To see the other types of publications on this topic, follow the link: IP Spoofing attack.
Journal articles on the topic 'IP Spoofing attack'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'IP Spoofing attack.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Alqurashi, Reem K., Ohoud S. Al-harthi, and Sabah M. Alzahrani. "Detection of IP Spoofing Attack." International Journal of Engineering Research and Technology 13, no. 10 (2020): 2736. http://dx.doi.org/10.37624/ijert/13.10.2020.2736-2741.
Full text
2
N., D. Patel, Mehtre B.M., Wankar R., and Priyadarshi R. "Development of a Novel Methods for Detecting & Preventing the Spoofed attack Packets." International Journal of Microsystems and IoT 1, no. 2 (2023): 99–112. https://doi.org/10.5281/zenodo.8289269.
Full textAbstract:
IP-Spoofing is an attack that forges the source “IP- Address” to mislead the receiver about the sender, making it difficult to trace back. Existing IP-Spoofing prevention methods like Ingress/Egress filtering, and Reverse Path Forwarding have the following limitations: they filter only the IP Packets of the local network, limited logging capabilities, and work only for specific types of TCP/IP protocol attacks. This paper introduces BGP- ASE, an effective method called Border Gateway Protocol Anti-Spoofing Extension, designed to combat IP spoofing by successfully intercepting and preventing the transmission of fraudulent packets. The proposed mechanism is tested using emulation network environments consisting of Mininet, OpenFlow Switch, and POX Controller. The usage of random filter placement improves the performance for dropping attack packets ratio. BGP-ASE is more potent than Ingress/Egress and RPF filtering in dropping attack packets. In the BGP-ASE mechanism, only 30% of transit Autonomous Systems can filter greater than 90% of the malicious packets. BGP-ASE also has the following desirable properties - Initial-Benefits for early users, Incremental-Benefits for subsequent users, and effectiveness in partial deployment.
3
Herman, Rusyadi Umar, and Agus Prasetyo. "Analysis of Address Resolution Protocol Poisoning Attacks on Mikrotik Routers Using Live Forensics Methods." International Journal of Engineering Business and Social Science 3, no. 4 (2025): 1–18. https://doi.org/10.58451/ijebss.v3i4.231.
Full textAbstract:
The rapid development of wireless technology has made network communication more accessible but also increasingly vulnerable to security threats. One of the major threats is the Man-in-the-Middle (MitM) Attack, particularly ARP Spoofing, which manipulates the Address Resolution Protocol (ARP) to intercept or alter network traffic. ARP Spoofing, also known as ARP Poisoning, allows attackers to associate incorrect MAC addresses with IP addresses, enabling unauthorized access and potential data interception. This research focuses on the detection and investigation of ARP Spoofing on MikroTik routers using live forensic methods. The study utilizes Wireshark as a primary tool to monitor ARP-based network activity and identify anomalies indicative of ARP Spoofing attacks. The National Institute of Standards and Technology (NIST) forensic framework, which includes Collection, Examination, Analysis, and Reporting, is employed as a methodology for analyzing forensic evidence. The research also incorporates a virtualized attack simulation environment using VirtualBox, where a PC Client acts as the target, an attacker PC executes an ARP Spoofing attack using Ettercap, and Wireshark captures network traffic for forensic examination. The simulation results reveal that an ARP Spoofing attack can successfully manipulate network traffic by altering ARP table entries. The attacker assumes the identity of IP Address 192.168.0.1 with MAC Address e8-cc-18-41-3f-fb, while the target’s identity is duplicated as 192.168.0.19 with MAC Address 08:00:27:15:4c:3c, as confirmed through Wireshark analysis and ARP table inspection using the command prompt. These findings emphasize the importance of implementing proactive security measures, such as Dynamic ARP Inspection (DAI), encryption protocols, and continuous network monitoring, to mitigate the risks associated with ARP Spoofing attacks.
4
Veeraraghavan, Prakash, Dalal Hanna, and Eric Pardede. "NAT++: An Efficient Micro-NAT Architecture for Solving IP-Spoofing Attacks in a Corporate Network." Electronics 9, no. 9 (2020): 1510. http://dx.doi.org/10.3390/electronics9091510.
