773 resultados para Denial of Service
Resumo:
Denial-of-service (DoS) attacks form a very important category of security threats that are prevalent in MIPv6 (mobile internet protocol version 6) today. Many schemes have been proposed to alleviate such threats, including one of our own [9]. However, reasoning about the correctness of such protocols is not trivial. In addition, new solutions to mitigate attacks may need to be deployed in the network on a frequent basis as and when attacks are detected, as it is practically impossible to anticipate all attacks and provide solutions in advance. This makes it necessary to validate the solutions in a timely manner before deployment in the real network. However, threshold schemes needed in group protocols make analysis complex. Model checking threshold-based group protocols that employ cryptography have not been successful so far. Here, we propose a new simulation based approach for validation using a tool called FRAMOGR that supports executable specification of group protocols that use cryptography. FRAMOGR allows one to specify attackers and track probability distributions of values or paths. We believe that infrastructure such as FRAMOGR would be required in future for validating new group based threshold protocols that may be needed for making MIPv6 more robust.
Resumo:
The Intrusion Detection System (IDS) is a common means of protecting networked systems from attack or malicious misuse. The deployment of an IDS can take many different forms dependent on protocols, usage and cost. This is particularly true of Wireless Intrusion Detection Systems (WIDS) which have many detection challenges associated with data transmission through an open, shared medium, facilitated by fundamental changes at the Physical and MAC layers. WIDS need to be considered in more detail at these lower layers than their wired counterparts as they face unique challenges. The remainder of this chapter will investigate three of these challenges where WiFi deviates significantly from that of wired counterparts:
• Attacks Specific to WiFi Networks: Outlining the additional threats which WIDS must account for: Denial of Service, Encryption Bypass and AP Masquerading attacks.
• The Effect of Deployment Architecture on WIDS Performance: Demonstrating that the deployment environment of a network protected by a WIDS can influence the prioritisation of attacks.
• The Importance of Live Data in WiFi Research: Investigating the different choices for research data sources with an emphasis on encouraging live network data collection for future WiFi research.
Resumo:
Synchrophasor systems will play a crucial role in next generation Smart Grid monitoring, protection and control. However these systems also introduce a multitude of potential vulnerabilities from malicious and inadvertent attacks, which may render erroneous operation or severe damage. This paper proposes a Synchrophasor Specific Intrusion Detection System (SSIDS) for malicious cyber attack and unintended misuse. The SSIDS comprises a heterogeneous whitelist and behavior-based approach to detect known attack types and unknown and so-called ‘zero-day’ vulnerabilities and attacks. The paper describes reconnaissance, Man-in-the-Middle (MITM) and Denial-of-Service (DoS) attack types executed against a practical synchrophasor system which are used to validate the real-time effectiveness of the proposed SSIDS cyber detection method.
Resumo:
A computer system's security can be compromised in many ways—a denial-of-service attack can make a server inoperable, a worm can destroy a user's private data, or an eavesdropper can reap financial rewards by inserting himself in the communication link between a customer and her bank through a man-in-the-middle (MITM) attack. What all these scenarios have in common is that the adversary is an untrusted entity that attacks a system from the outside—we assume that the computers under attack are operated by benign and trusted users. But if we remove this assumption, if we allow anyone operating a computer system—from system administrators down to ordinary users—to compromise that system's security, we find ourselves in a scenario that has received comparatively little attention.
Resumo:
Les alertes que nos logiciels antivirus nous envoient ou encore les différents reportages diffusés dans les médias nous font prendre conscience de l'existence des menaces dans le cyberespace. Que ce soit les pourriels, les attaques par déni de service ou les virus, le cyberespace regorge de menaces qui persistent malgré les efforts qui sont déployés dans leur lutte. Est-ce que cela a à voir avec l'efficacité des politiques en place actuellement pour lutter contre ce phénomène? Pour y répondre, l'objectif général du présent mémoire est de vérifier quelles sont les politiques de prévention (lois anti-pourriel, partenariats publics-privés et démantèlements de botnets) qui influencent le plus fortement le taux de menaces informatiques détectées, tout en s'attardant également à l'effet de différents facteurs socio-économiques sur cette variable. Les données collectées par le logiciel antivirus de la compagnie ESET ont été utilisées. Les résultats suggèrent que les partenariats publics-privés offrant une assistance personnalisée aux internautes s'avèrent être la politique de prévention la plus efficace. Les démantèlements de botnets peuvent également s'avérer efficaces, mais seulement lorsque plusieurs acteurs/serveurs importants du réseau sont mis hors d'état de nuire. Le démantèlement du botnet Mariposa en est un bon exemple. Les résultats de ce mémoire suggèrent que la formule partenariats-démantèlements serait le choix le plus judicieux pour lutter contre les cybermenaces. Ces politiques de prévention possèdent toutes deux des méthodes efficaces pour lutter contre les menaces informatiques et c'est pourquoi elles devraient être mises en commun pour assurer une meilleure défense contre ce phénomène.
