the methods often used to decrypt 158 the messages [36]. The goal of a denial of service attack is to make the service unavailable to the autho-161 rized user by flooding the server with false requests [37,38]. This attack causes disruption in the availability factor in the CIA triad. ...
Cyber-attacks in Cyber Physical Microgrid Systems : A comprehensive Review
Preprint
Full-text available
  • Mar 2023
Importance and need for cyber security have increased in folds since a decade. Indirectly, the country’s security depends on the country’s cyber-physical systems. Attackers are becoming more innovative, and attacks are becoming undetectable, causing huge risks to the systems. In this scenario, intelligent and evolving detection methods should be introduced to replace the basic and outworn ones. This article discusses about new-age intelligence and smart techniques dealing with artificial intelligence (AI) models. Artificial intelligence for cyber security is reviewed, and the performance of machine learning models (ML) and deep learning (DL) models are analysed.
View
Blockchain Based Simulated Virtual Machine Placement Hybrid Approach for Decentralized Cloud and Edge Computing Environments
Chapter
  • Jun 2023
In the distributed cloud environment, each server (computing server (CS)) is configured with Local Resource Monitors (LRM), which runs independently and performs Virtual Machine (VM) migrations to nearby servers. Approaches like predictive VM migration considering peer servers’ CPU usage, setting up rotative decision-making capacity among the peer server are some approaches proposed by the authors for decentralized cloud and edge computing environment and edge computing during their study. Decentralized cloud and edge computing environment suffer from overutilization caused due to multiple VM placements by peer servers on the same server. This work proposes adaptive predictive VM placement using blockchain with two- threshold for the decentralized cloud and edge computing environment combined with the edge computing environment. In this work, each server in the framework considers its own and peer server’s current and future CPU utilization before it takes a decision for VM migration. Experimental results reveal that the proposed dynamic threshold based predictive approach has better results compared with randomized peer-to-peer VM placement. The use of blockchain during VM placement allows the identified server to maintain its current and future utilization below the upper threshold usage limit and also ensure tampering proof communication in the peer server during VM placement.KeywordsBlockchainEdge computingDecentralized cloud
View
Wireless and Mobile Security in Edge Computing
Chapter
  • Jun 2023
The rapid enhancement of wireless and mobile usage in edge computing has been increasing drastically in recent years. With the help of 5G networks, devices can now run with low latency and reduced backhaul, allowing us to solve complicated tasks efficiently. As users are growing rapidly day by day, security concerns have been rising that are affecting both the users and the service providers economically. This chapter provides an overview of privacy issues and possible attacks in wireless and mobile edge computing, a discussion of how the attacks take place, guidelines on how to avoid such attacks, and ways of enhancing privacy and security in mobile edge computing.KeywordsEdge computingWireless securityMobile security
View
View
View
Acceptance of e-commerce in family business: A UTAUT Approach
Conference Paper
  • Dec 2022
E-commerce is a disruptive technology that started as a replacement for information and has now evolved to include buying and selling goods. Family businesses are commercial enterprises in which decisions are impacted by older generations of a family who are related by blood, marriage, or adoption and who can influence the company's vision and willingness to pursue various goals. Family businesses have distinct priorities and outcomes because they were not established or managed like traditional commercial organizations. Family enterprises typically have a strong cultural orientation as contrasted to any other type of commercial firm's growth orientation. Decision-making is influenced by the expertise and knowledge of older generations. Therefore, we decided to identify the variable that influences family businesses' intentions to use and actual usage of e-commerce technologies, especially in India. A UTAUT model approach is used which included eight adoption-related theories. The variable perceived trust is added to the model because it has a direct effect on purchase intention.
View
Requirements for a general framework for response to distributed denial-of-service
Conference Paper
Full-text available
  • Jan 2002
What is network denial of service (DoS), and why is it such a problem? This research project has sought to investigate these questions and look at the deeper questions such as can denial of service be removed, can it be detected and can network systems adequately respond to denial of service incidents should they become subjected to them? This paper describes some issues that make network denial of service a difficult security problem, and discusses some solutions that have been provided by the security research community. The paper then provides a classification of denial of service, the consumer problem and the producer problem, which forms the bulk of modern network denial of service incidents. Finally the paper proposes requirements for a framework for the management of response to network denial of service incidents, and suggests future directions that are being developed to create the framework.
View
Preventing Denial of Service Attacks on Quality of Service DARPA Information Survivability Conference and Exposition (DISCEX II'01)
  • Jun 2001
  • 1155
  • Errin Fulp
Errin Fulp et. al. "Preventing Denial of Service Attacks on Quality of Service," DARPA Information Survivability Conference and Exposition (DISCEX II'01)Volume IIVolume 2, June 2001, pp. 1155.
1988) received the B.Sc. degree in computer science and automatic control from Alexandria University in 1983, the M.Sc
  • Vii Biographies Khaled
  • M Elleithy
VII. BIOGRAPHIES Khaled M. Elleithy (M'1988) received the B.Sc. degree in computer science and automatic control from Alexandria University in 1983, the M.Sc. Degree in computer networks from the same university in 1986, and the M.Sc. and Ph.D. degrees in computer science from