Distributed defense against distributed denial-of-service attacks

Distributed defense is a promising way to neutralize the distributed Denial-of-Service attacks by detecting and responding the attacking sources widespread around the Internet. Components of the distributed defense system will cooperate with each other to combat the attacks. Compared with the centralized defense systems, distributed defense systems can discover the attacks more timely from both source end and victim end, fight the attacks with more resources and take advantage of more flexible strategies. This paper investigates 7 distributed defense systems which make use of various strategies to mitigate the DDoS attacks. Different architectures are designed in these 7 systems to provide distributed DDoS defense solutions. We evaluate these systems in terms of deployment, detection, response, security, robustness and implementation. For each criteria, we give a recommendation on which technologies are best suitable for a successful distributed defense system based on the analysis result. Finally we propose our idea on the design of an effective distributed defense system.

Protecting web applications from DDoS attacks by an active distributed defense system

In the last a few years a number of highly publicized incidents of Distributed Denial of Service (DDoS) attacks against high-profile government and commercial websites have made people aware of the importance of providing data and services security to users. A DDoS attack is an availability attack, which is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resources. This paper introduces the vulnerability of web applications to DDoS attacks, and presents an active distributed defense system that has a deployment mixture of sub-systems to protect web applications from DDoS attacks. According to the simulation experiments, this system is effective in that it is able to defend web applications against attacks. It can avoid overall network congestion and provide more resources to legitimate web users.

A defense system against DDoS attacks by large-scale IP traceback

In this paper, we present a new approach, called Flexible Deterministic Packet Marking (FDPM), to perform a large-scale IP traceback to defend against Distributed Denial of Service (DDoS) attacks. In a DDoS attack the victim host or network is usually attacked by a large number of spoofed IP packets coming from multiple sources. IP traceback is the ability to trace the IP packets to their sources without relying on the source address field of the IP header. FDPM provides many flexible features to trace the IP packets and can obtain better tracing capability than current IP traceback mechanisms, such as Probabilistic Packet Marking (PPM), and Deterministic Packet Marking (DPM). The flexibilities of FDPM are in two ways, one is that it can adjust the length of marking field according to the network protocols deployed; the other is that it can adjust the marking rate according to the load of participating routers. The implementation and evaluation demonstrates that the FDPM needs moderately only a small number of packets to complete the traceback process; and can successfully perform a large-scale IP traceback, for example, trace up to 110,000 sources in a single incident response. It has a built-in overload prevention mechanism, therefore this scheme can perform a good traceback process even it is heavily loaded.

Mark-aided distributed filtering by using neural network for DDoS defense

Currently Distributed Denial of Service (DDoS) attacks have been identified as one of the most serious problems on the Internet. The aim of DDoS attacks is to prevent legitimate users from accessing desired resources, such as network bandwidth. Hence the immediate task of DDoS defense is to provide as much resources as possible to legitimate users when there is an attack. Unfortunately most current defense approaches can not efficiently detect and filter out attack traffic. Our approach is to find the network anomalies by using neural network, deploy the system at distributed routers, identify the attack packets, and then filter them. The marks in the IP header that are generated by a group of IP traceback schemes, Deterministic Packet Marking (DPM)/Flexible Deterministic Packet Marking (FDPM), assist this process of identifying attack packets. The experimental results show that this approach can be used to defend against both intensive and subtle DDoS attacks, and can catch DDoS attacks’ characteristic of starting from multiple sources to a single victim. According to results, we find the marks in IP headers can enhance the sensitivity and accuracy of detection, thus improve the legitimate traffic throughput and reduce attack traffic throughput. Therefore, it can perform well in filtering DDoS attack traffic precisely and effectively.

Brief report : The defense mechanisms of homophobic adolescent males : a descriptive discriminant analysis

The study examined the role of defense mechanisms in homophobic attitudes of older male adolescents aged 17e18 years. A cross-sectional survey collected data from final year high school students (N ¼ 86) attending an all male school in a regional centre in Victoria, Australia. The school was identified by teachers as having a problematic culture of homophobic intolerance. Participants were divided into homophobic and non-homophobic groups based on their scores on the Homophobia Scale Questionnaire. Discriminant analysis was conducted to identify the predictors that would best categorise students into those two groups on the basis of defense styles derived from the Defense Style Questionnaire-40 (DSQ-40). The strongest predictors of homophobia amongst defense styles were idealisation, denial, somatisation and devaluation accounting for 18.31%, 17.64%, 13.10% and 11.35% of the variance, respectively. Results generally supported the larger contribution of more immature defenses to higher levels of homophobia.