Full textAbstract:
The Internet Protocol (IP) version 4 (IPv4) has several known vulnerabilities. One of the important vulnerabilities is that the protocol does not validate the correctness of the source address carried in an IP packet. Users with malicious intentions may take advantage of this vulnerability and launch various attacks against a target host or a network. These attacks are popularly known as IP Address Spoofing attacks. One of the classical IP-spoofing attacks that cost several million dollars worldwide is the DNS-amplification attack. Currently, the availability of solutions is limited, proprietary, expensive, and requires expertise. The Internet is subjected to several other forms of amplification attacks happening every day. Even though IP-Spoofing is one of the well-researched areas since 2005, there is no holistic solution available to solve this problem from the gross-root. Also, every solution assumes that the attackers are always from outside networks. In this paper, we provide an efficient and scalable solution to solve the IP-Spoofing problem that arises from malicious or compromised inside hosts. We use a modified form of Network Address Translation (NAT) to build our solution framework. We call our framework as NAT++. The proposed infrastructure is robust, crypto-free, and easy to implement. Our simulation results have shown that the proposed NAT++ infrastructure does not consume more than the resources required by a simple NAT.
5
Bhavani, Y., V. Janaki, and R. Sridevi. "Survey on Packet Marking Algorithms for IP Traceback." Oriental journal of computer science and technology 10, no. 2 (2017): 507–12. http://dx.doi.org/10.13005/ojcst/10.02.36.
Full textAbstract:
Distributed Denial of Service (DDoS) attack is an unavoidable attack. Among various attacks on the network, DDoS attacks are difficult to detect because of IP spoofing. The IP traceback is the only technique to identify DDoS attacks. The path affected by DDoS attack is identified by IP traceback approaches like Probabilistic Packet marking algorithm (PPM) and Deterministic Packet Marking algorithm (DPM). The PPM approach finds the complete attack path from victim to the source where as DPM finds only the source of the attacker. Using DPM algorithm finding the source of the attacker is difficult, if the router get compromised. Using PPM algorithm we construct the complete attack path, so the compromised router can be identified. In this paper, we review PPM and DPM techniques and compare the strengths and weaknesses of each proposal.
6
Ashok, Bawge, and Joshi Dr.Harish. "Identifying ARP Spoofing Through Active Strategies." Research and Applications: Emerging Technologies 7, no. 2 (2025): 21–27. https://doi.org/10.5281/zenodo.15573429.
Full textAbstract:
<em>Due to its stateless nature and absence of authentication mechanisms to verify sender identity, the Address Resolution Protocol (ARP) has long been susceptible to spoofing attacks. ARP spoofing often serves as a gateway to more advanced attacks on local area networks, such as denial of service, man-in-the-middle, and session hijacking. Most existing detection methods adopt a passive approach by monitoring ARP traffic for anomalies in the IP-to-Ethernet address mappings. However, this strategy suffers from a delayed response time, often identifying an attack only after it has already caused harm. In this paper, we introduce an active detection technique for ARP spoofing. By injecting ARP request and TCP SYN packets into the network, we proactively probe for mismatches in address mappings. Compared to passive methods, our approach is faster, more intelligent, scalable, and reliable. Additionally, it enhances accuracy in identifying the true MAC-to-IP address associations during an attack scenario.</em>
7
Raghu, Ram Chowdary Velevela. "A Systematic Review of IP Spoofing Attacks and Security Mechanisms in Modern Networks." Journal of Research and Review: Future Internet and Hyperconnectivity 1, no. 1 (2025): 31–39. https://doi.org/10.5281/zenodo.15111880.
Full textAbstract:
<em>IP address spoofing, commonly referred to as IP spoofing, involves generating Internet Protocol (IP) packets with a falsified source IP address to obscure the sender’s identity or mimic another system. Just as criminals have historically used disguises, aliases, or caller ID blocking to mask their identities, cybercriminals adopt similar tactics in digital environments. IP spoofing serves as a widely used method of online deception, enabling attackers to gain unauthorized access to networks or systems by forging an IP address to make malicious communications appear as though they originate from a trusted source. In the subsequent pages of this report, we will examine the concepts of IP spoofing: why it is possible, how it works, types, what it is used for and how to identify spoofing defend against it.</em>
8
Chai, Tze Uei, Hock Guan Goh, Soung-Yue Liew, and Vasaki Ponnusamy. "Protection Schemes for DDoS, ARP Spoofing, and IP Fragmentation Attacks in Smart Factory." Systems 11, no. 4 (2023): 211. http://dx.doi.org/10.3390/systems11040211.