Resumo:
Informative website about Anonymous/LulzSec and Denial of Service attacks
Resumo:
A run through various aspects of Distributed Denial of Service attacks
Resumo:
The Universal Serial Bus (USB) is an extremely popular interface standard for computer peripheral connections and is widely used in consumer Mass Storage Devices (MSDs). While current consumer USB MSDs provide relatively high transmission speed and are convenient to carry, the use of USB MSDs has been prohibited in many commercial and everyday environments primarily due to security concerns. Security protocols have been previously proposed and a recent approach for the USB MSDs is to utilize multi-factor authentication. This paper proposes significant enhancements to the three-factor control protocol that now makes it secure under many types of attacks including the password guessing attack, the denial-of-service attack, and the replay attack. The proposed solution is presented with a rigorous security analysis and practical computational cost analysis to demonstrate the usefulness of this new security protocol for consumer USB MSDs.
Resumo:
Pós-graduação em Ciência da Computação - IBILCE
Resumo:
Internet access by wireless networks has grown considerably in recent years. However, these networks are vulnerable to security problems, especially those related to denial of service attacks. Intrusion Detection Systems(IDS)are widely used to improve network security, but comparison among the several existing approaches is not a trivial task. This paper proposes building a datasetfor evaluating IDS in wireless environments. The data were captured in a real, operating network. We conducted tests using traditional IDS and achieved great results, which showed the effectiveness of our proposed approach.
Resumo:
Pós-graduação em Engenharia Elétrica - FEIS
Resumo:
Wireless LANs are growing rapidly and security has always been a concern. We have implemented a hybrid system, which will not only detect active attacks like identity theft causing denial of service attacks, but will also detect the usage of access point discovery tools. The system responds in real time by sending out an alert to the network administrator.
Resumo:
Il lavoro è stato suddiviso in tre macro-aree. Una prima riguardante un'analisi teorica di come funzionano le intrusioni, di quali software vengono utilizzati per compierle, e di come proteggersi (usando i dispositivi che in termine generico si possono riconoscere come i firewall). Una seconda macro-area che analizza un'intrusione avvenuta dall'esterno verso dei server sensibili di una rete LAN. Questa analisi viene condotta sui file catturati dalle due interfacce di rete configurate in modalità promiscua su una sonda presente nella LAN. Le interfacce sono due per potersi interfacciare a due segmenti di LAN aventi due maschere di sotto-rete differenti. L'attacco viene analizzato mediante vari software. Si può infatti definire una terza parte del lavoro, la parte dove vengono analizzati i file catturati dalle due interfacce con i software che prima si occupano di analizzare i dati di contenuto completo, come Wireshark, poi dei software che si occupano di analizzare i dati di sessione che sono stati trattati con Argus, e infine i dati di tipo statistico che sono stati trattati con Ntop. Il penultimo capitolo, quello prima delle conclusioni, invece tratta l'installazione di Nagios, e la sua configurazione per il monitoraggio attraverso plugin dello spazio di disco rimanente su una macchina agent remota, e sui servizi MySql e DNS. Ovviamente Nagios può essere configurato per monitorare ogni tipo di servizio offerto sulla rete.
Resumo:
Los avances en el hardware permiten disponer de grandes volúmenes de datos, surgiendo aplicaciones que deben suministrar información en tiempo cuasi-real, la monitorización de pacientes, ej., el seguimiento sanitario de las conducciones de agua, etc. Las necesidades de estas aplicaciones hacen emerger el modelo de flujo de datos (data streaming) frente al modelo almacenar-para-despuésprocesar (store-then-process). Mientras que en el modelo store-then-process, los datos son almacenados para ser posteriormente consultados; en los sistemas de streaming, los datos son procesados a su llegada al sistema, produciendo respuestas continuas sin llegar a almacenarse. Esta nueva visión impone desafíos para el procesamiento de datos al vuelo: 1) las respuestas deben producirse de manera continua cada vez que nuevos datos llegan al sistema; 2) los datos son accedidos solo una vez y, generalmente, no son almacenados en su totalidad; y 3) el tiempo de procesamiento por dato para producir una respuesta debe ser bajo. Aunque existen dos modelos para el cómputo de respuestas continuas, el modelo evolutivo y el de ventana deslizante; éste segundo se ajusta mejor en ciertas aplicaciones al considerar únicamente los datos recibidos más recientemente, en lugar de todo el histórico de datos. En los últimos años, la minería de datos en streaming se ha centrado en el modelo evolutivo. Mientras que, en el modelo de ventana deslizante, el trabajo presentado es más reducido ya que estos algoritmos no sólo deben de ser incrementales si no que deben borrar la información que caduca por el deslizamiento de la ventana manteniendo los anteriores tres desafíos. Una de las tareas fundamentales en minería de datos es la búsqueda de agrupaciones donde, dado un conjunto de datos, el objetivo es encontrar grupos representativos, de manera que se tenga una descripción sintética del conjunto. Estas agrupaciones son fundamentales en aplicaciones como la detección de intrusos en la red o la segmentación de clientes en el marketing y la publicidad. Debido a las cantidades masivas de datos que deben procesarse en este tipo de aplicaciones (millones de eventos por segundo), las soluciones centralizadas puede ser incapaz de hacer frente a las restricciones de tiempo de procesamiento, por lo que deben recurrir a descartar datos durante los picos de carga. Para evitar esta perdida de datos, se impone el procesamiento