85 resultados para low-rate DDoS attacks
em Queensland University of Technology - ePrints Archive
Resumo:
High-rate flooding attacks (aka Distributed Denial of Service or DDoS attacks) continue to constitute a pernicious threat within the Internet domain. In this work we demonstrate how using packet source IP addresses coupled with a change-point analysis of the rate of arrival of new IP addresses may be sufficient to detect the onset of a high-rate flooding attack. Importantly, minimizing the number of features to be examined, directly addresses the issue of scalability of the detection process to higher network speeds. Using a proof of concept implementation we have shown how pre-onset IP addresses can be efficiently represented using a bit vector and used to modify a “white list” filter in a firewall as part of the mitigation strategy.
Resumo:
Distributed Denial of Services DDoS, attacks has become one of the biggest threats for resources over Internet. Purpose of these attacks is to make servers deny from providing services to legitimate users. These attacks are also used for occupying media bandwidth. Currently intrusion detection systems can just detect the attacks but cannot prevent / track the location of intruders. Some schemes also prevent the attacks by simply discarding attack packets, which saves victim from attack, but still network bandwidth is wasted. In our opinion, DDoS requires a distributed solution to save wastage of resources. The paper, presents a system that helps us not only in detecting such attacks but also helps in tracing and blocking (to save the bandwidth as well) the multiple intruders using Intelligent Software Agents. The system gives dynamic response and can be integrated with the existing network defense systems without disturbing existing Internet model. We have implemented an agent based networking monitoring system in this regard.
Resumo:
This thesis presents an original approach to parametric speech coding at rates below 1 kbitsjsec, primarily for speech storage applications. Essential processes considered in this research encompass efficient characterization of evolutionary configuration of vocal tract to follow phonemic features with high fidelity, representation of speech excitation using minimal parameters with minor degradation in naturalness of synthesized speech, and finally, quantization of resulting parameters at the nominated rates. For encoding speech spectral features, a new method relying on Temporal Decomposition (TD) is developed which efficiently compresses spectral information through interpolation between most steady points over time trajectories of spectral parameters using a new basis function. The compression ratio provided by the method is independent of the updating rate of the feature vectors, hence allows high resolution in tracking significant temporal variations of speech formants with no effect on the spectral data rate. Accordingly, regardless of the quantization technique employed, the method yields a high compression ratio without sacrificing speech intelligibility. Several new techniques for improving performance of the interpolation of spectral parameters through phonetically-based analysis are proposed and implemented in this research, comprising event approximated TD, near-optimal shaping event approximating functions, efficient speech parametrization for TD on the basis of an extensive investigation originally reported in this thesis, and a hierarchical error minimization algorithm for decomposition of feature parameters which significantly reduces the complexity of the interpolation process. Speech excitation in this work is characterized based on a novel Multi-Band Excitation paradigm which accurately determines the harmonic structure in the LPC (linear predictive coding) residual spectra, within individual bands, using the concept 11 of Instantaneous Frequency (IF) estimation in frequency domain. The model yields aneffective two-band approximation to excitation and computes pitch and voicing with high accuracy as well. New methods for interpolative coding of pitch and gain contours are also developed in this thesis. For pitch, relying on the correlation between phonetic evolution and pitch variations during voiced speech segments, TD is employed to interpolate the pitch contour between critical points introduced by event centroids. This compresses pitch contour in the ratio of about 1/10 with negligible error. To approximate gain contour, a set of uniformly-distributed Gaussian event-like functions is used which reduces the amount of gain information to about 1/6 with acceptable accuracy. The thesis also addresses a new quantization method applied to spectral features on the basis of statistical properties and spectral sensitivity of spectral parameters extracted from TD-based analysis. The experimental results show that good quality speech, comparable to that of conventional coders at rates over 2 kbits/sec, can be achieved at rates 650-990 bits/sec.
