To see the other types of publications on this topic, follow the link: Distributed Denial of Service Attacks (DDoS).
Dissertations / Theses on the topic 'Distributed Denial of Service Attacks (DDoS)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Distributed Denial of Service Attacks (DDoS).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Ramanauskaitė, Simona. "Modelling and Research of Distributed Denial of Service Attacks." Doctoral thesis, Lithuanian Academic Libraries Network (LABT), 2012. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2012~D_20120723_105031-70003.
Full textAbstract:
In the dissertation the Denial of Service (DoS) attacks and their models are investigated. DoS attack is a type of cyber attacks when an attacker tries to deny a service in the network machine. There are many types of DoS attacks, and therefore the main object of the dissertation is specified as distributed denial of service (DDoS) attacks. DDoS uses multiple agents at the same time to exhaust certain resources of network machine and make it unavailable.
The importance of DDoS attacks can be explained on the basis of the following facts: nowadays there are no countermeasures which can ensure full resistance to DDoS; DoS effect can be created even by legitimate users of the systems; internet services become more popular therefore the denial of such a service or diminishing of its quality can cause undesired impact on the other systems or their users.
The main objective of this dissertation is creation of model for the estimation of the composite DDoS attack success. This model would allow estimating of network machine resistance to different type and power DDoS attacks.
The dissertation consists of eight parts including Introduction, 5 chapters, Conclusions and References.
In the introduction, the investigated problem, importance of the thesis and the object of research are defined and the purpose and tasks of the thesis, scientific novelty are described together with the practical significance of results and defended statements. At the end of introduction, author’s... [to full text]Disertacijoje nagrinėjamos internetinės paslaugos sutrikdymo (angl. DoS – Denial of Service) atakos ir jų modeliavimo priemonės. Tai kibernetinių atakų tipas, kurių metu siekiama tam tikro tinkle veikiančio mazgo teikiamas paslaugas padaryti neprieinamas jų teisėtiems klientams. DoS atakos gali turėti daug skirtingų tipų, todėl šio darbo pagrindinis tyrimų objektas yra srautinė internetinės paslaugos sutrikdymo (angl. DDoS – Distributed Denial of Service) ataka, kuri paslaugos sutrikdymo siekia naudodama bent kelis atakuojančiuosius kompiuterius vienu metu ir kuri siekia išnaudoti visus pasirinkto tipo resursus tą paslaugą teikiančiame mazge. DDoS atakos aktualios dėl šių priežasčių: šiuo metu nėra apsaugos priemonių, leidžiančių patikimai ir užtikrintai apsisaugoti nuo jų keliamos grėsmės; jas gali sukelti net ir teisėti vartotojai, netinkamai elgdamiesi ar esant netinkamai paruoštai sistemai; internete teikiamos paslaugos vis dažniau naudojamos kasdieniniame gyvenime ir jų blokavimas ar kokybės suprastėjimas gali neigiamai paveikti kitų sistemų ar jų vartotojų darbą. Pagrindinis šios disertacijos tikslas – sukurti jungtinį DDoS atakos sėkmės tikimybės vertinimo modelį. Šis modelis leistų įvertinti kompiuterinės technikos sugebėjimą atlaikyti skirtingo tipo ir galingumo DDoS atakas, todėl galėtų būti taikomas prevencijai bei paslaugų tiekėjų kokybės vertinimui. Disertaciją sudaro įvadas, penki skyriai, rezultatų apibendrinimas, naudotos literatūros ir autoriaus publikacijų... [toliau žr. visą tekstą]
2
Namuduri, Sarita. "Distributed Denial of Service Attacks (DDoS)- Consequences and Future." Thesis, Linköping University, Department of Electrical Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-8055.
Full textAbstract:
Denial of Service and the Distributed Denial of Service Attacks have recently emerged as one of the most newsworthy, if not the greatest, weaknesses of the Internet. This paper attempt to explain how they work, why they are hard to combat today, and what will need to happen if they are to be brought under control. It is divided into eight sections. The first is an overview of the current situation and also brief explanatory of the rest of the chapters being covered. The second is a detailed description of exactly how this attack works, and why it is hard to cope with today; of necessity it includes a description of how the Internet works today. The third section is totally about the different attacks in recent years and how they affected the people or the bigorganizations. The fourth section describes the short-term prospects, the tools which are used to rectify these attacks. The fifth is problems being faced with an explanatory of the percentage of attack in recent years and comparing the problems. The sixth is what can be done today to help alleviate this problem. The seventh section describes the legal actions and also legal actions that can be followed against the attack by the victim; and the eighth section describes the long-term picture, what will change to bring this class of problem under control, if not eliminate it entirely. And finally there are some appendices: a bibliography, giving references to original research work and announcements; a brief article on securing servers; and acknowledgments for the many people who helped make this paper possible.
3
Eklund, Martin, and Patrik Ståhlberg. "Distributed denial of service attacks : Protection, Mitigation, and Economic Consequences." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-170924.
Full textAbstract:
Distributed Denial of Service attacks is a problem that constantly threatens companies that rely on the internet for major parts of their business. A successful DDoS attack that manages to penetrate a company’s network can lead to devastating damages in the form of lost income, reduced productivity, increase in costs, and damage to the company’s image and reputation. The different DDoS attacks are many and of different character and often Offer different parts of the network, which makes it very difficult to defend against. It is also very clear that DDoS attacks are increasing in both numbers and size every year. From our experiments we have proven that anyone with little knowledge and limited resources can perform DDoS attacks that will make a website unavailable. This fact should cause companies that base their business on the internet, aware that they are likely to someday be subject to a DDoS attack. From our research we have found a variety of different DDoS solutions on the market that promise to offer protection. Many of which claim to protect against all different types of DDoS attacks. In practice it is impossible to find something that guarantees 100% safety. According to earlier research in the field, there are many different ways of protecting a network against DDoS attacks, e.g. via Software Defined Networking, Hop-Count Filtering, or Kill-bots. Our own tests show that a virtual firewall can offer protection against DDoS attacks on a low scale, but that such a solution has a number of weaknesses. If the firewall does protect the website, the attacker could instead shift to attacking the firewall itself. Our research also shows that the most common motives behind DDoS attacks are criminal purposes. Criminals use DDoS attacks to earn money by offering directed DDoS attacks against websites or by trying to blackmail companies into paying a fee for not being attacked. We have also seen that the economic consequence of DDoS attacks are devastating if not handled with a sufficiently fast response. After investigating the e-commerce company CDON.com we learned that they could potentially lose roughly 36 410 SEK per minute when a DDoS attack is underway against them. In today’s business climate it is important for companies to be able to rely on the internet for their activity and for customers to have easy access to the company’s products and services. However, companies’ websites are being attacked and thus these companies need an explicit plan of how to mitigate such attacks.Distributed Denial of Service (DDoS) attacker är ett problem som ständigt hotar företag, som förlitar sig till internet för centrala delar av sin verksamhet. En DDoS-attack som lyckas penetrerar ett företags nätverk kan medföra förödande skador i form av förlorade intäkter, minskad produktivitet, ökade kostnader samt skada på företagets rykte/varumärke. DDoS-attackerna är många och av olika karaktär, som attackerar olika delar av ett företags nätverk, vilket leder till att det är svårt att effektivt skydda sig mot DDoS-attacker. Det står också klart att DDoS-attacker ökar både till antalet och storleksmässigt för varje år som går. Utifrån våra egna experiment har vi kunnat bevisa att vem som helst med små medel och begränsade kunskaper kan utföra en DDoS-attack som sänker en webbsida. Ett faktum som gör att alla företag vars verksamhet är baserad på internet bör räkna med att de någon gång bli utsatta för en DDoS-attack. Utifrån våra undersökningar kan vi se att det finns en uppsjö av olika DDoS-skydd på marknaden, skydd som hanterar några problem som DDoS-attacker medför, men det finns inga kompletta skydd som kan garantera 100 % säkerhet. Utifrån tidigare forskning på området framgår det att det finns många olika sätt att skydda sig mot DDoS-attacker, t.ex. genom Software Defined Networks, Hop-Count Filtering eller Kill-bots. Våra egna tester visar på att en virtuell brandvägg kan vara ett sätt att skydda sig mot DDoS-attacker, men testerna visar också att en sådan lösning inte heller är säker då man kan förstöra åtkomsten till webbsidan genom att överbelasta brandväggen.<p> Undersökningen visar också att ett av de vanligaste motiven bakom DDoS-attacker är kriminella ändamål. Kriminella som använder DDoS-attacker för att tjäna pengar genom att erbjuda riktade DDoS-attacker mot websidor eller genom försök att utpressa till betalning med DDoS-attacker som ett hot. Vi har kommit fram till att de ekonomiska konsekvenserna av DDoS-attacker kan vara ödestigna för företag om det inte hanteras i tid. Genom våra egna beräkningar har vi visat att e-handelsföretaget CDON.com riskerar att förlora ca 36 415,90 kr per minut som en DDoS-attack pågår mot företaget. Anledningen till av vi valt att ägnad denna uppsats åt DDoS-problemet, är den skrämmande ökningen av DDoS-attacker som man kan se sker årligen. Attackerna blir flera, de ökar storleksmässigt och de blir allt mer sofistikerade. Attackerna utförs också tillsynes omotiverat i vissa fall, men också välplanerade attacker utförs för att skada företag ekonomiskt. I dagens företagsklimat är det viktigt att företaget har möjlighet att använda sig av internet för att driva verksamheten och göra det enkelt för kunder att ta del av företagets produkter/tjänster. Att företags webbsidor blir utslagen på grund av en DDoS-attacker är idag en verklighet, och en tydlig plan för att hur man ska hantera en sådan incident bör finns på plats inom företag.