distribuido de streams, en concreto, los algoritmos de agrupamiento deben ser adaptados para este tipo de entornos, en los que los datos están distribuidos. En streaming, la investigación no solo se centra en el diseño para tareas generales, como la agrupación, sino también en la búsqueda de nuevos enfoques que se adapten mejor a escenarios particulares. Como ejemplo, un mecanismo de agrupación ad-hoc resulta ser más adecuado para la defensa contra la denegación de servicio distribuida (Distributed Denial of Services, DDoS) que el problema tradicional de k-medias. En esta tesis se pretende contribuir en el problema agrupamiento en streaming tanto en entornos centralizados y distribuidos. Hemos diseñado un algoritmo centralizado de clustering mostrando las capacidades para descubrir agrupaciones de alta calidad en bajo tiempo frente a otras soluciones del estado del arte, en una amplia evaluación. Además, se ha trabajado sobre una estructura que reduce notablemente el espacio de memoria necesario, controlando, en todo momento, el error de los cómputos. Nuestro trabajo también proporciona dos protocolos de distribución del cómputo de agrupaciones. Se han analizado dos características fundamentales: el impacto sobre la calidad del clustering al realizar el cómputo distribuido y las condiciones necesarias para la reducción del tiempo de procesamiento frente a la solución centralizada. Finalmente, hemos desarrollado un entorno para la detección de ataques DDoS basado en agrupaciones. En este último caso, se ha caracterizado el tipo de ataques detectados y se ha desarrollado una evaluación sobre la eficiencia y eficacia de la mitigación del impacto del ataque. ABSTRACT Advances in hardware allow to collect huge volumes of data emerging applications that must provide information in near-real time, e.g., patient monitoring, health monitoring of water pipes, etc. The data streaming model emerges to comply with these applications overcoming the traditional store-then-process model. With the store-then-process model, data is stored before being consulted; while, in streaming, data are processed on the fly producing continuous responses. The challenges of streaming for processing data on the fly are the following: 1) responses must be produced continuously whenever new data arrives in the system; 2) data is accessed only once and is generally not maintained in its entirety, and 3) data processing time to produce a response should be low. Two models exist to compute continuous responses: the evolving model and the sliding window model; the latter fits best with applications must be computed over the most recently data rather than all the previous data. In recent years, research in the context of data stream mining has focused mainly on the evolving model. In the sliding window model, the work presented is smaller since these algorithms must be incremental and they must delete the information which expires when the window slides. Clustering is one of the fundamental techniques of data mining and is used to analyze data sets in order to find representative groups that provide a concise description of the data being processed. Clustering is critical in applications such as network intrusion detection or customer segmentation in marketing and advertising. Due to the huge amount of data that must be processed by such applications (up to millions of events per second), centralized solutions are usually unable to cope with timing restrictions and recur to shedding techniques where data is discarded during load peaks. To avoid discarding of data, processing of streams (such as clustering) must be distributed and adapted to environments where information is distributed. In streaming, research does not only focus on designing for general tasks, such as clustering, but also in finding new approaches that fit bests with particular scenarios. As an example, an ad-hoc grouping mechanism turns out to be more adequate than k-means for defense against Distributed Denial of Service (DDoS). This thesis contributes to the data stream mining clustering technique both for centralized and distributed environments. We present a centralized clustering algorithm showing capabilities to discover clusters of high quality in low time and we provide a comparison with existing state of the art solutions. We have worked on a data structure that significantly reduces memory requirements while controlling the error of the clusters statistics. We also provide two distributed clustering protocols. We focus on the analysis of two key features: the impact on the clustering quality when computation is distributed and the requirements for reducing the processing time compared to the centralized solution. Finally, with respect to ad-hoc grouping techniques, we have developed a DDoS detection framework based on clustering.We have characterized the attacks detected and we have evaluated the efficiency and effectiveness of mitigating the attack impact.
Resumo:
An effective Distributed Denial of Service (DDoS) defense mechanism must guarantee legitimate users access to an Internet service masking the effects of possible attacks. That is, it must be able to detect threats and discard malicious packets in a online fashion. Given that emerging data streaming technology can enable such mitigation in an effective manner, in this paper we present STONE, a stream-based DDoS defense framework, which integrates anomaly-based DDoS detection and mitigation with scalable data streaming technology. With STONE, the traffic of potential targets is analyzed via continuous data streaming queries maintaining information used for both attack detection and mitigation. STONE provides minimal degradation of legitimate users traffic during DDoS attacks and it also faces effectively flash crowds. Our preliminary evaluation based on an implemented prototype and conducted with real legitimate and malicious traffic traces shows that STONE is able to provide fast detection and precise mitigation of DDoS attacks leveraging scalable data streaming technology.
