Source-based filtering scheme against DDOS attacks

IP address spoofing is employed by a lot of DDoS attack tools. Most of the current research on DDoS attack packet filtering depends on cooperation among routers, which is hard to achieve in real campaigns. Therefore, in the paper, we propose a novel filtering scheme based on source information in this paper to defend against various source IP address spoofing. The proposed method works independently at the potential victim side, and accumulates the source information of its clients, for instance, source IP addresses, hops from the server during attacks free period. When a DDoS attack alarm is raised, we can filter out the attack packets based on the accumulated knowledge of the legitimate clients. We divide the source IP addresses into n(1 ≤ n ≤ 32) segments in our proposed algorithm; as a result, we can therefore release the challenge storage and speed up the procedure of information retrieval. The system which is proposed by us and the experiments indicated that the proposed method works effectively and efficiently.

Safeguarding Australia from cyber-terrorism : a proposed cyber-terrorism SCADA risk framework for Australia

Terrorist groups are currently using information and communication technologies (ICTs) to orchestrate their conventional physical attacks. More recently, terrorists have been developing a new form of capability within the cyber-arena to coordinate cyber-based attacks. This paper identifies that cyber-terrorism capabilities are an integral, imperative, yet under-researched component in establishing, and enhancing cyber-terrorism risk assessment models for SCADA systems. This paper is an extension of work previously published by Beggs and
Warren 2008, it presents a high level overview of a cyber-terrorism SCADA risk framework that has been adopted and validated by SCADA industry practitioners. The paper proposes a managerial framework which is designed to measure and protect SCADA systems from the threat of cyber-terrorism within Australia. The findings and results of an industry focus group are presented in support of the developed framework for SCADA industry adoption and acceptance.

Entropy-based collaborative detection of DDOS attacks on community networks

A community network often operates with the same Internet service provider domain or the virtual network of different entities who are cooperating with each other. In such a federated network environment, routers can work closely to raise early warning of DDoS attacks to void catastrophic damages. However, the attackers simulate the normal network behaviors, e.g. pumping the attack packages as poisson distribution, to disable detection algorithms. It is an open question: how to discriminate DDoS attacks from surge legitimate accessing. We noticed that the attackers use the same mathematical functions to control the speed of attack package pumping to the victim. Based on this observation, the different attack flows of a DDoS attack share the same regularities, which is different from the real surging accessing in a short time period. We apply information theory parameter, entropy rate, to discriminate the DDoS attack from the surge legitimate accessing. We proved the effectiveness of our method in theory, and the simulations are the work in the near future. We also point out the future directions that worth to explore in the future.

Detecting and tracing DDoS attacks by intelligent decision prototype

Over the last couple of months a large number of distributed denial of service (DDoS) attacks have occurred across the world, especially targeting those who provide Web services. IP traceback, a counter measure against DDoS, is the ability to trace IP packets back to the true source/s of the attack. In this paper, an IP traceback scheme using a machine learning technique called intelligent decision prototype (IDP), is proposed. IDP can be used on both probabilistic packet marking (PPM) and deterministic packet marking (DPM) traceback schemes to identify DDoS attacks. This will greatly reduce the packets that are marked and in effect make the system more efficient and effective at tracing the source of an attack compared with other methods. IDP can be applied to many security systems such as data mining, forensic analysis, intrusion detection systems (IDS) and DDoS defense systems.

Multi-core Defense System (MSDS) for protecting computer infrastructure against DDoS attacks

Distributed Denial of Service attacks is one of the most challenging areas to deal with in Security. Not only do security managers have to deal with flood and vulnerability attacks. They also have to consider whether they are from legitimate or malicious attackers. In our previous work we developed a framework called bodyguard, which is to help security software developers from the current serialized paradigm, to a multi-core paradigm. In this paper, we update our research work by moving our bodyguard paradigm, into our new Ubiquitous Multi-Core Framework. From this shift, we show a marked improvement from our previous result of 20% to 110% speedup performance with an average cost of 1.5 ms. We also conducted a second series of experiments, which we trained up Neural Network, and tested it against actual DDoS attack traffic. From these experiments, we were able to achieve an average of 93.36%, of this attack traffic.

