Protecting web applications from DDoS attacks by an active distributed defense system

In the last a few years a number of highly publicized incidents of Distributed Denial of Service (DDoS) attacks against high-profile government and commercial websites have made people aware of the importance of providing data and services security to users. A DDoS attack is an availability attack, which is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resources. This paper introduces the vulnerability of web applications to DDoS attacks, and presents an active distributed defense system that has a deployment mixture of sub-systems to protect web applications from DDoS attacks. According to the simulation experiments, this system is effective in that it is able to defend web applications against attacks. It can avoid overall network congestion and provide more resources to legitimate web users.

Distributed defense against distributed denial-of-service attacks

Distributed defense is a promising way to neutralize the distributed Denial-of-Service attacks by detecting and responding the attacking sources widespread around the Internet. Components of the distributed defense system will cooperate with each other to combat the attacks. Compared with the centralized defense systems, distributed defense systems can discover the attacks more timely from both source end and victim end, fight the attacks with more resources and take advantage of more flexible strategies. This paper investigates 7 distributed defense systems which make use of various strategies to mitigate the DDoS attacks. Different architectures are designed in these 7 systems to provide distributed DDoS defense solutions. We evaluate these systems in terms of deployment, detection, response, security, robustness and implementation. For each criteria, we give a recommendation on which technologies are best suitable for a successful distributed defense system based on the analysis result. Finally we propose our idea on the design of an effective distributed defense system.

A distributed active defense system against DDoS attacks

This thesis proposes a novel architecture of Distributed Active Defense System (DADS) against Distibuted Denial of Service (DDoS) attacks. Three sub-systems of DADS were built. For each sub-system corresponding algorithms were developed, prototypes implemented, criteria for evaluation were set up and experiments in both simulation and real network laboratory environments were carried out.

Antioxidant defense system and family environment in adolescents with family history of psychosis

[EN] Our objective was to determine antioxidant defence activity in healthy controls (HC) and healthy unaffected second-degree relatives of patients with early onset psychosis (HC-FHP),and to assess its relationship with familiar environment measured using the Family Environment Scale (FES). Methods: We included 82 HC and 14 HC-FHP aged between 9 and 17 years. Total antioxidant status,lipid peroxidation, antioxidant enzyme activities and glutathione levels were determined in blood samples. Results:There was a significant decrease in the total antioxidant level in the HC-FHP group compared with the HC group (OR = 2.94; p = 0.009), but no between-group differences in the Global Assessment of Functioning (GAF) scale scores. For the FES, the HC-FHP group had significantly higher scores in the cohesion (p = 0.007) and intellectual-cultural dimensions (p=0.025). After adjusting for these two FES dimensions, total antioxidant status remained significantly different between groups (OR = 10.86, p = 0.009).

A defense system against DDoS attacks by large-scale IP traceback

In this paper, we present a new approach, called Flexible Deterministic Packet Marking (FDPM), to perform a large-scale IP traceback to defend against Distributed Denial of Service (DDoS) attacks. In a DDoS attack the victim host or network is usually attacked by a large number of spoofed IP packets coming from multiple sources. IP traceback is the ability to trace the IP packets to their sources without relying on the source address field of the IP header. FDPM provides many flexible features to trace the IP packets and can obtain better tracing capability than current IP traceback mechanisms, such as Probabilistic Packet Marking (PPM), and Deterministic Packet Marking (DPM). The flexibilities of FDPM are in two ways, one is that it can adjust the length of marking field according to the network protocols deployed; the other is that it can adjust the marking rate according to the load of participating routers. The implementation and evaluation demonstrates that the FDPM needs moderately only a small number of packets to complete the traceback process; and can successfully perform a large-scale IP traceback, for example, trace up to 110,000 sources in a single incident response. It has a built-in overload prevention mechanism, therefore this scheme can perform a good traceback process even it is heavily loaded.

The development of a Defense System against Coxsackievirus B5 Infection in Suckling Mice

There are many viruses that are able to infect the alimentary tract of man. Little is known, however, about the mechanism of infection itself or the pathophysiology of the gut during infection. 'The research reported here is concerned with the differences in susceptibility among suckling mice of various ages inoculated by the intraperitoneal and intragastric routes. Since the normal mode of entry of many viruses to the gut is via the oral route, Coxsackievirus B5, a human enterovirus which does attack this way, was utilized. It is a non-tumor producing RNA virus that has been shown to act similarly in the mouse and human. The virus was pooled in HeLa cell cultures and titered by a plaquing assay in the same cell cultures. CD-l mice, 10, 14, 18, and 22 days old , were infected either orally or intraperitoneally with 5.0 x 10^10 (10 day old animals) and 1.0 x10^9 plaque forming units per animal. Dissections were done at 1 and 3 days post infection with samples of the blood, heart, liver, and gut being taken from each animal. Each sample was titered individually and the data presented as an average of six samples. As a result of previous work, it is known that the gut of a newborn mouse isn't able to decrease the concentration of the infecting dose and therefore provides no defense against an enteric infection with Coxsackievirus B5. In contrat, mature mice are able to reduce the amount of viral dissemination across the gut as well as inhibit replication after absorption has occurred. The results of this study indicate that there is a double barrier system developing in suckling mice that is involved with and directly related to the gastrointestinal tract The first part of this defense is the inhibition of penetration of virus across the gut when the primary site of' infection is the intestinal mucosa. This mechanism develops sometime around 20 to 22 days after birth. At about 16-18 days of age, suckling mice that were challenged intragastrically are able to stop active replication and initiate clearance of virus from the systemic circulation. There are many factors that might contribute to the marked decrease in susceptibility with age of suckling mice. Some of these or possibly a combination of these factors might explain the defense mechanisms described above, but to date, the chemistry or mechanical functioning of the gastrointestinal barrier to enteric viral infection is unknown.

