Article
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Even though core or backbone routers may have not vulnerability issues for TTL expiry DDoS attack, routers which have only a single processor for packet forwarding and control used in the small network may vulnerable for an TTL expiry DDoS attack. The reason is that forwarding and control functions are not completely separated so the packet dropping due to TTL expiration affects to packet forwarding. In this paper we presents effect of the TTL Expiry DDoS attack with the attack scenario in the testbed consisted with commercialized network equipments. The results show that the TTL attack using small packets in low utilization is more effective than the attack using large packets.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Chapter
Sensitive information has critical risks when transmitted through computer networks. Existing protection systems still have limitations with treating network information with sufficient confidentiality, integrity, and availability. The rapid development of network technologies helps increase network attacks and hides their malicious intentions. Attack intention is the ultimate attack goal that the attacker attempts to achieve by executing various intrusion methods or techniques. Recognizing attack intentions helps security administrator develop effective protection systems that can detect network attacks that have similar intentions. This paper analyses attack types and classifies them according to their malicious intent. An investigation approach based on similarity metric is proposed to recognize attacker plans and predict their intentions. The obtained results demonstrate that the proposed approach is capable of investigating similarity of attack signatures and recognizing the intentions of Network attack.
Article
Sensitive information has critical risks when transmitted through computer networks. Existing protection systems still have limitations with treating network information with sufficient confidentiality, integrity, and availability. The rapid development of network technologies helps increase network attacks and hides their malicious intentions. Attack intention is the ultimate attack goal that the attacker attempts to achieve by executing various intrusion methods or techniques. Recognizing attack intentions helps security administrator develop effective protection systems that can detect network attacks that have similar intentions. This paper analyses attack types and classifies them according to their malicious intent. An investigation approach based on similarity metric is proposed to recognize attacker plans and predict their intentions. The obtained results demonstrate that the proposed approach is capable of investigating similarity of attack signatures and recognizing the intentions of Network attack.
Research
Distributed Denial of Service attack is an incessant critical threat to the internet. Application layer DDoS Attack is resulting from the lower layers. Request layer based DDoS attacks use legitimate HTTP requests after formation of TCP three way hands shaking and overwhelms the target resources, such as sockets, CPU, memory, disk, record bandwidth. We found the problem DDoS attack is an accepted growth from the SYN Flood. The idea overdue this attack is converging Internet connection bandwidth of many types of machinery upon one or a few machines. This way it is likely to use a large array of smaller widely distributed computers to create the big flood effect.Our problem is when an attacker will try to attack the system, threat would be detecting by genetic algorithm and with the help of its fitness function it would harvest an assessment value out of that risk.. An anomaly detection mechanism is proposed in this paper to detect DDoS attacks using Genetic Algorithm and prevention using feed forward neural network. Apply the optimization technique for detect the attack and prevention classification technique using Feed Forward Neural Network.
Research
Scalability and vibrant formation of service clouds can be susceptible to Distributed Denial of Service attacks. The attack on network facilities causes a presentation decrease in the cloud applications or can shut them down. Moreover, due to the extraordinary distribution of the facility components, finding the original attacking service becomes a distant additional complex task. This paper supporters a DDoS attack detection approach for service clouds and develops efficient algorithms to resolution the creating facility for the attack. The detection approach is composed of four levels such that every level notices indications of DDoS attacks from its native data. A low-rate DDoS attack allows legitimate network traffic to permit and chomps little bandwidth. So, recognition of this type of attacks is very difficult in high speed networks. In this paper, several information metrics, namely, Hartley entropy, Shannon entropy, and generalized entropy are evaluated to detect low-rate DDoS attacks. We describe individualities of system traffic and unsuitable metric facilitates building an functioning model to sense low-rate DDoS attacks.
Article
Full-text available
IP spoofing has often been exploited by Distributed Denial of Service (DDoS) attacks to: 1)conceal flooding sources and dilute localities in flooding traffic, and 2)coax legitimate hosts into becoming reflectors, redirecting and amplifying flooding traffic. Thus, the ability to filter spoofed IP packets near victim servers is essential to their own protection and prevention of becoming involuntary DoS reflectors. Although an attacker can forge any field in the IP header, he cannot falsify the number of hops an IP packet takes to reach its destination. More importantly, since the hop-count values are diverse, an attacker cannot randomly spoof IP addresses while maintaining consistent hop-counts. On the other hand, an Internet server can easily infer the hop-count information from the Time-to-Live (TTL) field of the IP header. Using a mapping between IP addresses and their hop-counts, the server can distinguish spoofed IP packets from legitimate ones. Based on this observation, we present a novel filtering technique, called Hop-Count Filtering (HCF)-which builds an accurate IP-to-hop-count (IP2HC) mapping table-to detect and discard spoofed IP packets. HCF is easy to deploy, as it does not require any support from the underlying network. Through analysis using network measurement data, we show that HCF can identify close to 90% of spoofed IP packets, and then discard them with little collateral damage. We implement and evaluate HCF in the Linux kernel, demonstrating its effectiveness with experimental measurements
Article
Full-text available
Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.
Conference Paper
ARP-based Distributed Denial of Service (DDoS) attacks due to ARP-storms can happen in local area networks where many hosts are infected by worms such as code red. In ARP attack, the DDoS agents constantly send a barrage of ARP requests to the gateway, or to another host within the same sub-network, and ties up the resource of attacked gateway or host. In this paper, we measure the impact of ARP-storms on the availability of processing and memory resources of a Window-XP server deploying a high performance Pentium-IV processor. Index terms — ARP attack, Computer Network Security, Distributed Denial of Service Attacks.
Article
Denial of Service attacks are presenting an increasing threat to the global inter-networking infrastructure. While TCP's congestion control algorithm is highly robust to diverse network conditions, its implicit assumption of end-system cooperation results in a well-known vulnerability to attack by high-rate non-responsive flows. In this paper, we investigate a class of low-rate denial of service attacks which, unlike high-rate attacks, are difficult for routers and counter-DoS mechanisms to detect. Using a combination of analytical modeling, simulations, and Internet experiments, we show that maliciously chosen low-rate DoS traffic patterns that exploit TCP's retransmission timeout mechanism can throttle TCP flows to a small fraction of their ideal rate while eluding detection. Moreover, as such attacks exploit protocol homogeneity, we study fundamental limits of the ability of a class of randomized timeout mechanisms to thwart such low-rate DoS attacks
Article
Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its Internet connection, or both. In the last two years, it was discovered that DDoS attack methods and tools are becoming more sophisticated, effective, and also more difficult to trace to the real attackers. On the defense side, current technologies are still unable to withstand large-scale attacks. The main purpose of this article is therefore twofold. The first one is to describe various DDoS attack methods, and to present a systematic review and evaluation of the existing defense mechanisms. The second is to discuss a longer-term solution, dubbed the Internet-firewall approach, that attempts to intercept attack packets in the Internet core, well before reaching the victim.
RFC 791: Internet Protocol