Multi-core security defense system (MSDS)

Today's security program developers are not only facing an uphill battle of developing and implementing. But now have to take into consideration, the emergence of next generation of multi-core system, and its effect on security application design. In our previous work, we developed a framework called bodyguard. The objective of this framework was to help security software developers, shift from their use of serialized paradigm, to a multi-core paradigm. Working within this paradigm, we developed a security bodyguard system called Farmer. This abstract framework placed particular applications into categories, like security or multi-media, which were ran on separate core processors within the multi-core system. With further analysis of the bodyguard paradigm, we found that this paradigm was suitable to be used in other computer science areas, such as spam filtering and multi-media. In this paper, we update our research work within the bodyguard paradigm, and showed a marked improvement of 110% speedup performance with an average cost of 1.5 ms.

Multi-core Defense System (MSDS) for protecting computer infrastructure against DDoS attacks

Distributed Denial of Service attacks is one of the most challenging areas to deal with in Security. Not only do security managers have to deal with flood and vulnerability attacks. They also have to consider whether they are from legitimate or malicious attackers. In our previous work we developed a framework called bodyguard, which is to help security software developers from the current serialized paradigm, to a multi-core paradigm. In this paper, we update our research work by moving our bodyguard paradigm, into our new Ubiquitous Multi-Core Framework. From this shift, we show a marked improvement from our previous result of 20% to 110% speedup performance with an average cost of 1.5 ms. We also conducted a second series of experiments, which we trained up Neural Network, and tested it against actual DDoS attack traffic. From these experiments, we were able to achieve an average of 93.36%, of this attack traffic.

Modelling the relationship between defense spending and economic growth for the Fiji Islands

The goal of this paper is to examine the nexus between GDP and military expenditure. We model this relationship within a multivariate framework by including exports in the model. We use the recently developed bounds testing approach to cointegration and find that there is a long run relationship among the variables when GDP is the endogenous variable. Normalizing on GDP and using four different estimators, we find that in the long run both military expenditure and exports have a positive impact on GDP. Finally, using the Granger causality test, we find that there is evidence for military expenditure Granger causing exports and exports Granger causing GDP, implying that military expenditure indirectly Granger causes GDP in the short run. In the long run, we find that both military expenditure and exports Granger cause GDP for Fiji. Our findings are consistent with the Keynesian school of thought, leading us to derive some policy implications.

Heterotrimeric G proteins-mediated resistance to necrotrophic pathogens includes mechanisms independent of salicylic acid-, jasmonic acid/ethylene- and abscisic acid-mediated defense signaling

Heterotrimeric G proteins are involved in the defense response against necrotrophic fungi in Arabidopsis. In order to elucidate the resistance mechanisms involving heterotrimeric G proteins, we analyzed the effects of the Gβ (subunit deficiency in the mutant agb1-2 on pathogenesis-related gene expression, as well as the genetic interaction between agb1-2 and a number of mutants of established defense pathways. Gβ-mediated signaling suppresses the induction of salicylic acid (SA)-, jasmonic acid (JA)-, ethylene (ET)- and abscisic acid (ABA)-dependent genes during the initial phase of the infection with Fusarium oxysporum (up to 48 h after inoculation). However, at a later phase it enhances JA/ET-dependent genes such as PDF1.2 and PR4. Quantification of the Fusarium wilt symptoms revealed that Gβ- and SA-deficient mutants were more susceptible than wild-type plants, whereas JA- and ET-insensitive and ABA-deficient mutants demonstrated various levels of resistance. Analysis of the double mutants showed that the Gβ-mediated resistance to F. oxysporum and Alternaria brassicicola was mostly independent of all of the previously mentioned pathways. However, the progressive decay of agb1-2 mutants was compensated by coi1-21 and jin1-9 mutations, suggesting that at this stage of F. oxysporum infection Gβ acts upstream of COI1 and ATMYC2 in JA signaling.