4
Saied, Alan. "Distributed Denial of Service (DDoS) attack detection and mitigation." Thesis, King's College London (University of London), 2015. http://kclpure.kcl.ac.uk/portal/en/theses/distributed-denial-of-service-ddos-attack-detection-and-mitigation(eaa45e51-f602-46da-a37a-75c3ae71d2db).html.
Full textAbstract:
A Distributed Denial of Service (DDoS) attack is an organised distributed packet-storming technique that aims to overload network devices and the communication channels between them. Its major objective is to prevent legitimate users from accessing networks, servers, services, or other computer resources. In this thesis, we propose, implement and evaluate a DDoS Detector approach consisting of detection, defence and knowledge sharing components. The detection component is designed to detect known and unknown DDoS attacks using an Artificial Neural Network (ANN) while the defence component prevents forged DDoS packets from reaching the victim. DDoS Detectors are distributed across one or more networks in order to mitigate the strength of a DDoS attack. The knowledge sharing component uses encrypted messages to inform other DDoS Detectors when it detects a DDoS attack. This mechanism increases the efficacy of the detection mechanism between the DDoS Detectors. This approach has been evaluated and tested against other related approaches in terms of Sensitivity, Specificity, False Positive Rate (FPR), Precision, and Detection Accuracy. A major contribution of the research is that this approach achieves a 98% DDoS detection and mitigation accuracy, which is 5% higher than the best result of previous related approaches.
5
Khanal, Sandarva, and Ciara Lynton. "Packet Simulation of Distributed Denial of Service (DDoS) Attack and Recovery." International Foundation for Telemetering, 2013. http://hdl.handle.net/10150/579511.
Full textAbstract:
ITC/USA 2013 Conference Proceedings / The Forty-Ninth Annual International Telemetering Conference and Technical Exhibition / October 21-24, 2013 / Bally's Hotel & Convention Center, Las Vegas, NVDistributed Denial of Service (DDoS) attacks have been gaining popularity in recent years. Most research developed to defend against DDoS attacks have focused on analytical studies. However, because of the inherent nature of a DDoS attack and the scale of a network involved in the attack, analytical simulations are not always the best way to study DDoS attacks. Moreover, because DDoS attacks are considered illicit, performing real attacks to study their defense mechanisms is not an alternative. For this reason, using packet/network simulators, such as OPNET Modeler, is the best option for research purposes. Detection of an ongoing DDoS attack, as well as simulation of a defense mechanism against the attack, is beyond the scope of this paper. However, this paper includes design recommendations to simulate an effective defense strategy to mitigate DDoS attacks. Finally, this paper introduces network links failure during simulation in an attempt to demonstrate how the network recovers during and following an attack.
6
Mekhitarian, Araxi, and Amir Rabiee. "A simulation study of an application layer DDoS detection mechanism." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-191145.
Full textAbstract:
Over the last couple of years the rise of application layer Distributed Denial of Service (DDoS) attacks has significantly increased. Because of this, many issues have been raised on how organizations and companies can protect themselves from intrusions and damages against their systems and services. The consequences from these attacks are many, ranging from revenue losses for companies to stolen personal data. As the technologies are evolving, application layer DDoS attacks are becoming more effective and there is not a concrete solution that entirely protects against them. This thesis focuses on the available defense mechanisms and presents a general overview of different types of application layer DDoS attacks and how they are constructed. Moreover this report provides a simulation based on one of the defense mechanisms mentioned, named CALD. The simulation tested two different application layer DDoS attacks and showed that CALD can detect and differentiate between the two attacks. This report can be used as a general information source for application layer DDoS attacks, how to detect them and how to defend against them. Furthermore the simulation can be used as a basis on how well a relatively small-scaled implementation of CALD can detect DDoS attacks on the application layer.Under de senaste åren har ökningen av Distributed Denial of Service (DDoS) attacker på applikationslagret ökat markant. På grund av detta har många frågor uppkommit om hur organisationer och företag kan skydda sig mot intrång och skador mot sina system och tjänster. Konsekvenserna av dessa attacker är många, allt från intäktsförluster för företag till stulen personlig data. Eftersom tekniken utvecklas, har DDoS attacker på applikationslagret blivit mer effektiva och det finns inte en konkret lösning för att hindra dem. Denna rapport fokuserar på de tillgängliga försvarsmekanismer och presenterar en allmän översikt över olika typer av DDoS-attacker på applikationslagret och hur de är uppbyggda. Dessutom bidrar den här rapporten med en redovisning av en simulering baserad på en av de försvarsmekanismer som nämns i rapporten, CALD. Simuleringen testade två olika attacker på applikationslagret och visar att CALD kan upptäcka och skilja mellan de två attackerna. Denna rapport kan användas som en allmän informationskälla för DDoSattacker på applikationslagret och hur man försvarar sig mot och upptäcker dessa. Vidare kan simuleringen användas som utgångspunkt på hur väl en relativt småskalig implementering av CALD kan upptäcka DDoS-attacker på applikationslagret.
7
Nilsson, Sebastian. "The Current State of DDoS Defense." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3933.
Full textAbstract:
A DDoS attack is an attempt to bring down a machine connected to the Internet. This is done by having multiple computers repeatedly sending requests to tie up a server making it unable to answer legitimate requests. DDoS attacks are currently one of the biggest security threats on the internet according to security experts. We used a qualitative interview with experts in IT security to gather data to our research. We found that most companies are lacking both in knowledge and in their protection against DDoS attacks. The best way to minimize this threat would be to build a system with redundancy, do a risk analysis and revise security policies. Most of the technologies reviewed were found ineffective because of the massive amount of data amplification attacks can generate. Ingress filtering showed promising results in preventing DDoS attacks by blocking packages with spoofed IP addresses thus preventing amplification attacks.
8
Jawad, Dina, and Felicia Rosell. "Speak-up as a Resource Based Defence against Application Layer Distributed Denial-of-Service Attacks." Thesis, KTH, Skolan för datavetenskap och kommunikation (CSC), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-166597.
Full textAbstract:
Under de senaste åren har antalet DDoS-attacker i Internets applikationsskikt ökat. Detta problem behöver adresseras. Den här rapporten presenterar ett antal existerande metoder för att upptäcka och skydda mot DDoS-attacker i applikationsskiktet. En metod för detta ändamål är att hitta avvikelser av olika typer hos de attackerande klienterna, för att urskilja mellan attackerande och vanliga klienter. Detta är ett brett utforskatförsvarsområde med många positiva resultat, men dessa metoder har ett antal brister, som att de kan resultera i både falska positiva och negativa resultat. En metod som ännu inte har undersökts tillräckligt är resurs-baserat försvar. Det är en metod med mycket potential, eftersom den tydligare kan skilja på goda och onda klienter under en DDoS-attack. Speak-up är en sådan metod och är huvudfokus i denna rapport. För- och nackdelarna med Speak-up har undersökts och resultaten visar på att Speak-up har potential till att bli ett kraftfullt verktyg mot DDoS-attacker. Speak-up har dock sina begränsningar och är därför inte det bästa alternativet under vissa typer av dessa DDoS-attacker.In recent years, the internet has endured an increase in application layer DDoS attacks. It is a growing problem that needs to be addressed. This paper presents a number of existing detection and protection methods that are used to mitigate application layer DDoS attacks. Anomaly detection is a widely explored area for defence and there have been many findings that show positive results in mitigating attacks. However, anomaly detection possesses a number of flaws, such as causing false positives and negatives. Another method that has yet to become thoroughly examined is resource based defence. This defence method has great potential as it addresses clear differences between legitimate users and attackers during a DDoS attack. One such defence method is called Speak-up and is the center of this paper. The advantages and limitations of Speak-up have been explored and the findings suggest that Speak-up has the potential to become a strong tool in defending against DDoS attacks. However, Speak-up has its limitations and may not be the best alternative during certain types of application layer DDoS attacks.
