934 resultados para distributed denial-of-service attack
Resumo:
A computer system's security can be compromised in many ways—a denial-of-service attack can make a server inoperable, a worm can destroy a user's private data, or an eavesdropper can reap financial rewards by inserting himself in the communication link between a customer and her bank through a man-in-the-middle (MITM) attack. What all these scenarios have in common is that the adversary is an untrusted entity that attacks a system from the outside—we assume that the computers under attack are operated by benign and trusted users. But if we remove this assumption, if we allow anyone operating a computer system—from system administrators down to ordinary users—to compromise that system's security, we find ourselves in a scenario that has received comparatively little attention.
Resumo:
A run through various aspects of Distributed Denial of Service attacks
Resumo:
The Universal Serial Bus (USB) is an extremely popular interface standard for computer peripheral connections and is widely used in consumer Mass Storage Devices (MSDs). While current consumer USB MSDs provide relatively high transmission speed and are convenient to carry, the use of USB MSDs has been prohibited in many commercial and everyday environments primarily due to security concerns. Security protocols have been previously proposed and a recent approach for the USB MSDs is to utilize multi-factor authentication. This paper proposes significant enhancements to the three-factor control protocol that now makes it secure under many types of attacks including the password guessing attack, the denial-of-service attack, and the replay attack. The proposed solution is presented with a rigorous security analysis and practical computational cost analysis to demonstrate the usefulness of this new security protocol for consumer USB MSDs.
Resumo:
Recently a number of highly publicised incidents of Distributed Denial of Service (DDoS) attacks have made people aware of the importance of providing available securely the grids’ data and services to users. This paper introduces the vulnerability of grids to DDoS attacks, and proposes a distributed defense system that has a mixture deployment of sub-systems to protect grids from DDoS attacks. According to the simulation experiments, this system is effective to defend grids against attacks. It can avoid overall network congestion and provide more resources to legitimate grid users.
Resumo:
IP source address spoofing exploits a fundamental weakness in the Internet Protocol. It is exploited in many types of network-based attacks such as session hijacking and Denial of Service (DoS). Ingress and egress filtering is aimed at preventing IP spoofing. Techniques such as History based filtering are being used during DoS attacks to filter out attack packets. Packet marking techniques are being used to trace IP packets to a point that is close as possible to their actual source. Present IP spoofing countermeasures are hindered by compatibility issues between IPv4 and IPv6, implementation issues and their effectiveness under different types of attacks. We propose a topology based packet marking method that builds on the flexibility of packet marking as an IP trace back method while overcoming most of the shortcomings of present packet marking techniques.
Resumo:
Wireless sensor networks represent a new generation of real-time embedded systems with significantly different communication constraints from the traditional networked systems. With their development, a new attack called a path-based DoS (PDoS) attack has appeared. In a PDoS attack, an adversary, either inside or outside the network, overwhelms sensor nodes by flooding a multi-hop endto- end communication path with either replayed packets or injected spurious packets. In this article, we propose a solution using mobile agents which can detect PDoS attacks easily.
Resumo:
Wireless sensor networks represent a new generation of real-time embedded systems with significantly different communication constraints from the traditional networked systems. With their development, a new attack called a path-based DoS (PDoS) attack has appeared. In a PDoS attack, an adversary, either inside or outside the network, overwhelms sensor nodes by flooding a multi-hop end-to end communication path with either replayed packets or injected spurious packets. Detection and recovery from PDoS attacks have not been given much attention in the literature. In this article, we propose a solution using mobile agents which can detect PDoS attacks easily and efficiently and recover the compromised nodes.
Resumo:
Wireless sensor networks represent a new generation of real-time embedded systems with significantly different communication constraints from the traditional networked systems. With their development, a new attack called a path-based DoS (PDoS) attack has appeared. In a PDoS attack, an adversary, either inside or outside the network, overwhelms sensor nodes by flooding a multi-hop end-to-end communication path with either replayed packets or injected spurious packets. Detection and recovery from PDoS attacks have not been given much attention in the literature. In this article, we consider wireless sensor networks designed to collect and store data. In a path-based attack, both sensor nodes and the database containing collected data can be compromised. We propose a recovery method using mobile agents which can detect PDoS attacks easily and efficiently and recover the compromised nodes along with the database.
Resumo:
Distributed Denial-of-Service (DDoS) attacks are a serious threat to the safety and security of cyberspace. In this paper we propose a novel metric to detect DDoS attacks in the Internet. More precisely, we use the function of order α of the generalized (Rényi) entropy to distinguish DDoS attacks traffic from legitimate network traffic effectively. In information theory, entropies make up the basis for distance and divergence measures among various probability densities. We design our abnormal-based detection metric using the generalized entropy. The experimental results show that our proposed approach can not only detect DDoS attacks early (it can detect attacks one hop earlier than using the Shannon metric while order α =2, and two hops earlier than the Shannon metric while order α =10.) but can also reduce both the false positive rate and the false negative rate, compared with the traditional Shannon entropy metric approach.