Full textAbstract:
Industry Revolution 4.0 connects the Internet of Things (IoT) resource-constrained devices to Smart Factory solutions and delivers insights. As a result, a complex and dynamic network with a vulnerability inherited from the Internet becomes an attractive target for hackers to attack critical infrastructures. Therefore, this paper selects three potential attacks with the evaluation of the protections, namely (1) distributed denial of service (DDoS), (2) address resolution protocol (ARP) spoofing, and (3) Internet protocol (IP) fragmentation attacks. In the DDoS protection, the F1-score, accuracy, precision, and recall of the four-feature random forest with principal component analysis (RFPCA) model are 95.65%, 97%, 97.06%, and 94.29%, respectively. In the ARP spoofing, a batch processing method adopts the entropy calculated in the 20 s window with sensitivity to network abnormalities detection of various ARP spoofing scenarios involving victims’ traffic. The detected attacker’s MAC address is inserted in the block list to filter malicious traffic. The proposed protection in the IP fragmentation attack is implementing one-time code (OTC) and timestamp fields in the packet header. The simulation shows that the method detected 160 fake fragments from attackers among 2040 fragments.
9
Nasser, Hiba Imad, and Mohammed Abdulridha Hussain. "Defending a wireless LAN against ARP spoofing attacks using a Raspberry Pi." Basrah Researches Sciences 48, no. 2 (2022): 123–35. http://dx.doi.org/10.56714/bjrs.48.2.12.
Full textAbstract:
The Address Resolution Protocol (ARP) is a protocol that converts Internet Protocol (IP) addresses to Media Access Control (MAC) addresses. Due to a security issue known as "Man in the Middle," identity theft is feasible using the ARP protocol. ARP spoofing is one of the weaknesses in wireless networks when an attacker effectively masquerades as a legitimate one. Spoofing attacks will reduce network performance and break several security measures. In networks that use MAC address-based filtering to verify clients, all a spoofer needs is an actual MAC address from an authorised client to gain an unfair advantage. The research recommends developing a security system recognising and preventing ARP spoofing attacks. This system detects ARP spoofing attempts by comparing the static MAC address of the original router to the router's MAC address in the ARP cache table. After detecting the attack using information collected from the router's MAC address in the ARP cache table, the system will conduct a de-authentication attack against the attacker's MAC address. If the attacker is disconnected from the WLAN, they cannot perform ARP spoofing attacks. This system is operated using a Raspberry Pi Model B. Most ARP spoofing attacks can be detected in 0.93 seconds, and responding takes 3.05 seconds.
10
Mohammad Daud. "Detection of ARP Spoofing Attack by using ETTERCAP." Advances in Nonlinear Variational Inequalities 28, no. 4s (2025): 560–71. https://doi.org/10.52783/anvi.v28.3512.
Full textAbstract:
In our day-to-day life, we share or communicate over the internet in so many ways but to share or communicate we use some set of protocols so that we can send the information. ARP (Address Resolution Protocol) is one of them to communicate over the internet, but there are some chances of being spoofed by using the Address Resolution Protocol as attackers can steal your sensitive information through a Man-In-the-Middle attack. In this attack, a third person can be impersonated or spoofed the IP and we call it an IP spoofing attack. Therefore, to detect this attack we have used the Ettercap tool for detecting the ARP spoofing. In this detection method, we gave an approach in which Ettercap monitors the network and it is a modified Python-based script that is capable of sniffing the ARP packet transmission between the clients. Therefore, Ettercap is used for detecting ARP spoofing which is experimentally studied.
11
Shariff, Vahiduddin, Ruth Ramya K, B. Renuka Devi, Debnath Bhattacharyya, and Tai-hoon Kim. "A survey on existing IP trace back mechanisms and their comparisons." International Journal of Engineering & Technology 7, no. 1.9 (2018): 67. http://dx.doi.org/10.14419/ijet.v7i1.9.9972.