Resumo:
This work-in-progress paper presents an ensemble-based model for detecting and mitigating Distributed Denial-of-Service (DDoS) attacks, and its partial implementation. The model utilises network traffic analysis and MIB (Management Information Base) server load analysis features for detecting a wide range of network and application layer DDoS attacks and distinguishing them from Flash Events. The proposed model will be evaluated against realistic synthetic network traffic generated using a software-based traffic generator that we have developed as part of this research. In this paper, we summarise our previous work, highlight the current work being undertaken along with preliminary results obtained and outline the future directions of our work.
Resumo:
This thesis investigates and develops techniques for accurately detecting Internet-based Distributed Denial-of-Service (DDoS) Attacks where an adversary harnesses the power of thousands of compromised machines to disrupt the normal operations of a Web-service provider, resulting in significant down-time and financial losses. This thesis also develops methods to differentiate these attacks from similar-looking benign surges in web-traffic known as Flash Events (FEs). This thesis also addresses an intrinsic challenge in research associated with DDoS attacks, namely, the extreme scarcity of public domain datasets (due to legal and privacy issues) by developing techniques to realistically emulate DDoS attack and FE traffic.
Resumo:
An intrinsic challenge associated with evaluating proposed techniques for detecting Distributed Denial-of-Service (DDoS) attacks and distinguishing them from Flash Events (FEs) is the extreme scarcity of publicly available real-word traffic traces. Those available are either heavily anonymised or too old to accurately reflect the current trends in DDoS attacks and FEs. This paper proposes a traffic generation and testbed framework for synthetically generating different types of realistic DDoS attacks, FEs and other benign traffic traces, and monitoring their effects on the target. Using only modest hardware resources, the proposed framework, consisting of a customised software traffic generator, ‘Botloader’, is capable of generating a configurable mix of two-way traffic, for emulating either large-scale DDoS attacks, FEs or benign traffic traces that are experimentally reproducible. Botloader uses IP-aliasing, a well-known technique available on most computing platforms, to create thousands of interactive UDP/TCP endpoints on a single computer, each bound to a unique IP-address, to emulate large numbers of simultaneous attackers or benign clients.
Resumo:
There have been significant improvements in toric soft contact lens design over the past decade. Data from our international contact lens prescribing survey were mined to assess recent trends in toric soft contact lens fitting. This survey was conducted by sending up to 1000 survey forms to contact lens fitters in Australia, Canada, Japan, the Netherlands, Norway, the UK and the USA each year between 2000 and 2009. Practitioners were asked to record data relating to the first 10 contact lens fits or refits performed after receiving the forms and to return them to us for analysis. The data revealed a gradual increase in the extent of toric soft lens fitting this century. Excluding Japan – which had a consistently low rate of soft toric lens fitting over the survey period – soft toric lenses now represent over 35% of all soft lenses prescribed; it can be assumed that, on average (and again excluding Japan), all cases of astigmatism 0.75 D or less remains uncorrected among contact lens wearers. Toric lenses are fitted more to those who are older, full-time wearers and reusable lens wearers, and less to those wearing silicone hydrogel and extended wear lenses.
Resumo:
Distributed Denial-of-Service (DDoS) attacks continue to be one of the most pernicious threats to the delivery of services over the Internet. Not only are DDoS attacks present in many guises, they are also continuously evolving as new vulnerabilities are exploited. Hence accurate detection of these attacks still remains a challenging problem and a necessity for ensuring high-end network security. An intrinsic challenge in addressing this problem is to effectively distinguish these Denial-of-Service attacks from similar looking Flash Events (FEs) created by legitimate clients. A considerable overlap between the general characteristics of FEs and DDoS attacks makes it difficult to precisely separate these two classes of Internet activity. In this paper we propose parameters which can be used to explicitly distinguish FEs from DDoS attacks and analyse two real-world publicly available datasets to validate our proposal. Our analysis shows that even though FEs appear very similar to DDoS attacks, there are several subtle dissimilarities which can be exploited to separate these two classes of events.