Using mobile agents to recover from node and database compromise in path-based DoS attacks in wireless sensor networks

Wireless sensor networks represent a new generation of real-time embedded systems with significantly different communication constraints from the traditional networked systems. With their development, a new attack called a path-based DoS (PDoS) attack has appeared. In a PDoS attack, an adversary, either inside or outside the network, overwhelms sensor nodes by flooding a multi-hop end-to-end communication path with either replayed packets or injected spurious packets. Detection and recovery from PDoS attacks have not been given much attention in the literature. In this article, we consider wireless sensor networks designed to collect and store data. In a path-based attack, both sensor nodes and the database containing collected data can be compromised. We propose a recovery method using mobile agents which can detect PDoS attacks easily and efficiently and recover the compromised nodes along with the database.

Safeguarding Australia from cyber-terrorism : a proposed cyber-terrorism SCADA risk framework for industry adoption

Terrorist groups are currently using information and communication technologies (ICTs) to orchestrate their conventional physical attacks. More recently, terrorists have been developing a new form of capability within the cyber-arena to  coordinate cyber-based attacks. This paper identifies that cyber-terrorism capabilities are an integral, imperative, yet under-researched component in establishing, and enhancing cyber-terrorism risk assessment models for SCADA systems.

This paper is an extension of work previously published by Beggs and Warren 2008, it presents a high level overview of a cyber-terrorism SCADA risk framework that has been adopted and validated by SCADA industry practitioners. The paper proposes a managerial framework which is designed to measure and protect SCADA systems from the threat of cyber-terrorism within Australia. The findings and results of an industry focus group is presented in support of the developed framework for SCADA industry adoption and acceptance.

Protecting web services from distributed denial of service attacks

The outcome of the research was the development of three network defence systems to protect corporate network infrastructure. The results showed that these defences were able to detect and filter around 94% of the DDoS attack traffic within a matter of seconds.

A distributed active defense system against DDoS attacks

This thesis proposes a novel architecture of Distributed Active Defense System (DADS) against Distibuted Denial of Service (DDoS) attacks. Three sub-systems of DADS were built. For each sub-system corresponding algorithms were developed, prototypes implemented, criteria for evaluation were set up and experiments in both simulation and real network laboratory environments were carried out.

Targeting terrorist financing

Targeting terrorist financing involves international cooperation and coordination. However, the primacy of domestic interests over collective good and a predisposition to unilateral action, notably on the part of the US, have completely overwhelmed the spirit of cooperation among states and have undermined the effectiveness of the regimes against terrorist financing.

An abnormal-based approach to effectively detect DDOS attacks

Distributed Denial-of-Service (DDoS) attacks are a serious threat to the safety and security of cyberspace. In this paper we propose a novel metric to detect DDoS attacks in the Internet. More precisely, we use the function of order α of the generalized (Rényi) entropy to distinguish DDoS attacks traffic from legitimate network traffic effectively. In information theory, entropies make up the basis for distance and divergence measures among various probability densities. We design our abnormal-based detection metric using the generalized entropy. The experimental results show that our proposed approach can not only detect DDoS attacks early (it can detect attacks one hop earlier than using the Shannon metric while order  α =2, and two hops earlier than the Shannon metric while order α =10.) but can also reduce both the false positive rate and the false negative rate, compared with the traditional Shannon entropy metric approach.

Chaos theory based detection against network mimicking DDoS attacks

DDoS attack traffic is difficult to differentiate from legitimate network traffic during transit from the attacker, or zombies, to the victim. In this paper, we use the theory of network self-similarity to differentiate DDoS flooding attack traffic from legitimate self-similar traffic in the network. We observed that DDoS traffic causes a strange attractor to develop in the pattern of network traffic. From this observation, we developed a neural network detector trained by our DDoS prediction algorithm. Our preliminary experiments and analysis indicate that our proposed chaotic model can accurately and effectively detect DDoS attack traffic. Our approach has the potential to not only detect attack traffic during transit, but to also filter it.