Full textAbstract:
Security is the one of the main point of focus in recent trends of computer science, as it has to determine the right people accessing the system and ones who are trying the bypassing it. IP spoofing is one of the prevalent attacks, where the attackers launch the attack by spoofing the source address, once this happens they can attack without revealing their exact location. The attacker uses a fraudulent IP address to conceal their identity. To reveal the attackers real locations many IP trace back mechanisms have been proposed but the attacker immediately gets away with the information. There is another problem which is to detect DDoS traffic and the precarious packets set up by the attacker, which are a threat to the victim as well as the whole network, here lies another hurdle which is to differentiate between the attacker’s data traffic from the normal data traffic. There are many solutions given for this but one among them is IP trace back which already has researched upon in the past and implemented then, but what is lacking in the solution such that the attacks are even now taking place. IP trace back if modified, strengthened would analyze the traffic faster and trace out the attacker with a faster pace, which is why a hybrid IP tracing and tracking mechanism if introduced could ease the current problem.
12
Raju, Dr K. Butchi. "A Novel IP Traceback Scheme for Spoofing Attack." International Journal of Advanced engineering, Management and Science 3, no. 2 (2017): 1–6. http://dx.doi.org/10.24001/ijaems.3.2.1.
Full text
13
Kurabalakota, Gowthami, Divya Pasham, and Kanishka G. "ARP Spoofing in Action: An Ethical Approach to Network Security." International Research Journal of Innovations in Engineering and Technology 09, Special Issue (2025): 245–49. https://doi.org/10.47001/irjiet/2025.inspire39.
Full textAbstract:
ARP spoofing is a serious problem for network security. It allows hackers to trick a network by linking their own MAC address to a real device’s IP address. This lets them steal, change, or block network traffic. Hackers can use this to launch attacks like Man in the Middle, session hijacking, and Denial of service. Old methods to detect ARP spoofing, like fixed IP-MAC lists and ICMP checks, do not work well in large or real-time systems. This paper suggests a smart way to find and stop ARP spoofing using Bettercap and Deep Packet Inspection (DPI). Bettercap watches ARP traffic in real time, while DPI carefully checks network packets for unusual activity. Together, these tools quickly and accurately detect ARP spoofing with little impact on network speed. The system keeps an eye on ARP messages, deeply examines packet details, and finds suspicious changes. When it detects an attack, it blocks harmful packets, fixes the ARP table with correct information, and informs network admins.
14
Wijayanto, Agus, Imam Riadi, and Yudi Prayudi. "TAARA Method to Processing on the Network Forensics in the Event of an ARP Spoofing Attack." Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) 7, no. 2 (2023): 208–2017. http://dx.doi.org/10.29207/resti.v7i2.4589.
Full textAbstract:
According to reports in 2021 by Kaspersky, requests for investigations into suspicious network activity, such as ARP Spoofing, which can result in sophisticated attacks, reached up to 22%. Several difficulties with examining network systems have been overcome thanks to network forensic investigations. This study aims to perform a network forensic analysis of ARP spoofing attacks using Wireshark forensic tools and Network Miner with a sniffer design process to capture traffic on the router side. In order to gather reliable evidence, this study employs the TAARA method as a network forensic investigation process. Based on the research conducted, it can be demonstrated that an attack took place from eight PCAP files. The information that was gathered, such as the IP address and MAC address of the attacker, the IP address and MAC address of the target, and the date and time of the attack are examples of evidence information that was gathered. This study also shows that network forensic operations can use the Wireshark forensic tool to obtain more detailed data.
15
Shah, Zawar, and Steve Cosgrove. "Mitigating ARP Cache Poisoning Attack in Software-Defined Networking (SDN): A Survey." Electronics 8, no. 10 (2019): 1095. http://dx.doi.org/10.3390/electronics8101095.