9
Yu, Xuan Hamilton John A. "A defense system on DDOS attacks in mobile ad hoc networks." Auburn, Ala., 2007. http://repo.lib.auburn.edu/2006%20Fall/Dissertations/YU_XUAN_49.pdf.
Full text
10
Chan, Yik-Kwan Eric, and 陳奕鈞. "Investigation of a router-based approach to defense against Distributed Denial-of-Service (DDoS) attack." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B30173309.
Full text
11
Andersson, Karl, and Marcus Odlander. "Detecting a Distributed Denial-of-Service Attack Using Speed Test Data: A Case Study on an Attack with Nationwide Impact." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-120611.
Full textAbstract:
This thesis presents a case study that investigates a large Distributed Denial of Service (DDoS) attack and how it affected speed tests observed by the crowd-based speed test application Bredbandskollen. Furthermore, the thesis also investigates the possibility of using crowd-based speed tests as a method to detect a DDoS attack. This method has very low overhead which makes it an interesting complement to other methods. This thesis also shows that there was a significant deviation in the number of measurements during the DDoS attack considered in the case study compared to the year average. Furthermore, the measurements of the peak day of the attack had a higher average download speed than the year average. Whereas the higher download speed observation at first may appear non-intuitive, we briefly discuss potential explanations and how such positive anomalies could potentially be used to detect attacks. Detecting DDoS attacks early can lead to earlier recognition of network problems which can aid Internet Service Providers (ISPs) in maintaining the availability of their networks.
12
Skog, Andersen Jonas, and Ammar Alderhally. "Denial-of-service attack : A realistic implementation of a DoS attack." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-120690.
Full textAbstract:
This report describes some of the most well known denial of service attacks (DoS-attacks). This will be done in the first part of the report, the second part describes an implementation of a DoS-attack. The main purpose of its first part is to closer examine common DoS-attacks, the purpose of such attacks, the protection methods that can be deployed to mitigate these attacks and the ways that are used to measure these attacks. The second part describes a implementation of a practical attack implemented using HTTP POST requests to overwhelm a web server, so called HTTP POST attack. The attack was carried out using different number of attack nodes, up to the default maximum limit for Apache web server. The attack succeeded after several attempts with different parameters. As a result of the experiments we learnt that a successful HTTP POST attack needs to take between 15% and 100% of the maximum permitted clients to make an impact on the server’s response time. The server that was attacked had no defence mechanism to protect itself against DoS-attacks. One important thing to note is that this attack is carried out in a protected environment so as not to affect the external environment.
13
Devasundaram, Shanmuga Sundaram. "PERFORMANCE EVALUATION OF A TTL-BASED DYNAMIC MARKING SCHEME IN IP TRACEBACK." University of Akron / OhioLINK, 2006. http://rave.ohiolink.edu/etdc/view?acc_num=akron1164051699.
Full text
14
Karandikar, Sampada. "Analysis of distributed denial of service attacks and countermeasures." Connect to this title online, 2009. http://etd.lib.clemson.edu/documents/1263409912/.
Full text
15
Thing, Vrizlynn Ling Ling. "Adaptive Response System for Distributed Denial-of-Service Attacks." Thesis, Imperial College London, 2008. http://hdl.handle.net/10044/1/4264.
Full textAbstract:
The continued prevalence and severe damaging effects of the Distributed Denial of Service (DDoS) attacks in today’s Internet raise growing security concerns and call for an immediate response to come up with better solutions to tackle DDoS attacks. The current DDoS prevention mechanisms are usually inflexible and determined attackers with knowledge of these mechanisms, could work around them. Most existing detection and response mechanisms are standalone systems which do not rely on adaptive updates to mitigate attacks. As different responses vary in their “leniency” in treating detected attack traffic, there is a need for an Adaptive Response System. We designed and implemented our DDoS Adaptive ResponsE (DARE) System, which is a distributed DDoS mitigation system capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integrations for both signature-based and anomaly-based detection modules. Additionally, the design of DARE’s individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. These components consist of an Enhanced TCP SYN Attack Detector and Bloom-based Filter, a DDoS Flooding Attack Detector and Flow Identifier, and a Non Intrusive IP Traceback mechanism. The components work together interactively to adapt the detections and responses in accordance to the attack types. Experiments conducted on DARE show that the attack detection and mitigation are successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests is maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. We also designed and implemented a Traffic Redirection Attack Protection System (TRAPS), a stand-alone DDoS attack detection and mitigation system for IPv6 networks. In TRAPS, the victim under attack verifies the authenticity of the source by performing virtual relocations to differentiate the legitimate traffic from the attack traffic. TRAPS requires minimal deployment effort and does not require modifications to the Internet infrastructure due to its incorporation of the Mobile IPv6 protocol. Experiments to test the feasibility of TRAPS were carried out in a testbed environment to verify that it would work with the existing Mobile IPv6 implementation. It was observed that the operations of each module were functioning correctly and TRAPS was able to successfully mitigate an attack launched with spoofed source IP addresses.
16
Damour, Gabriel. "Information-Theoretic Framework for Network Anomaly Detection: Enabling online application of statistical learning models to high-speed traffic." Thesis, KTH, Matematisk statistik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-252560.
Full textAbstract:
With the current proliferation of cyber attacks, safeguarding internet facing assets from network intrusions, is becoming a vital task in our increasingly digitalised economies. Although recent successes of machine learning (ML) models bode the dawn of a new generation of intrusion detection systems (IDS); current solutions struggle to implement these in an efficient manner, leaving many IDSs to rely on rule-based techniques. In this paper we begin by reviewing the different approaches to feature construction and attack source identification employed in such applications. We refer to these steps as the framework within which models are implemented, and use it as a prism through which we can identify the challenges different solutions face, when applied in modern network traffic conditions. Specifically, we discuss how the most popular framework -- the so called flow-based approach -- suffers from significant overhead being introduced by its resource heavy pre-processing step. To address these issues, we propose the Information Theoretic Framework for Network Anomaly Detection (ITF-NAD); whose purpose is to facilitate online application of statistical learning models onto high-speed network links, as well as provide a method of identifying the sources of traffic anomalies. Its development was inspired by previous work on information theoretic-based anomaly and outlier detection, and employs modern techniques of entropy estimation over data streams. Furthermore, a case study of the framework's detection performance over 5 different types of Denial of Service (DoS) attacks is undertaken, in order to illustrate its potential use for intrusion detection and mitigation. The case study resulted in state-of-the-art performance for time-anomaly detection of single source as well as distributed attacks, and show promising results regarding its ability to identify underlying sources.I takt med att antalet cyberattacker växer snabbt blir det alltmer viktigt för våra digitaliserade ekonomier att skydda uppkopplade verksamheter från nätverksintrång. Maskininlärning (ML) porträtteras som ett kraftfullt alternativ till konventionella regelbaserade lösningar och dess anmärkningsvärda framgångar bådar för en ny generation detekteringssytem mot intrång (IDS). Trots denna utveckling, bygger många IDS:er fortfarande på signaturbaserade metoder, vilket förklaras av de stora svagheter som präglar många ML-baserade lösningar. I detta arbete utgår vi från en granskning av nuvarande forskning kring tillämpningen av ML för intrångsdetektering, med fokus på de nödvändiga steg som omger modellernas implementation inom IDS. Genom att sätta upp ett ramverk för hur variabler konstrueras och identifiering av attackkällor (ASI) utförs i olika lösningar, kan vi identifiera de flaskhalsar och begränsningar som förhindrar deras praktiska implementation. Särskild vikt läggs vid analysen av de populära flödesbaserade modellerna, vars resurskrävande bearbetning av rådata leder till signifikant tidsfördröjning, vilket omöjliggör deras användning i realtidssystem. För att bemöta dessa svagheter föreslår vi ett nytt ramverk -- det informationsteoretiska ramverket för detektering av nätverksanomalier (ITF-NAD) -- vars syfte är att möjliggöra direktanslutning av ML-modeller över nätverkslänkar med höghastighetstrafik, samt tillhandahåller en metod för identifiering av de bakomliggande källorna till attacken. Ramverket bygger på modern entropiestimeringsteknik, designad för att tillämpas över dataströmmar, samt en ASI-metod inspirerad av entropibaserad detektering av avvikande punkter i kategoriska rum. Utöver detta presenteras en studie av ramverkets prestanda över verklig internettrafik, vilken innehåller 5 olika typer av överbelastningsattacker (DoS) genererad från populära DDoS-verktyg, vilket i sin tur illustrerar ramverkets användning med en enkel semi-övervakad ML-modell. Resultaten visar på hög nivå av noggrannhet för detektion av samtliga attacktyper samt lovande prestanda gällande ramverkets förmåga att identifiera de bakomliggande aktörerna.