Resumo:
Road traffic injuries are a major global public health problem but continue to receive inadequate attention. Alcohol influences both risk and consequence of road traffic injury but the scale of the problem is not well understood in many countries. In Vietnam, economic development has brought a substantial increase in the number of registered motorcycles as well as alcohol consumption. Traffic injury is among the leading causes of death in Vietnam but there is little local information regarding alcohol related traffic injuries. The primary goal of this study is to explore the drinking and driving patterns of males and their perceptions towards drink-driving and to determine the relationship between alcohol consumption and road traffic injuries. Furthermore, this thesis aims to present the situation analysis for choosing priority actions to reduce drinking and driving in Vietnam. The study is a combination of two cross-sectional surveys and a pilot study. The pilot study, involving 224 traffic injured patients, was conducted to test the tools and the feasibility of approach methods. In the first survey, male patrons (n=464) were randomly selected at seven restaurants. Face-to-face interviews were conducted when patrons just arrived and breath tests were collected when they were about to leave the restaurant. In the second survey, male patients admitted to hospital following a traffic injury (n=480, of which 414 were motorcycle or bicycle riders) were interviewed and their blood alcohol concentration (BAC) measured by breathalyzer. The results show broadly similar patterns of drinking and driving among male patrons and male traffic injured patients with a high frequency of drinking and drink-driving reported among the majority of the two groups. A high proportion of male patrons were leaving restaurants with a BAC over the legal limit. Factors that significantly associate with the number of drinks and BAC were age, hazardous drinking, frequency of drink-driving in the past year, self-estimated number of drinks consumed to drive legally, perceived family’s disapproval of drink-driving, and perceived legal risk and physical risk. The proportion of patrons and patients with BAC above the legal limit of 0.05 were 86.7% and 60.4% respectively, which was much higher than found in previous studies. In addition, both groups had a high prevalence of BAC over 0.15g/100ml (39.7% of patrons and 45.6% patients), a level that can seriously affect driving capacity. Results from the case-crossover analysis for patients indicate a dose-response relationship between alcohol consumption and the risk of traffic injury. The risk of traffic injury increased when alcohol was consumed before driving and there was a more than 13 fold increase when six or more drinks were consumed. Regarding perceptions towards drinking and driving, findings corroborate the low awareness among males in Vietnam, with a majority of respondents holding a low knowledge of safe and legally permissible alcohol use, and a low perceived risk of drinking and driving. The results also indicate a huge gap in prevention skills in terms of planning ahead or using alternative transport to avoid drink-driving and a perception by patrons and patients of a low rate of disapproval of drink-driving from peers and family. Findings in this study have considerable implications for national policy, injury prevention, clinical practice, reporting systems, and for further research. The low rate of compliance with existing laws and a generally low perceived legal risk toward drink-driving in this study call for the strengthening of enforcement along with mass media campaigns and news coverage in order to decrease the widespread perception of impunity and thereby, to reduce the level of drink-driving. In addition, no significant difference was found in this study on risk of traffic injuries between car drivers and motorcycle drivers. The current inconsistency between legal BAC for drivers of motorcycles, compared to cars, thus needs addressing. Furthermore, as drinking was found to be very common, rather than solely targeting drink-driving, it is important to call for a more strategic and comprehensive approach to alcohol policy in Viet Nam. This study also has considerable implications for clinical practice in terms of screening and brief interventions. Our study suggests that the short form of the AUDIT (AUDIT-C) screening tool is appropriate for use in busy emergency departments. The high proportion of traffic injured patients with evidence of alcohol abuse or hazardous drinking suggests that brief interventions by alcohol and drug counselors in emergency departments are a sensible option to addressing this important problem. The significance of this study is in the combination of the systematic collection of breath test and use of case-crossover design to estimate the risk of traffic injuries after alcohol consumption. The results provide convincing evidence to policy makers, health authorities and the media to help raise community awareness and policy advocacy toward the drinkdriving problem in Vietnam. The findings suggest an urgent need for a multi-sectoral approach to curtail drink-driving in Vietnam, especially programs to raise community awareness and effective legal enforcement. Furthermore, serving as a situation analysis, the thesis should inform the formulation of interventions designed to curtail drinking and driving in Vietnam and other developing countries.