Full textAbstract:
Address Resolution Protocol (ARP) is a widely used protocol that provides a mapping of Internet Protocol (IP) addresses to Media Access Control (MAC) addresses in local area networks. This protocol suffers from many spoofing attacks because of its stateless nature and lack of authentication. One such spoofing attack is the ARP Cache Poisoning attack, in which attackers poison the cache of hosts on the network by sending spoofed ARP requests and replies. Detection and mitigation of ARP Cache Poisoning attack is important as this attack can be used by attackers to further launch Denial of Service (DoS) and Man-In-The Middle (MITM) attacks. As with traditional networks, an ARP Cache Poisoning attack is also a serious concern in Software Defined Networking (SDN) and consequently, many solutions are proposed in the literature to mitigate this attack. In this paper, a detailed survey on various solutions to mitigate ARP Cache Poisoning attack in SDN is carried out. In this survey, various solutions are classified into three categories: Flow Graph based solutions; Traffic Patterns based solutions; IP-MAC Address Bindings based solutions. All these solutions are critically evaluated in terms of their working principles, advantages and shortcomings. Another important feature of this survey is to compare various solutions with respect to different performance metrics, e.g., attack detection time, ARP response time, calculation of delay at the Controller etc. In addition, future research directions are also presented in this survey that can be explored by other researchers to propose better solutions to mitigate the ARP Cache Poisoning attack in SDN.
16
Stepanov, P. P., G. V. Nikonova, T. S. Pavlyuchenko, and V. V. Soloviev. "Features of Address Resolution Protocol Operation in Computer Networks." Programmnaya Ingeneria 13, no. 5 (2022): 211–18. http://dx.doi.org/10.17587/prin.13.211-218.
Full textAbstract:
The paper analyzes the network protocols of computer networks to identify potential vulnerabilities at the software level. The conditions for carrying out a man-in-the-middle attack in networks using the Address Resolution Protocol (ARP) are investigated. Such attacks are of a rather dangerous type, since they are based on the shortcomings of the ARP protocol. A detailed analysis of the stages of the attack and the sequence of impact on the attacked node is given. The technology of ARP spoofing (poisoning) and methods that allow one to infiltrate an existing connection and communication process are examined in detail. An implementation of an ARP spoofing attack in the Python and C# programming languages using the Soapy and SharpPcap libraries is presented. Examples of implementation of denial-of-service (DoS) attacks in a peer-to-peer network using the ARP protocol in C# are given. The article also describes examples of man-in-the-middle attacks associated with various protocols and infiltration into the address space of routers, such as DHCP (a protocol that dynamically assigns an IP address to a client computer) spoofing and ICMP (Internet Control Message Protocol) redirection. Methods for hacking a router and substituting a MAC address and examples of scripts that implement: sending a fake ARP packet; a function for performing a DoS attack; changing the Linux MAC address; router hacks, are presented in the article.
17
Lutfi Dwi Naldi and Apro Siswanto. "Design and Implement of Intrusion Prevention System Based on Snort and IP Tables." Journal of Computing Research and Innovation 10, no. 1 (2025): 89–97. https://doi.org/10.24191/jcrinn.v10i1.498.
Full textAbstract:
In the era of rapid advancement in communication and computer technology, network security has become a crucial issue, especially in wireless networks. Unlimited internet access can cause security threats such as Distributed Denial of Service (DDoS) attacks, spoofing, and port scanning. This study aims to design and implement a Snort-based Intrusion Prevention System (IPS) combined with IP Tables to improve the security of wireless local area networks (WLANs). The proposed system not only detects but also prevents attacks in real-time by blocking malicious network traffic. Testing was carried out using penetration testing with various attack scenarios, including ARP spoofing and DDoS, which showed that this system successfully identified and blocked attacker access. The results of this study were measured based on the system's ability to reduce wireless network threats, which showed a significant increase in threat mitigation. This system provides a more optimal security solution compared to traditional intrusion detection systems that are only detection. Overall, the implementation of this system is able to increase the efficiency of attack prevention and show success in reducing the risk of illegal network access on WLANs.
18
Gattu, Hanudeep, Joshnitha Karimireddy, and Kanishka G. "DNS Under Siege: Ethical DNS Spoofing and Countermeasures." International Research Journal of Innovations in Engineering and Technology 09, Special Issue (2025): 250–54. https://doi.org/10.47001/irjiet/2025.inspire40.