17
Aputis, Artūras. "DDoS (distributed denial of service) atakų atrėmimo algoritmų tyrimas ir modeliavimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2013. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2012~D_20131105_095501-14832.
Full textAbstract:
Šiuo metu yra sukurta nemažai priemonių aptikti įvairiausias DDoS atakas, tačiau siekiant sustabdyti arba bent sušvelninti DDoS atakų poveikį yra nuveikta labai nedaug. Yra labai sunku pasirinkti tinkamą DDoS atakos atrėmimo metodą. DDoS atakų atrėmimo metodų analizė galėtų padėti pasirinkti tinkamiausią metodą. „BGP DDoS Diversion“ atakų atrėmimo metodas yra vienas efektyviausių ir mažiausiai kaštų reikalaujantis metodas. Šis metodas įgyvendinamas panaudojant BGP protokolą. Ataka yra atremiama kuomet BGP protokolo pagalba yra paskelbiama tik dalis tinklo. DDoS atakos duomenų srautas tokiu atveju yra nukreipiamas į paskelbtą tinklo dalį, o kita tinklo dalis lieka nepažeista atakos. Interneto paslaugų teikėjai naudodami „BGP DDoS Diversion“ atrėmimo metodą gali apsaugoti savo tinklą nuo visiško nepasiekiamumo. Šiame tyrime buvo išnagrinėti DDoS atakų atrėmimo metodai. Išsamiai analizei buvo pasirinktas „BGP DDoS Diversion“ atrėmimo metodas. Metodo analizei buvo pasirinkta virtuali terpė. Sudaryti virtualią terpę buvo pasirinkta OPNET tinklų modeliavimo programa. Panaudojant OPNET modeliavimo įrangą, buvo sukurtas virtualus tinklas, veikiantis Interneto tinklo pagrindu. Sukurtame tinkle buvo įgyvendintas „BGP DDoS Diversion“ atakų atrėmimo metodas. Šiame darbe yra pateikta minėto atrėmimo metodo veikimo charakteristikų analizė.Nowadays there are lot of ways how to detect various types of DDoS attacks, but in order to stop, or at least to mitigate the impact of such DDoS attacks not enough work is done. It is very difficult to choose the right DDoS mitigation method. The research of DDoS attacks mitigation can provide a good manual how to choose the most appropriate method. „BGP DDoS Diversion“ method is one of the most effective and least cost to deliver DDoS mitigation method. This method is implemented using BGP protocol. BGP diversion mechanism is used to announce a specific part of the provider‘s network to (a part of) the Internet. Announcing a specific part of this network will divert the DDoS traffic and thereby prevent other parts of the provider‘s network becoming unreachable. This gives the provider the ability to continue providing services of the rest of his custumers. This research was based on analyzing the DDoS mitigation methods. For the better analyzes the „BGP DDoS Diversion“ method was chosen. To analyze this method the virtual environment was the best way to accomplish this task. OPNET modeler software was chosen to create the virtual environment. Using OPNET the virtual network was created. Virtual network was based on Internet network standards. „BGP DDoS Diversion“ method was implemented and tested in the virtual network. This research provides the detail analyzes of „BGP DDoS Diversion“ method.
18
DiMarco, Peter Lewis. "Evaluation of Moving Target IPv6 Defense and Distributed Denial of Service Defenses." Thesis, Virginia Tech, 2013. http://hdl.handle.net/10919/24697.
Full textAbstract:
A Denial-of-Service (DoS) attack is a network attack from a single machine that attempts to prevent the victim, the targeted machine, from communicating to other devices on the network or perform its normal tasks. The extension of these attacks to include many malicious machines became known as Distributed Denial-of-Service (DDoS) attacks. DDoS attacks cause an immense amount of strain on both the victim and the devices used to reach the victim. In reaction to these attacks, preexisting technologies were used as DDoS defenses to mitigate the effects. The two most notable defenses used are the firewall and Internet Protocol Security (IPsec). The technologies behind these defenses emerged over twenty years ago and since then have been updated to conform to the newest Internet protocols. While these changes have kept the technologies viable, these defenses have still fallen victim to successful attacks.
Because of the number of Internet connected devices and the small address space in Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6) was developed to solve the address space problem. With IPv6 however, there are new problems to address; therefore, these aforementioned defenses have to be further modifed to accommodate the new protocol. Moving Target IPv6 Defense (MT6D) has been developed to attempt to leverage the new standard against DDoS attacks in the IPv6 arena. This research evaluates the DDoS prevention capabilities of the aging defenses relative to the newly developed MT6D to determine which defense is best suited to defend against these attacks for a variety of scenarios. The threat environment in this study is limited to Synchronize (SYN) Flood, HTTP/GET Flood, Denial6, Dos-New-IP6, and Slowloris attacks. Attacks on the MT6D key distribution mechanism are not considered. Strengths and weaknesses of the aforementioned defenses are presented and analyzed.
This project examines different metrics including the performance impact on the machines and the client throughput in an instrumented testbed. MT6D has high operating costs and low throughput compared to the other defenses. Under DDoS attacks, the firewall is unable to prevent attacks in IPv6 due to the inability to determine the same host from multiple Internet Protocol (IP) addresses. Overall, IPsec and MT6D effectively mitigate the DDoS attacks. Although, MT6D is susceptible to some attacks due to its operating at the guest level. At this point in MT6D's development, the difference in performance could be considered a reasonable price to pay for the added benefits from MT6D.Master of Science
19
Arnör, Johan. "Domain-Driven Security’s take on Denial-of-Service (DoS) Attacks." Thesis, KTH, Skolan för datavetenskap och kommunikation (CSC), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-189340.
Full textAbstract:
Many companies and organisations today suffer from Denial-of-Service (DoS) attacks, which can have direct and indirect economical consequences. This thesis tackles this problem with a novel approach by utilising domain specific behaviour and knowledge. The goal is to distinguish malicious attacks from legitimate usage and to alter overall system behaviour at the event of a DoS attack. Distributed DoS attacks (DDoS) are examined as well as a category suggested in this thesis, namely Domain DoS attacks. A simple e-commerce system is developed based on the principles of Domain-Driven Design in order to test the given approach. Five examples of DoS attacks are presented and tested towards the system. The results indicate that utilising domain behaviour is a suitable approach in order to mitigate DoS attacks, but it requires deep integration with the application itself.Många företag och organisationer lider idag av Denial-of-Service-attacker (DoS-attacker), som kan få direkta och indirekta ekonomiska konsekvenser. Denna avhandling ser nytänkande på detta problem genom att dra nytta av domänspecifikt beteende och kunskap. Målet är att skilja skadliga attacker från legitimt användande och att ändra systemets beteende i händelse av en DoS-attack. Distribuerade DoS-attacker (DDoS) undersöks så väl som en kategori föreslagen i denna avhandling, kallad Domän DoS-attacker. Ett enkelt e-handelssystem utvecklas baserat på principer från domändriven design i syfte att testa den givna tesen. Fem exempel av DoS-attacker är presenterade och testade gentemot systemet. Resultaten indikerar att utnyttjandet av domänbeteende är ett lämpligt tillvägagångssätt för att avvärja DoS-attacker, men att det kräver djup integration med applikationen.
20
Andersson, Emil. "DDoS: Ett evolverande fenomen / DDoS: An evolving phenomenon." Thesis, Malmö högskola, Fakulteten för teknik och samhälle (TS), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20596.
Full textAbstract:
Internetfenomenet ”Distributed Denial of Service”, förkortat DDoS, beskrivs ofta som ett av destörsta hoten mot Internet idag. Genom att utnyttja den grundläggande strukturen i kommunikationmellan nätverk och datorer kan kriminella blockera och stänga ute webbplatser och -tjänster frånanvändare, samtidigt som det är mycket svårt för offret och myndigheter att någonsin identifieraden eller de skyldiga. Enorma globala nätverk av ovetande människors infekterade datorer fjärrstyrstill att utföra angrepp mot alla sorters organisationer på Internet med olika motiv, som finansiella,politiska eller för ren vandalism. Syftet med det här arbetet är att göra en dagsaktuell kartläggningöver läget kring DDoS-angrepp och titta på statistik över de mest förekommande angreppstyperna,och se om den nyare publicerade forskningen kan svara på de pågående och framträdande trendersom kan ses. Sex forskningsartiklar väljs ut att jämföra med dessa trender för att se var merforskning krävs. Resultatet visar att forskningen kring försvar mot HTTP-GET-angrepp är bristande,samt att den framträdande trenden där angreppen allt oftare använder sig av olika angreppstypersamtidigt inte har undersökts. Mer öppen forskning bör riktas mot dessa bristande områden.The Internet phenomenon ”Distributed Denial of Service”, in short DDoS, is often said to be one ofthe greatest threats to the Internet today. By abusing the foundation of inter-network and computercommunication, criminals can block and shut out websites and services from users while making itvery hard for the victim and the authorities to ever identify who was behind it. Enormous globalnetworks made up of unknowing peoples' infected computers can be remotely controlled to conductattacks against all sorts of organisations on the Internet with different motives, from financial orpolitic to sheer vandalism. The purpose of this study is to create an up-to-date mapping of thesituation of DdoS-attacks and look at statistics of the most prevalent attack types, and to check ifnewly published research can answer the current and emerging trends that can be seen. Six researcharticles are chosen to compare with these trends to see where more research is required. The resultsshow that the research around defense against HTTP-GET-attacks is lacking, and that the emergenttrend of DDoS-attacks that make use of more than one attack type at the same time has not beenexamined. More open research should be directed to these lacking areas.