Multi-core Defense System (MSDS) for protecting computer infrastructure against DDoS attacks

Distributed Denial of Service attacks is one of the most challenging areas to deal with in Security. Not only do security managers have to deal with flood and vulnerability attacks. They also have to consider whether they are from legitimate or malicious attackers. In our previous work we developed a framework called bodyguard, which is to help security software developers from the current serialized paradigm, to a multi-core paradigm. In this paper, we update our research work by moving our bodyguard paradigm, into our new Ubiquitous Multi-Core Framework. From this shift, we show a marked improvement from our previous result of 20% to 110% speedup performance with an average cost of 1.5 ms. We also conducted a second series of experiments, which we trained up Neural Network, and tested it against actual DDoS attack traffic. From these experiments, we were able to achieve an average of 93.36%, of this attack traffic.

Testing of a distributed generation system with a virtual grid

The paper proposes a solution for testing of a physical distributed generation system (DGs) along with a computer simulated network. The computer simulated network is referred as the virtual grid in this paper. Integration of DG with the virtual grid provides broad area of testing of power supplying capability and dynamic performance of a DG. It is shown that a DG can supply a part of load power while keeping Point of Common Coupling (PCC) voltage magnitude constant. To represent the actual load, a universal load along with power regenerative capability is designed with the help of voltage source converter (VSC) that mimics the load characteristic. The overall performance of the proposed scheme is verified using computer simulation studies.

A self-tuning feedforward active noise control system

This paper proposes a self-tuning feedforward active noise control (ANC) system with online secondary path modeling. The step-size parameters of the controller and modeling filters have crucial rule on the system performance. In literature, these parameters are adjusted by trial-and-error. In other words, they are manually initialized before system starting, which require performing extensive experiments to ensure the convergence of the system. Hence there is no guarantee that the system could perform well under different situations. In the proposed method, the appropriate values for the step-sizes are obtained automatically. Computer simulation results indicate the effectiveness of the proposed method.

A high performance feedback active noise control system

In many active noise control (ANC) applications, an online secondary path modelling method that uses a white noise as a training signal is required. This paper proposes a new feedback ANC system. Here we modified both the FxLMS and the VSS-LMS algorithms to raised noise attenuation and modelling accuracy for the overall system. The proposed algorithm stops injection of the white noise at the optimum point and reactivate the injection during the operation, if needed, to maintain performance of the system. Preventing continuous injection of the white noise increases the performance of the proposed method significantly and makes it more desirable for practical ANC systems. Computer simulation results shown in this paper indicate effectiveness of the proposed method.

Z-source-inverter-based flexible distributed generation system solution for grid power quality improvement

Distributed generation (DG) systems are usually connected to the grid using power electronic converters. Power delivered from such DG sources depends on factors like energy availability and load demand. The converters used in power conversion do not operate with their full capacity all the time. The unused or remaining capacity of the converters could be used to provide some ancillary functions like harmonic and unbalance mitigation of the power distribution system. As some of these DG sources have wide operating ranges, they need special power converters for grid interfacing. Being a single-stage buck-boost inverter, recently proposed Z-source inverter (ZSI) is a good candidate for future DG systems. This paper presents a controller design for a ZSI-based DG system to improve power quality of distribution systems. The proposed control method is tested with simulation results obtained using Matlab/Simulink/PLECS and subsequently it is experimentally validated using a laboratory prototype.

Towards formal specification of a distributed computing system

Onboard spacecraft computing system is a case of a functionally distributed system that requires continuous interaction among the nodes to control the operations at different nodes. A simple and reliable protocol is desired for such an application. This paper discusses a formal approach to specify the computing system with respect to some important issues encountered in the design and development of a protocol for the onboard distributed system. The issues considered in this paper are concurrency, exclusiveness and sequencing relationships among the various processes at different nodes. A 6-tuple model is developed for the precise specification of the system. The model also enables us to check the consistency of specification and deadlock caused due to improper specification. An example is given to illustrate the use of the proposed methodology for a typical spacecraft configuration. Although the theory is motivated by a specific application the same may be applied to other distributed computing system such as those encountered in process control industries, power plant control and other similar environments.