Full textAbstract:
The Domain Name System (DNS) is a crucial part of the internet, responsible for converting humanreadable domain names into numerical IP addresses that computers use to communicate. However, DNS is vulnerable to spoofing attacks, where attackers manipulate DNS responses to redirect users to fake websites. These attacks can lead to data theft, phishing, malware infections, and unauthorized access to sensitive information. Despite existing security measures, DNS spoofing remains a serious cybersecurity threat due to weaknesses in the traditional DNS protocol. The implementation of this framework is detailed step by step, including the use of tools such as tcpdump, Wireshark, Zeek, Suricata, Scapy, and Ettercap for monitoring and testing. The proposed system is evaluated based on key security metrics, including the attack success rate, anomaly detection accuracy, and performance impact. Our results show that this framework significantly reduces the success rate of DNS spoofing attacks by 90%, achieves 95% accuracy in detecting threats, and maintains a minimal increase in DNS resolution time.
19
Oroo Oyondi Felix. "TCP/IP stack transport layer performance, privacy, and security issues." World Journal of Advanced Engineering Technology and Sciences 11, no. 2 (2024): 175–200. http://dx.doi.org/10.30574/wjaets.2024.11.2.0098.
Full textAbstract:
Transmission Control Protocol/ Internet Protocol (TCP/IP) is the backbone of Internet transmission. The Transport Layer of the TCP/IP stack, which includes TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) protocols, plays a crucial role in ensuring reliable communication between devices over a network. To come up with measures that make networks more secure, it is important to learn about the vulnerabilities that exist in the transport TCP/IP stack and then have an understanding of the typical attacks carried out in such layer. This paper explores how the TCP Protocol works, the TCP/IP 3 Way Handshake, TCP Header Structure, the typical vulnerabilities and the classical attacks of transport layer TCP/IP, tools, and solutions adopted to prevent and reduce the chances of some of these attacks. The findings indicated that the major TCP/ IP stack transport layer threats include Finger printing, SYN Flood, TCP reassembly and sequencing, IP Spoofing, TCP session hijacking, RST and FIN denial of service attack, Ping of Death, Low Rate/ Shrew Attacks. Their preventive measures and mechanisms are discussed.
20
Jimoh, Hammed O., and Mubarak O. Ahmed. "Analyzing Network Time Protocol (NTP) Based Amplification DDoS Attack and its Mitigation Techniques." Advances in Multidisciplinary & Scientific Research Journal Publications 12, no. 2 (2024): 17–24. http://dx.doi.org/10.22624/aims/digital/v11n2p2x.
Full textAbstract:
Network Time Protocol amplification attack is a form of distributed denial-of-service (DDoS) attack in which an attacker exploits or sends a request to a vulnerable NTP server by using their IP address to flood a targeted network or server with an overwhelming volume of User Datagram Protocol (UDP) traffic. In the past, the techniques that involved reflecting traffic off NTP servers to the victim, with the attacker hiding their identity by spoofing the source IP address were carried out using mainly Domain Name Server (DNS) servers but the use of vulnerable NTP servers as reflectors in DDoS attacks has gain lot of popularity since 2014, and this is as a result of the realization of high amplification scale that NTP servers can provide. This type of reflector attack maximized the use of the amplification factor of NTP servers to magnify the attack bandwidth, making it particularly disruptive and difficult to mitigate. Since NTP amplification is not a popularly known attack and there has not been much thorough research on it, this paper explores a holistic overview of NTP amplification attacks, how NTP is used for DDoS attacks, and the overall method that can be used to mitigate such attacks. Keywords: Distributed Denial-of-Service (DDoS) attack, DNS servers, NTP servers
21
Jimoh, Hammed O., and Mubarak O. Ahmed. "Analyzing Network Time Protocol (NTP) Based Amplification DDoS Attack and its Mitigation Techniques." Advances in Multidisciplinary & Scientific Research Journal Publications 12, no. 2 (2024): 17–36. http://dx.doi.org/10.22624/aims/digital/v11n2p2.