21
Li, Chi-Pan. "A distributed scheme to detect and defend against distributed denial of service attacks /." View Abstract or Full-Text, 2003. http://library.ust.hk/cgi/db/thesis.pl?COMP%202003%20LI.
Full textAbstract:
Thesis (M. Phil.)--Hong Kong University of Science and Technology, 2003.Includes bibliographical references (leaves 102-107). Also available in electronic version. Access restricted to campus users.
22
Negi, Chandan Singh. "Using network management systems to detect Distributed Denial of Service Attacks." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2001. http://handle.dtic.mil/100.2/ADA397257.
Full textAbstract:
Thesis (M.S. in Information Systems Technology and M.S. in Computer Science)--Naval Postgraduate School, Sept. 2001.Thesis advisors, Bordetsky, Alex ; Clark, Paul. "September 2001." Includes bibliographical references (p. 115-117). Also available in print.
23
Eriksson, Tomas, and Hans Joelsson. "DDoS : -Vad är det och går det att skydda sig?" Thesis, Växjö University, School of Mathematics and Systems Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-886.
Full textAbstract:
This paper will expose the serious phenonomen Distributed Denial of Service (DDoS). Businesses without a good security policy are easy targets for attackers. We will cover why its hard to protect yourself, present previous attacks and ways for individuals and businesses to secure themselves. We have based our paper on previous cases and done intervjues with companies who specialize in dealing with these kind of threats. Then come up with guidelines wich will be helpful for businesses when they want to strengthen there security against Distributed Denial of Service-attacks.
Detta arbete upplyser om hur allvarligt fenomenet Distributed Denial of Service (DDoS) är. Företag utan ett väl fungerande säkerhetstänkande kan råka riktigt illa ut vid en DDoS-attack. Vi kommer att berätta om problemet och ta upp tidigare attacker samt förslag på åtgärder för att öka säkerheten för både privatpersoner och företag. Vi kommer att utgå från tidigare Case om DDoS och intervjua säkerhetsföretag för att kunna framställa en skyddsstrategi. Därmed hoppas vi att vår uppsats kommer att vara till hjälp för företag som står inför valet att öka säkerheten mot Distributed Denial of Service.
24
McNevin, Timothy John. "Mitigating Network-Based Denial-of-Service Attacks with Client Puzzles." Thesis, Virginia Tech, 2005. http://hdl.handle.net/10919/31941.
Full textAbstract:
Over the past few years, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have become more of a threat than ever. These attacks are aimed at denying or degrading service for a legitimate user by any means necessary. The need to propose and research novel methods to mitigate them has become a critical research issue in network security. Recently, client puzzle protocols have received attention as a method for combating DoS and DDoS attacks. In a client puzzle protocol, the client is forced to solve a cryptographic puzzle before it can request any operation from a remote server or host. This thesis presents the framework and design of two different client puzzle protocols: Puzzle TCP and Chained Puzzles.
Puzzle TCP, or pTCP, is a modification to the Transmission Control Protocol (TCP) that supports the use of client puzzles at the transport layer and is designed to help combat various DoS attacks that target TCP. In this protocol, when a server is under attack, each client is required to solve a cryptographic puzzle before the connection can be established. This thesis presents the design and implementation of pTCP, which was embedded into the Linux kernel, and demonstrates how effective it can be at defending against specific attacks on the transport layer.
Chained Puzzles is an extension to the Internet Protocol (IP) that utilizes client puzzles to mitigate the crippling effects of a large-scale DDoS flooding attack by forcing each client to solve a cryptographic problem before allowing them to send packets into the network. This thesis also presents the design of Chained Puzzles and verifies its effectiveness with simulation results during large-scale DDoS flooding attacks.Master of Science
25
Brignoli, Delio. "DDoS detection based on traffic self-similarity." Thesis, University of Canterbury. Computer Science and Software Engineering, 2008. http://hdl.handle.net/10092/2105.
Full textAbstract:
Distributed denial of service attacks (or DDoS) are a common occurrence on the internet and are becoming more intense as the bot-nets, used to launch them, grow bigger. Preventing or stopping DDoS is not possible without radically changing the internet infrastructure; various DDoS mitigation techniques have been devised with different degrees of success. All mitigation techniques share the need for a DDoS detection mechanism. DDoS detection based on traffic self-similarity estimation is a relatively new approach which is built on the notion that undis- turbed network traffic displays fractal like properties. These fractal like properties are known to degrade in presence of abnormal traffic conditions like DDoS. Detection is possible by observing the changes in the level of self-similarity in the traffic flow at the target of the attack. Existing literature assumes that DDoS traffic lacks the self-similar properties of undisturbed traffic. We show how existing bot- nets could be used to generate a self-similar traffic flow and thus break such assumptions. We then study the implications of self-similar attack traffic on DDoS detection. We find that, even when DDoS traffic is self-similar, detection is still possible. We also find that the traffic flow resulting from the superimposition of DDoS flow and legitimate traffic flow possesses a level of self-similarity that depends non-linearly on both relative traffic intensity and on the difference in self-similarity between the two incoming flows.
26
Vordos, Ioannis. "Mitigating distributed denial of service attacks with Multiprotocol Label Switching--Traffic Engineering (MPLS-TE)." Thesis, Monterey, Calif. : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/March/09Mar%5FVordos.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, March 2009.Thesis Advisor(s): Xie, Geoffry. "March 2009." Description based on title screen as viewed on April 23, 2009. Author(s) subject terms: Traffic Engineering, Distributed Denial of Service Attacks, Sinkhole Routing, Blackhole Routing. Includes bibliographical references (p. 115-119). Also available in print.
27
Saw, Tee Huu. "Evaluation of a multi-agent system for simulation and analysis of distributed denial-of-service attacks." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Dec%5FSaw.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, December 2003.Thesis advisor(s): James B. Michael, Mikhail Auguston. Includes bibliographical references (p. 52-54). Also available online.
28
Fabre, Pierre-Edouard. "Using network resources to mitigate volumetric DDoS." Thesis, Evry, Institut national des télécommunications, 2018. http://www.theses.fr/2018TELE0020/document.
Full textAbstract:
Les attaques massives par déni de service représentent une menace pour les services Internet. Ils impactent aussi les fournisseurs de service réseau et menace même la stabilité de l’Internet. Il y a donc un besoin pressant de contrôler les dommages causés par ces attaques. De nombreuses recherches ont été menées, mais aucune n’a été capable de combiner le besoin d’atténuation de l’attaque, avec l’obligation de continuité de service et les contraintes réseau. Les contre mesures proposées portent sur l’authentification des clients légitimes, le filtrage du trafic malicieux, une utilisation efficace des interconnections entre les équipements réseaux, ou l’absorption de l’attaque par les ressources disponibles. Dans cette thèse, nous proposons un mécanisme de contrôle de dommages. Basé sur une nouvelle signature d’attaque et les fonctions réseaux du standard Multiprotocol Label Switching (MPLS), nous isolons le trafic malicieux du trafic légitime et appliquons des contraintes sur la transmission du trafic malicieux. Le but est de rejeter suffisamment de trafic d’attaque pour maintenir la stabilité du réseau tout en préservant le trafic légitime. La solution prend en compte des informations sur l’attaque, mais aussi les ressources réseaux. Considérant que les opérateurs réseaux n’ont pas une même visibilité sur leur réseau, nous étudions l’impact de contraintes opérationnelles sur l’efficacité d’une contre mesure régulièrement recommandée, le filtrage par liste noire. Les critères d’évaluation sont le niveau d’information sur l’attaque ainsi que sur le trafic réseau. Nous formulons des scénarios auxquels chaque opérateur peut s’identifier. Nous démontrons que la l’algorithme de génération des listes noires doit être choisi avec précaution afin de maximiser l’efficacité du filtrageMassive Denial of Service attacks represent a genuine threat for Internet service, but also significantly impact network service providers and even threat the Internet stability. There is a pressing need to control damages caused by such attacks. Numerous works have been carried out, but were unable to combine the need for mitigation, the obligation to provide continuity of service and network constraints. Proposed countermeasures focus on authenticating legitimate traffic, filtering malicious traffic, making better use of interconnection between network equipment or absorbing attack with the help of available resources. In this thesis, we propose a damage control mechanism against volumetric Denial of Services. Based on a novel attack signature and with the help of Multiprotocol Label Switching (MPLS) network functions, we isolate malicious from legitimate traffic. We apply a constraint-based forwarding to malicious traffic. The goal is to discard enough attack traffic to sustain network stability while preserving legitimate traffic. It is not only aware of attack details but also network resource, especially available bandwidth. Following that network operators do not have equal visibility on their network, we also study the impact of operational constraints on the efficiency of a commonly recommended countermeasure, namely blacklist filtering. The operational criteria are the level of information about the attack and about the traffic inside the network. We then formulate scenario which operators can identify with. We demonstrate that the blacklist generation algorithm should be carefully chosen to fit the operator context while maximizing the filtering efficiency
29
Ikusan, Ademola A. "Collaboratively Detecting HTTP-based Distributed Denial of Service Attack using Software Defined Network." Wright State University / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=wright1515067456228498.