Resumo:
Many existing schemes for malware detection are signature-based. Although they can effectively detect known malwares, they cannot detect variants of known malwares or new ones. Most network servers do not expect executable code in their in-bound network traffic, such as on-line shopping malls, Picasa, Youtube, Blogger, etc. Therefore, such network applications can be protected from malware infection by monitoring their ports to see if incoming packets contain any executable contents. This paper proposes a content-classification scheme that identifies executable content in incoming packets. The proposed scheme analyzes the packet payload in two steps. It first analyzes the packet payload to see if it contains multimedia-type data (such as . If not, then it classifies the payload either as text-type (such as or executable. Although in our experiments the proposed scheme shows a low rate of false negatives and positives (4.69% and 2.53%, respectively), the presence of inaccuracies still requires further inspection to efficiently detect the occurrence of malware. In this paper, we also propose simple statistical and combinatorial analysis to deal with false positives and negatives.
Resumo:
Physical inactivity is a serious concern both nationally and internationally. Despite the numerous benefits of performing regular physical activity, many individuals lead sedentary lifestyles. Of concern, though, is research showing that some population sub-groups are less likely to be active, such as parents of young children. Although there is a vast amount of research dedicated to understanding people.s physical activity-related behaviours, there is a paucity of research examining those factors that influence parental physical activity. More importantly, research applying theoretical models to understand physical activity decision-making among this at-risk population is limited. Given the current obesity epidemic, the decline in physical activity with parenthood, and the many social and health benefits associated with regular physical activity, it is important that adults with young children are sufficiently active. In light of the dearth of research examining parental physical activity and the scant research applying a theory-based approach to gain this understanding, the overarching aim of the current program of research was to adopt a mixed methods approach as well as use sound theoretical frameworks to understand the regular physical activity behaviour of mothers and fathers with young children. This program of research comprised of three distinct stages: a qualitative stage exploring individual, social, and psychological factors that influence parental regular physical activity (Stage 1); a quantitative stage identifying the important predictors of parental regular physical activity intentions and behaviour using sound theoretical frameworks and testing a single-item measure for assessing parental physical activity behaviour (Stage 2); and a qualitative stage exploring strategies for an intervention program aimed at increasing parental regular physical activity (Stage 3). As a thesis by publication, eight papers report the findings of this program of research; these papers are presented according to the distinct stages of investigation that guided this program of research. Stage One of the research program comprised a qualitative investigation using a focus group/interview methodology with parents of children younger than 5 years of age (N = 40; n = 21 mothers, n = 19 fathers) (Papers 1, 2, and 3). Drawing broadly on a social constructionist approach (Paper 1), thematic analytic methods revealed parents. understandings of physical activity (e.g., requires effort), patterns of physical activity-related behaviours (e.g., grab it when you can, declining physical activity habits), and how constructions of social role expectations might influence parents. physical activity decision making (e.g., creating an active family culture, guilt and selfishness). Drawing on the belief-based framework of the TPB (Paper 2), thematic content analytic methods revealed parents. commonly held beliefs about the advantages (e.g., improves parenting practices), disadvantages (e.g., interferes with commitments), barriers (e.g., time), and facilitators (e.g., social support) to performing regular physical activity. Parents. normative beliefs about social approval from important others or groups (e.g., spouse/partner) were also identified. Guided by theories of social support, Paper Three identified parents. perceptions about the specific social support dimensions that influence their physical activity decision making. Thematic content analysis identified instrumental (e.g., providing childcare, taking over chores), emotional (e.g., encouragement, companionship), and informational support (e.g., ideas and advice) as being important to the decision-making of parents in relation to their regular physical activity behaviour. The results revealed also that having support for being active is not straightforward (e.g., guilt-related issues inhibited the facilitative nature of social support for physical activity). Stage Two of the research program comprised a quantitative examination of parents. physical activity intentions and behaviour (Papers 4, 5, 6, and 7). Parents completed an extended TPB questionnaire at Time 1 (N = 580; n = 288 mothers, n = 292 fathers) and self-reported their physical activity at Time 2, 1 week later (N = 458; n = 252 mothers, n = 206 fathers). Paper Four revealed key behavioural (e.g., improving parenting practices), normative (e.g., people I exercise with), and control (e.g., lack of time) beliefs as significant independent predictors of parental physical activity. A test of the TPB augmented to include the constructs of self-determined motivation and planning was assessed in Paper Five. The findings revealed that the effect of self-determined motivation on intention was fully mediated by the TPB variables and the impact of intention on behaviour was partially mediated by the planning variables. Slight differences in the model.s motivational sequence between the sexes were also noted. Paper Six investigated, within a TPB framework, a range of social influences on parents. intentions to be active. For both sexes, attitude, perceived behavioural control, group norms, friend general support, and an active parent identity predicted intentions, with subjective norms and family support further predicting mothers. intentions and descriptive norms further predicting fathers. intentions. Finally, the measurement of parental physical activity was investigated in Paper Seven of Stage Two. The results showed that parents are at risk of low levels of physical activity, with the findings also revealing validation support for a brief single-item physical activity measure. Stage Three of the research program comprised a qualitative examination of parents. (N = 12; n = 6 mothers, n = 6 fathers) ideas for strategies that may be useful for developing and delivering an intervention program aimed at increasing parental physical activity (Paper 8). Parents revealed a range of strategies for what to include in a physical activity intervention designed for parents of young children. For example, parents identified persuasion and information type messages, problem-solving strategies that engage parents in generating a priority list of their lifestyle commitments, and behavioural modification techniques such as goal setting and incentives. Social intervention strategies (e.g., social comparison, counselling) and environmental approaches (e.g., community-based integrative parent/child programs) were also identified as was a skill-based strategy in helping parents generate a flexible life/family plan. Additionally, a range of strategies for how to best deliver a parental physical activity intervention was discussed. Taken as a whole, Paper Eight found that adopting a multifaceted approach in both the design and implementation of a resultant physical activity intervention may be useful in helping to increase parental physical activity. Overall, this program of research found support for parents as a unique group who hold both similar and distinctive perceptions about regular physical activity to the general adult population. Thus, these findings highlight the importance of targeting intervention strategies for parents of young children. Additionally, the findings suggest that it might also be useful to tailor some messages specifically to each sex. Effective promotion of physical activity in parents of young children is essential given the low rate of activity in this population. Results from this program of research highlight parents as an at-risk group for inactivity and provide an important first step in identifying the factors that influence both mothers. and fathers. physical activity decision making. These findings, in turn, provide a foundation on which to build effective intervention programs aimed at increasing parents. regular physical activity which is essential for ensuring the health and well-being of parents with young children.
Resumo:
This paper describes system identification, estimation and control of translational motion and heading angle for a cost effective open-source quadcopter — the MikroKopter. The dynamics of its built-in sensors, roll and pitch attitude controller, and system latencies are determined and used to design a computationally inexpensive multi-rate velocity estimator that fuses data from the built-in inertial sensors and a low-rate onboard laser range finder. Control is performed using a nested loop structure that is also computationally inexpensive and incorporates different sensors. Experimental results for the estimator and closed-loop positioning are presented and compared with ground truth from a motion capture system.
Resumo:
A Flash Event (FE) represents a period of time when a web-server experiences a dramatic increase in incoming traffic, either following a newsworthy event that has prompted users to locate and access it, or as a result of redirection from other popular web or social media sites. This usually leads to network congestion and Quality-of-Service (QoS) degradation. These events can be mistaken for Distributed Denial-of-Service (DDoS) attacks aimed at disrupting the server. Accurate detection of FEs and their distinction from DDoS attacks is important, since different actions need to be undertaken by network administrators in these two cases. However, lack of public domain FE datasets hinders research in this area. In this paper we present a detailed study of flash events and classify them into three broad categories. In addition, the paper describes FEs in terms of three key components: the volume of incoming traffic, the related source IP-addresses, and the resources being accessed. We present such a FE model with minimal parameters and use publicly available datasets to analyse and validate our proposed model. The model can be used to generate different types of FE traffic, closely approximating real-world scenarios, in order to facilitate research into distinguishing FEs from DDoS attacks.