Resumo:
Grid Web Services are still relevantly a new to business systems, and as more systems are being attached to it, any threat to it could bring collapse and huge harm. Some of these potential threats to Grid Web services come in a new form of a new denial of service attack (DoS), called XML Denial of Service or XDOS attacks. Though, as yet, there have not been any reported attacks from the media, we have observed these attacks are actually far less complex to implement than any previous Denial of Service (DoS), but still just as affective. Current security applications for grid web services (WS-Security for example), based on our observations, and are not up to job of handling the problem. In this paper, we build on our previous work called Service Oriented Traceback Architecture (SOTA), and apply our model to Grid Networks that employ web services. We further introduce a filter defence system, called XDetector, to work in combination with SOTA. Our results show that SOTA in conjunction with XDetector makes for an effective defence against XDoS attacks and upcoming DXDoS.
Resumo:
Both Flash crowds and DDoS (Distributed Denial-of-Service) attacks have very similar properties in terms of internet traffic, however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows, and DDoS attacks have been a serious threat to internet security and stability. In this paper we propose a set of novel methods using probability metrics to distinguish DDoS attacks from Flash crowds effectively, and our simulations show that the proposed methods work well. In particular, these mathods can not only distinguish DDoS attacks from Flash crowds clearly, but also can distinguish the anomaly flow being DDoS attacks flow or being Flash crowd flow from Normal network flow effectively. Furthermore, we show our proposed hybrid probability metrics can greatly reduce both false positive and false negative rates in detection.
Resumo:
In this article, we explare a recent incident involving aprolonged and severe denial of service attack directed at the Undemet Intemet Relay Chat network. It put the future viabifity of Undernet in doubt; it took some months for service quality to be restored. The circumstances of the attack and the responses, both technical and social, within Undemet are enlightening in themselves, as we discuss. But they also allow us to explore, contrast, and match up the limits of the libertarianism that seems embedded in the socio-technics of the Intemet and the possible and actual containment of 'free' services in a 'free' market, through the operation of commercial transactions.
Resumo:
Opportunistic networks or OppNets refer to a number of wireless nodes opportunistically communicating with each other in a form of “Store–Carry–Forward”. This occurs when they come into contact with each other without proper network infrastructure. OppNets use wireless technologies, such as IEEE 802.11, WiMAX, Bluetooth, and other short-range radio communication. In OppNets, there is no end-to-end connection between the source and the destination nodes, and the nodes usually have high mobility, low density, limited power, short radio range, and often subject to different kinds of attacks by malicious nodes. Due to these characteristics and features, OppNets are subject to serious security challenges. OppNets strongly depend on human interaction; therefore, the success of securing such networks is based on trust between people. This survey includes the security approaches in OppNets and techniques used to increase their security levels.
Resumo:
Il lavoro è stato suddiviso in tre macro-aree. Una prima riguardante un'analisi teorica di come funzionano le intrusioni, di quali software vengono utilizzati per compierle, e di come proteggersi (usando i dispositivi che in termine generico si possono riconoscere come i firewall). Una seconda macro-area che analizza un'intrusione avvenuta dall'esterno verso dei server sensibili di una rete LAN. Questa analisi viene condotta sui file catturati dalle due interfacce di rete configurate in modalità promiscua su una sonda presente nella LAN. Le interfacce sono due per potersi interfacciare a due segmenti di LAN aventi due maschere di sotto-rete differenti. L'attacco viene analizzato mediante vari software. Si può infatti definire una terza parte del lavoro, la parte dove vengono analizzati i file catturati dalle due interfacce con i software che prima si occupano di analizzare i dati di contenuto completo, come Wireshark, poi dei software che si occupano di analizzare i dati di sessione che sono stati trattati con Argus, e infine i dati di tipo statistico che sono stati trattati con Ntop. Il penultimo capitolo, quello prima delle conclusioni, invece tratta l'installazione di Nagios, e la sua configurazione per il monitoraggio attraverso plugin dello spazio di disco rimanente su una macchina agent remota, e sui servizi MySql e DNS. Ovviamente Nagios può essere configurato per monitorare ogni tipo di servizio offerto sulla rete.
Resumo:
This paper describes an experiment in designing, implementing and testing a Transport layer cluster scheduling and dispatching architecture. The motivation for the experiment was the hypothesis that a Transport layer clustering solution may offer advantantages over the existing industry-standard Network layer and Data Link Layer approaches. The critical success factors initially established to guide and evaluate the experiment were reduced dispatcher work load, reduced dispatcher internal state memory requirements, distributed denial of service resilience, and cluster software design simplicity. The functional design stage of the experiment produced a Transport layer strategy for scheduling and load balancing based on the specification of two new TCP options. Implementation required the introduction of the newly specified TCP options into the Linux (2.4) kernel. The implementation produced an extended Linux Socket API to facilitate user-process access to the additional TCP capability. The testing stage of the experiment confirmed the operational efficiency of the solution.