Full text
30
Morrison, Glenn Sean. "Threats and Mitigation of DDoS Cyberattacks Against the U.S. Power Grid via EV Charging." Wright State University / OhioLINK, 2018. http://rave.ohiolink.edu/etdc/view?acc_num=wright1535490827978036.
Full text
31
Trabé, Patrick. "Infrastructure réseau coopérative et flexible de défense contre les attaques de déni de service distribué." Toulouse 3, 2006. http://www.theses.fr/2006TOU30288.
Full textAbstract:
Les attaques par déni de service distribué (DDoS, Distributed Denial of Service) consistent à limiter ou à empêcher l'accès à un service informatique. La disponibilité du service proposé par la victime est altérée soit par la consommation de la bande passante disponible sur son lien, soit à l'aide d'un nombre très important de requêtes dont le traitement surconsomme les ressources dont elle dispose. Le filtrage des DDoS constitue aujourd'hui encore un problème majeur pour les opérateurs. Le trafic illégitime ne comporte en effet que peu ou pas de différences par rapport au trafic légitime. Ces attaques peuvent ensuite tirer parti et attaquer des services disposés dans le réseau. L'approche présentée dans cette thèse se veut pragmatique et cherche à aborder ce problème suivant deux angles ; à savoir contenir l'aspect dynamique et distribué de ces attaques d'une part, et être capable de préserver le trafic légitime et le réseau d'autre part. Nous proposons dans ce but une architecture distribuée de défense comportant des nœuds de traitement associés aux routeurs des points de présence et d'interconnexion du réseau de l'opérateur. Ces nœuds introduisent dans le réseau, par le biais d'interfaces ouvertes, la programmabilité qui apporte la flexibilité et la dynamicité requises pour la résolution du problème. Des traitements de niveau réseau à applicatif sur les datagrammes sont ainsi possibles, et les filtrages sont alors exempts de dommages collatéraux. Un prototype de cette architecture permet de vérifier les concepts que nous présentonsThe goal of Distributed Denial of Service attacks (DDoS) is to prevent legitimate users from using a service. The availability of the service is attacked by sending altered packets to the victim. These packets either consume a large part of networks bandwidth, or create an artificial consumption of victim’s key resources such as memory or CPU. DDoS’ filtering is still an important problem for network operators since illegitimate traffics look like legitimate traffics. The discrimination of both classes of traffics is a hard task. Moreover DDoS victims are not limited to end users (e. G. Web server). The network is likely to be attacked itself. The approach presented in this thesis is pragmatic. Firstly it seeks to control dynamic and distributed aspects of DDoS. Secondly it looks for protecting legitimate traffics and the network against collateral damages. Thus we propose a distributed infrastructure of defense based on nodes dedicated to the analysis and the filtering of the illegitimate traffic. Each node is associated with one POP router or interconnection router in order to facilitate its integration into the network. These nodes introduce the required programmability through open interfaces. The programmability offers applicative level packets processing, and thus treatments without collateral damages. A prototype has been developed. It validates our concepts
32
Thames, John Lane. "Advancing cyber security with a semantic path merger packet classification algorithm." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/45872.
Full textAbstract:
This dissertation investigates and introduces novel algorithms, theories, and supporting frameworks to significantly improve the growing problem of Internet security. A distributed firewall and active response architecture is introduced that enables any device within a cyber environment to participate in the active discovery and response of cyber attacks. A theory of semantic association systems is developed for the general problem of knowledge discovery in data. The theory of semantic association systems forms the basis of a novel semantic path merger packet classification algorithm. The theoretical aspects of the semantic path merger packet classification algorithm are investigated, and the algorithm's hardware-based implementation is evaluated along with comparative analysis versus content addressable memory. Experimental results show that the hardware implementation of the semantic path merger algorithm significantly outperforms content addressable memory in terms of energy consumption and operational timing.
33
Scarlato, Michele. "Sicurezza di rete, analisi del traffico e monitoraggio." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2012. http://amslaurea.unibo.it/3223/.
Full textAbstract:
Il lavoro è stato suddiviso in tre macro-aree.
Una prima riguardante un'analisi teorica di come funzionano le intrusioni, di quali software vengono utilizzati per compierle, e di come proteggersi (usando i dispositivi che in termine generico si possono riconoscere come i firewall).
Una seconda macro-area che analizza un'intrusione avvenuta dall'esterno verso dei server sensibili di una rete LAN.
Questa analisi viene condotta sui file catturati dalle due interfacce di rete configurate in modalità promiscua su una sonda presente nella LAN.
Le interfacce sono due per potersi interfacciare a due segmenti di LAN aventi due maschere
di sotto-rete differenti. L'attacco viene analizzato mediante vari software.
Si può infatti definire una terza parte del lavoro, la parte dove vengono analizzati i file
catturati dalle due interfacce con i software che prima si occupano di analizzare i dati di
contenuto completo, come Wireshark, poi dei software che si occupano di analizzare i dati di
sessione che sono stati trattati con Argus, e infine i dati di tipo statistico che sono stati trattati
con Ntop.
Il penultimo capitolo, quello prima delle conclusioni, invece tratta l'installazione di Nagios, e
la sua configurazione per il monitoraggio attraverso plugin dello spazio di disco rimanente su
una macchina agent remota, e sui servizi MySql e DNS. Ovviamente Nagios può essere
configurato per monitorare ogni tipo di servizio offerto sulla rete.
34
Wu, Chien-Lung. "On network-layer packet traceback tracing denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks /." 2003. http://www.lib.ncsu.edu/theses/available/etd-01062004-093357/unrestricted/etd.pdf.
Full text
35
Chiang, Cheng-You. "Near Optimal Filtering and Routing Policies against Distributed Denial-of-Service (DDoS) Attacks." 2008. http://www.cetd.com.tw/ec/thesisdetail.aspx?etdun=U0001-2407200822503500.
Full text
36
Chiang, Cheng-You, and 江政祐. "Near Optimal Filtering and Routing Policies against Distributed Denial-of-Service (DDoS) Attacks." Thesis, 2008. http://ndltd.ncl.edu.tw/handle/96431337019271034661.
Full textAbstract:
碩士國立臺灣大學
資訊管理學研究所
96
Distributed Denial-of-Service (DDoS) attacks have become an impending threat toward today’s Internet. During DDoS attacks, numerous malicious packets occupy a victim server and lead to the difficulty of the legitimate user’s access. Even if the filtering thwarts DDoS attacks, no legitimate users can escape the collateral damage. In this thesis, we model the DDoS attack-defense scenario as a two-level mathematical programming problem. In the inner problem, a defender tries to allocate the limited defense resources for the maximization of the legitimate traffic. In the outer problem, a DDoS attacker tries to allocate the limited attack resources in order to minimize the legitimate traffic. A Lagrangean relaxation-based algorithm is proposed to solve the inner problem, and a subgradient-based algorithm is proposed to solve the outer problem.
37
Kuo, Cheng-Bin, and 郭承賓. "Defense against Distributed Denial-of-Service (DDoS) Attacks by Routing Assignment and Resource Allocation under Quality-of-Service (QoS) Constraints." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/25763508152768732319.