Full textAbstract:
Network Time Protocol amplification attack is a form of distributed denial-of-service (DDoS) attack in which an attacker exploits or sends a request to a vulnerable NTP server by using their IP address to flood a targeted network or server with an overwhelming volume of User Datagram Protocol (UDP) traffic. In the past, the techniques that involved reflecting traffic off NTP servers to the victim, with the attacker hiding their identity by spoofing the source IP address were carried out using mainly Domain Name Server (DNS) servers but the use of vulnerable NTP servers as reflectors in DDoS attacks has gain lot of popularity since 2014, and this is as a result of the realization of high amplification scale that NTP servers can provide. This type of reflector attack maximized the use of the amplification factor of NTP servers to magnify the attack bandwidth, making it particularly disruptive and difficult to mitigate. Since NTP amplification is not a popularly known attack and there has not been much thorough research on it, this paper explores a holistic overview of NTP amplification attacks, how NTP is used for DDoS attacks, and the overall method that can be used to mitigate such attacks. Keywords: Distributed Denial-of-Service (DDoS) attack, DNS servers, NTP servers
22
Basim, Huda, and Turkan Ahmed. "An Improved Strategy for Detection and Prevention IP Spoofing Attack." International Journal of Computer Applications 182, no. 9 (2018): 28–31. http://dx.doi.org/10.5120/ijca2018917667.
Full text
23
Mavani, Monali, and Krishna Asawa. "Modeling and analyses of IP spoofing attack in 6LoWPAN network." Computers & Security 70 (September 2017): 95–110. http://dx.doi.org/10.1016/j.cose.2017.05.004.
Full text
24
Kang, Dong W., Joo H. Oh, Chae T. Im, Wan S. Yi, and Yoo J. Won. "A Practical Attack on Mobile Data Network Using IP Spoofing." Applied Mathematics & Information Sciences 7, no. 6 (2013): 2345–53. http://dx.doi.org/10.12785/amis/070626.
Full text
25
Nasser, Hiba Imad, and Mohammed Abdulridha Hussain. "Provably curb man-in-the-middle attack-based ARP spoofing in a local network." Bulletin of Electrical Engineering and Informatics 11, no. 4 (2022): 2280–91. http://dx.doi.org/10.11591/eei.v11i4.3810.
Full textAbstract:
Even today, internet users’ data security remains a significant concern. One problem is ARP poisoning, otherwise referred to as ARP spoofing. Such attacks are intended to exploit the identified ARP protocol vulnerability. Despite no straightforward remedy for ARP spoofing being apparent, certain actions may be taken to maintain one’s safety. The most basic and common defence against a poisoning attack is manually adding MAC and IP addresses to the static ARP cache table. However, this solution is ineffective for large networks where static entries require considerable time and effort to maintain, whether by human input or via special tools and settings for the static entries of network devices. Accordingly, this paper aimed to monitor network packet information and detect the behaviour of ARP poison attacks on operating systems, for instance Windows and Linux. The discovery and defence policy systematically and periodically check the MAC addresses in the ARP table, enabling alerts to be issued if a duplicate entry is detected. This enables the poison-IP address to be blocked before a reply is sent. Finally, the results showed that the superiority was successfully achieved in the detection, prevention and reporting mechanisms in the real-world environment.
26
Sohidul Islam, Md, Md Sajjad, Mohammad Mahmudul Hasan, and Mohammad Sakib Islam Mazumder. "Phishing Attack Detecting System Using DNS and IP Filtering." Asian Journal of Computer Science and Technology 12, no. 1 (2023): 16–20. http://dx.doi.org/10.51983/ajcst-2023.12.1.3552.
Full textAbstract:
This study examines the different types of phishing attacks, which are a major threat to digital security. Phishing involves the use of fraudulent messages to deceive recipients, including email spoofing, spear phishing, phone phishing, clone phishing, pharming, HTTP phishing, man-in-the-middle attacks, and fast-flux phishing. Attackers can gather information about their targets from public sources such as social media networks, including work history, interests, and activities. The study developed a filtered website that detects fraudulent links based on the internet protocol (IP), register date, and domain name server (DNS) of each website. While further research is needed to improve the effectiveness of the site, this marks an important step towards enhancing digital security.