Full textAbstract:
碩士臺灣大學
資訊管理學研究所
96
As the popularity of networks is increasing, network attack events occur frequently, especially Distributed Denial-of-Service (DDoS) attacks. Upon such attacks, system resources are dramatically consumed and the Quality-of-Service (QoS) perceived by users significantly degrades. In order to achieve the objective of “continuity of services”, it is then essential that a network be well designed by spare resource allocation so as to maintain acceptable QoS levels upon such attacks. In this thesis, the problem of defense against intelligent DDoS attacks by routing and budget allocation (RB) under QoS constraints is considered. This problem is formulated as a max-min integer programming problem, where the inner (minimization) problem is for network administrators to determine the minimum amount of defense budget required and effective internal routing policies so as to defend the network against a given pattern of DDoS attacks under given QoS requirements, while the outer (maximization) problem is for network administrators to evaluate the worst-case defense resource required when attacks adjust the patterns of DDoS attack flows (AF) under a fixed total attack power. A Lagrangean relaxation-based algorithm is proposed to solve the inner problem, while a subgradient-based algorithm is proposed to solve the outer problem. It is expected that efficient and effective algorithms be developed accordingly.
38
Kuo, Cheng-Bin. "Defense against Distributed Denial-of-Service (DDoS) Attacks by Routing Assignment and Resource Allocation under Quality-of-Service (QoS) Constraints." 2007. http://www.cetd.com.tw/ec/thesisdetail.aspx?etdun=U0001-1112200712370900.
Full text
39
Kitana, Asem. "Impact of mobile botnet on long term evolution networks: a distributed denial of service attack perspective." Thesis, 2021. http://hdl.handle.net/1828/12817.
Full textAbstract:
In recent years, the advent of Long Term Evolution (LTE) technology as a prominent
component of 4G networks and future 5G networks, has paved the way for fast and new
mobile web access and application services. With these advantages come some security concerns in terms of attacks that can be launched on such networks. This thesis focuses on the impact of the mobile botnet on LTE networks by implementing a mobile botnet architecture that initiates a Distributed Denial of Service (DDoS) attack. First, in the quest of understanding the mobile botnet behavior, a correlation between the mobile botnet impact and different mobile device mobility models, is established, leading to the study of the impact of the random patterns versus the uniform patterns of movements on the mobile botnet’s behavior under a DDoS attack. Second, the impact of two base transceiver station selection mechanisms on a mobile botnet behavior launching a DDoS attack on a LTE network is studied, the goal being to derive the effect of the attack severity of the mobile botnet. Third, an epidemic SMS-based cellular botnet that uses an epidemic command and control mechanism to initiate a short message services (SMS) phishing attack, is proposed and its threat impact is studied and simulated using three random graphs models. The simulation results obtained reveal that (1) in terms of users’ mobility patterns, the impact of the mobile botnet behavior under a DDoS attack on a victim web server is more pronounced when an asymmetric mobility model is considered compared to a symmetric mobility model; (2) in terms of base transceiver station selection mechanisms, the Distance-Based Model mechanism yields a higher threat impact on the victim server compared to the Signal Power Based Model mechanism; and (3) under the Erdos-and-Reyni Topology, the proposed epidemic SMS-based cellular botnet is shown to be resistant and resilient to random and selective cellular device failures.Graduate
40
CHEN, XING-XIAO, and 陳星孝. "Design of Distributed Denial of Service(DDoS) Attack Prediction System Based on Data Mining in The Internet of Things(IoT)." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/rpy6t6.
Full textAbstract:
碩士國立高雄師範大學
軟體工程與管理學系
107
The development of the internet of things, which is named as IoT,has led to an increase in cyber security issues. This is because the number of IoT device is growing up very fast. Gartner predicts that around 20.4 billion devices will be connected to the IoT by 2020, but the cyber security issues of IoT doesn’t concerned. If the device managers ignore device firmware vulnerabilities and updates, the devices will be the target of security attacks, and distributed denial-of-service attack, which is named as DDoS. is more difficult to prevent in the cyber-attack. In this issue of cyber security, we proposed a system design, called DDoS attacks prediction system design base on data mining in the Internet of Things, it can dig out the rules of attack timing and train an attack prediction model base on Support Vector Machine algorithm. This system design has two steps, Building the DDoS attack prediction model and DDoS attack defense. When attack start, the system can predict the timing of the attack and alert the device manager, then the attacks can be blocked early. In the end, we show the prediction effect of system, and the importance of the mining at the network.
41
Στεφανίδης, Κυριάκος. "Προστασία συστημάτων από κατανεμημένες επιθέσεις στο Διαδίκτυο." Thesis, 2013. http://hdl.handle.net/10889/6840.
Full textAbstract:
Η παρούσα διατριβή πραγματεύεται το θέμα των κατανεμημένων επιθέσεων άρνησης υπηρεσιών στο Διαδίκτυο. Αναλύει τα υπάρχοντα συστήματα αντιμετώπισης και τα εργαλεία που χρησιμοποιούνται για την εξαπόλυση τέτοιου είδους επιθέσεων. Μελετά τον τρόπο που οργανώνονται οι επιθέσεις και παρουσιάζει την αρχιτεκτονική και την υλοποίηση ενός πρωτότυπου συστήματος ανίχνευσης των πηγών μιας κατανεμημένης επίθεσης άρνησης υπηρεσιών, καθώς και αντιμετώπισης των επιθέσεων αυτών. Τέλος, ασχολείται με το θέμα της ανεπιθύμητης αλληλογραφίας ως μιας διαφορετικού είδους επίθεση άρνησης υπηρεσιών και προτείνει ένα πρωτότυπο τρόπο αντιμετώπισής της.In our thesis we deal with the issue of Distributed Denial of Service attacks on the Internet. We analyze the current defense methodologies and the tools that are used to unleash this type of attacks. We study the way that those attacks are constructed and organized and present a novel architecture, and its implementation details, of a system that is able to trace back to the true sources of such an attack as well as effectively filter such attacks in real time. Lastly we deal with the issue of spam e-mail as a different form of a distributed denial of service attack and propose a novel methodology that deals with the problem.
42
Στυλιανού, Γεώργιος. "Αναγνώριση επιθέσεων web σε web-servers." Thesis, 2013. http://hdl.handle.net/10889/6139.
Full textAbstract:
Οι επιθέσεις στο Διαδίκτυο και ειδικά οι επιθέσεις άρνησης εξυπηρέτησης (Denial of Service, DoS) αποτελούν ένα πολύ σοβαρό πρόβλημα για την ομαλή λειτουργία του Διαδικτύου. Αυτό το είδος επιθέσεων στοχεύει στην διατάραξη της καλής λειτουργίας ενός συστήματος, καταναλώνοντας τους πόρους του ή προκαλώντας υπερφόρτωση στο δίκτυο, καθιστώντας το ανίκανο να παρέχει στους πελάτες του τις υπηρεσίες για τις οποίες προορίζεται. Η αντιμετώπιση των επιθέσεων αυτών έχει απασχολήσει πολλούς ερευνητές τα τελευταία χρόνια και έχουν προταθεί πολλές διαφορετικές μέθοδοι πρόληψης, ανίχνευσης, και απόκρισης.
Στα πλαίσια της παρούσας διπλωματικής επιχειρείται αρχικά ο ορισμός και η ταξινόμηση των επιθέσεων DoS και DDoS, με ιδιαίτερη αναφορά στις επιθέσεις DoS στον Παγκόσμιο Ιστό. Στη συνέχεια αναλύονται διάφοροι τρόποι αναγνώρισης επιθέσεων, με κύριους άξονες την αναγνώριση υπογραφής και την ανίχνευση ανωμαλιών. Γίνεται εμβάθυνση στο πεδίο της ανίχνευσης ανωμαλιών και πραγματοποιείται η μελέτη ενός συστήματος που ανιχνεύει ανωμαλίες σε δεδομένα κίνησης δικτύου που περιέχουν επιθέσεις.Attacks in the Internet, and especially Denial of Service attacks, are a very serious threat to the normal function of the Internet. This kind of attack aims to the disruption of the normal function of a system, by consuming its resources or overloading the network, making it incapable to provide services, that is designed for, to the clients. In recent years many researchers have tried to propose solutions to prevent, detect and respond effectively to attacks. In this thesis, first a definition, and then a classification of DoS and DDoS attacks is proposed, with distinctive reference to attacks in the World Wide Web. Several ways of attack detection are analyzed, with signature detection and anomaly detection being the most significant. Afterwards, the field of anomaly detection is thoroughly analyzed, and a system that detects anomalies to a dataset of network traffic that contains attacks, is examined.
43
Gao, Zhiqiang. "On mitigating distributed denial of service attacks." Thesis, 2006. http://library1.njit.edu/etd/fromwebvoyage.cfm?id=njit-etd2006-111.
Full text
44
Doucette, Cody. "An architectural approach for mitigating next-generation denial of service attacks." Thesis, 2021. https://hdl.handle.net/2144/42216.
Full textAbstract:
It is well known that distributed denial of service attacks are a major threat to the Internet today. Surveys of network operators repeatedly show that the Internet's stakeholders are concerned, and the reasons for this are clear: the frequency, magnitude, and complexity of attacks are growing, and show no signs of slowing down. With the emergence of the Internet of Things, fifth-generation mobile networks, and IPv6, the Internet may soon be exposed to a new generation of sophisticated and powerful DDoS attacks.
But how did we get here? In one view, the potency of DDoS attacks is owed to a set of underlying architectural issues at the heart of the Internet. Guiding principles such as simplicity, openness, and autonomy have driven the Internet to be tremendously successful, but have the side effects of making it difficult to verify source addresses, classify unwanted packets, and forge cooperation between networks to stop traffic. These architectural issues make mitigating DDoS attacks a costly, uphill battle for victims, who have been left without an adequate defense.
Such a circumstance requires a solution that is aware of, and addresses, the architectural issues at play. Fueled by over 20 years worth of lessons learned from the industry and academic literature, Gatekeeper is a mitigation system that neutralizes the issues that make DDoS attacks so powerful. It does so by enforcing a connection-oriented network layer and by leveraging a global distribution of upstream vantage points. Gatekeeper further distinguishes itself from previous solutions because it circumvents the necessity of mutual deployment between networks, allowing deployers to reap the full benefits alone and on day one.
Gatekeeper is an open-source, production-quality DDoS mitigation system. It is modular, scalable, and built using the latest advances in packet processing techniques. It implements the operational features required by today's network administrators, including support for bonded network devices, VLAN tagging, and control plane tools, and has been chosen for deployment by multiple networks.
However, an effective Gatekeeper deployment can only be achieved by writing and enforcing fine-grained and accurate network policies. While the basic function of such policies is to simply govern the sending ability of clients, Gatekeeper is capable of much more: multiple bandwidth limits, punishing flows for misbehavior, attack detection via machine learning, and the flexibility to support new protocols. Therefore, we provide a view into the richness and power of Gatekeeper policies in the form of a policy toolkit for network operators.
Finally, we must look to the future, and prepare for a potential next generation of powerful and costly DDoS attacks to grace our infrastructure. In particular, link flooding attacks such as Crossfire use massive, distributed sets of bots with low-rate, legitimate-looking traffic to attack upstream links outside of the victim's control. A new generation of these attacks could soon be realized as IoT devices, 5G networks, and IPv6 simultaneously enter the network landscape. Gatekeeper is able to hinder the architectural advantages that fuel link flooding attacks, bounding their effectiveness.
45
Tsai, Ren-Tang, and 蔡仁堂. "Research on Defending Distributed Denial of Service Attacks." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/7hm8nk.
Full textAbstract:
碩士國立臺北科技大學
電機工程系所
93
Followed by the rapid development of the Internet, the network security catches more eyes on it gradually. Under this subject, there is still no complete solution for protection against Distributed Denial of Service (DDoS) attacks. Though, the related technique for information security is getting better day after day, how to create an effective scheme for defending DDoS attacks is one of the major issues for internet administrations. The key point on defending DDoS attacks is to distinguish the assault traffic from legitimate traffic. This thesis proposes Dynamic Level Weight Distribution (DLWD) scheme which classifies the traffic and applies unique policy to distinct traffic. While being attacked, this scheme can really alleviate the damage, guarantee the service quality for legitimate users, and confine the bandwidth used by those malicious attackers. We adopted NS2 for simulation and comparison, and verified that this scheme can defend DDoS attacks effectively.
46
Cieslak, David A. "A clustering defense against distributed denial of service attacks." 2006. http://etd.nd.edu/ETD-db/theses/available/etd-04212006-091107/.
Full textAbstract:
Thesis (M.S.C.S.E.)--University of Notre Dame, 2006.Thesis directed by Aaron Striegel for the Department of Computer Science and Engineering. "April 2006." Includes bibliographical references (leaves 76-79).
47
Silva, Fábio Alexandre Henriques da. "Detection of distributed denial of service attacks at source." Master's thesis, 2018. http://hdl.handle.net/10773/27819.
Full textAbstract:
From year to year new records of the amount of traffic in an attack are established, which demonstrate not only the constant presence of distributed denialof-service attacks, but also its evolution, demarcating itself from the other network threats. The increasing importance of resource availability alongside the security debate on network devices and infrastructures is continuous, given the preponderant role in both the home and corporate domains. In the face of the constant threat, the latest network security systems have been applying pattern recognition techniques to infer, detect, and react more quickly and assertively. This dissertation proposes methodologies to infer network activities patterns, based on their traffic: follows a behavior previously defined as normal, or if there are deviations that raise suspicions about the normality of the action in the network. It seems that the future of network defense systems continues in this direction, not only by increasing amount of traffic, but also by the diversity of actions, services and entities that reflect different patterns, thus contributing to the detection of anomalous activities on the network. The methodologies propose the collection of metadata, up to the transport layer of the osi model, which will then be processed by the machien learning algorithms in order to classify the underlying action. Intending to contribute
beyond denial-of-service attacks and the network domain, the methodologies were described in a generic way, in order to be applied in other scenarios of greater or less complexity. The third chapter presents a proof of concept with attack vectors that marked the history and a few evaluation metrics that allows to compare the different classifiers as to their success rate, given the various activities in the network and inherent dynamics. The various tests show flexibility, speed and accuracy of the various classification algorithms, setting the bar between 90 and 99 percent.De ano para ano são estabelecidos novos recordes de quantidade de tráfego num ataque, que demonstram não só a presença constante de ataques de negação de serviço distribuídos, como também a sua evolução, demarcando-se das outras ameaças de rede. A crescente importância da disponibilidade de recursos a par do debate sobre a segurança nos dispositivos e infraestruturas de rede é contínuo, dado o papel preponderante tanto no dominio doméstico como no corporativo. Face à constante ameaça, os sistemas de segurança de rede mais recentes têm vindo a aplicar técnicas de reconhecimento de padrões para inferir, detetar e reagir de forma mais rápida e assertiva. Esta dissertação propõe metodologias para inferir padrões de atividades na rede, tendo por base o seu tráfego: se segue um comportamento previamente definido como normal, ou se existem desvios que levantam suspeitas sobre normalidade da ação na rede. Tudo indica que o futuro dos sistemas de defesa de rede continuará neste sentido, servindo-se não só do crescente aumento da quantidade de tráfego, como também da diversidade de ações, serviços e entidades que refletem padrões distintos contribuindo assim para a deteção de atividades anómalas na rede. As metodologias propõem a recolha de metadados, até á camada de transporte, que seguidamente serão processados pelos algoritmos de aprendizagem automática com o objectivo de classificar a ação subjacente. Pretendendo que o contributo fosse além dos ataques de negação de serviço e do dominio de rede, as metodologias foram descritas de forma tendencialmente genérica, de forma a serem aplicadas noutros cenários de maior ou menos complexidade. No quarto capítulo é apresentada uma prova de conceito com vetores de ataques que marcaram a história e, algumas métricas de avaliação que permitem comparar os diferentes classificadores quanto à sua taxa de sucesso, face às várias atividades na rede e inerentes dinâmicas. Os vários testes mostram flexibilidade, rapidez e precisão dos vários algoritmos de classificação, estabelecendo a fasquia entre os 90 e os 99 por cento.
Mestrado em Engenharia de Computadores e Telemática
48
Hamadeh, Ihab. "Attack attribution for distributed denial-of-service and worm attacks." 2006. http://etda.libraries.psu.edu/theses/approved/WorldWideIndex/ETD-1431/index.html.
Full text
49
Rodrigues, Diogo Carvalho. "Blocking DDoS attacks at the network level." Master's thesis, 2018. http://hdl.handle.net/10362/55170.
Full textAbstract:
Denial of service (DDoS) is a persistent and continuously growing problem. These
attacks are based on methods that flood the victim with messages that it did not request,
effectively exhausting its computational or bandwidth resources. The variety of attack
approaches is overwhelming and the current defense mechanisms are not completely
effective. In today’s internet, a multitude of DDoS attacks occur everyday, some even
degrading the availability of critical or governmental services.
In this dissertation, we propose a new network level DDoS mitigation protocol that
iterates on previous attempts and uses proven mechanisms such as cryptographic challenges
and packet-tagging.
Our analysis of the previous attempts to solve this problem led to a ground-up design
of the protocol with adaptability in mind, trying to minimize deployment and adoption
barriers.
With this work we concluded that with software changes only on the communication
endpoints, it is possible to mitigate the most used DDoS attacks with results up to 25
times more favourable than standard resource rate limiting (RRL) methods.
50
Dutt, Sudeep Kesidis George. "Distributed denial of service attacks in IEEE 802.11s wireless mesh networks." 2009. http://etda.libraries.psu.edu/theses/approved/WorldWideIndex/ETD-3719/index.html.
Full text