27
Zhang, Chaoqin, Guangwu Hu, Guolong Chen, et al. "Towards a SDN-Based Integrated Architecture for Mitigating IP Spoofing Attack." IEEE Access 6 (2018): 22764–77. http://dx.doi.org/10.1109/access.2017.2785236.
Full text
28
Seo, Jung-Woo, and Sang-Jin Lee. "A study on the detection of DDoS attack using the IP Spoofing." Journal of the Korea Institute of Information Security and Cryptology 25, no. 1 (2015): 147–53. http://dx.doi.org/10.13089/jkiisc.2015.25.1.147.
Full text
29
Rahman, Md Mustafejur, Md Mustafizur Rahman, Saif Ibne Reza, Sumonto Sarker, and Md Mehedi Islam. "Proposed an Algorithm for Preventing IP Spoofing DoS Attack on Neighbor Discovery Protocol of IPv6 in Link Local Network." European Journal of Engineering Research and Science 4, no. 12 (2019): 65–70. http://dx.doi.org/10.24018/ejers.2019.4.12.1644.
Full textAbstract:
Duplicate Address Detection (DAD) is one of the most interesting features in IPv6. It allows nodes to connect to a network by generating a unique IP address. It works on two Neighbor Discovery (ND) messages, namely, Neighbor Solicitation (NS) and Neighbor Advertisement (NA). To verify the uniqueness of generating IP, it sends that IP address via NS message to existing hosts. Any malicious node can receive NS message and can send a spoof reply, thereby initiates a DoS attack and prevents auto configuration process. In this manner, DAD is vulnerable to such DoS attack. This study aims to prevent those malicious nodes from sending spoof reply by securing both NS and NA messages. The proposed Advanced Bits Security (ABS) technique is based on Blake2 algorithm and introducing a creative option called ABS field that holds the hash value of tentative IP address and attached to both NA and NS message. We expect the ABS technique can prevent spoof reply during DAD procedure in link local network and can prevent DoS attack
30
Rahman, Md Mustafejur, Md Mustafizur Rahman, Saif Ibne Reza, Sumonto Sarker, and Md Mehedi Islam. "Proposed an Algorithm for Preventing IP Spoofing DoS Attack on Neighbor Discovery Protocol of IPv6 in Link Local Network." European Journal of Engineering and Technology Research 4, no. 12 (2019): 65–70. http://dx.doi.org/10.24018/ejeng.2019.4.12.1644.
Full textAbstract:
Duplicate Address Detection (DAD) is one of the most interesting features in IPv6. It allows nodes to connect to a network by generating a unique IP address. It works on two Neighbor Discovery (ND) messages, namely, Neighbor Solicitation (NS) and Neighbor Advertisement (NA). To verify the uniqueness of generating IP, it sends that IP address via NS message to existing hosts. Any malicious node can receive NS message and can send a spoof reply, thereby initiates a DoS attack and prevents auto configuration process. In this manner, DAD is vulnerable to such DoS attack. This study aims to prevent those malicious nodes from sending spoof reply by securing both NS and NA messages. The proposed Advanced Bits Security (ABS) technique is based on Blake2 algorithm and introducing a creative option called ABS field that holds the hash value of tentative IP address and attached to both NA and NS message. We expect the ABS technique can prevent spoof reply during DAD procedure in link local network and can prevent DoS attack
31
Yu, Tianfang, Lanlan Rui, and Xuesong Qiu. "SDNDefender: A Comprehensive DDoS Defense Mechanism Using Hybrid Approaches over Software Defined Networking." Security and Communication Networks 2021 (October 18, 2021): 1–22. http://dx.doi.org/10.1155/2021/5097267.
Full textAbstract:
In traditional networks, DDoS attacks are often launched in the network layer or the transport layer. Researchers had explored this problem in depth and put forward plenty of solutions. However, these solutions are only suitable for scenarios such as a single link or victim side network and could not analyse traffic distribution from the angle of the global network. Also, the TCP/IP network architecture lacks abilities to quickly conduct resource deployment and traffic scheduling. When DDoS attacks occur, victims usually could not respond in time. With the superiorities of centralized control mode and global topological view, Software-Defined Networking (SDN) provides a new way to get over the above issues. In this paper, we adopt a combination of diverse technologies to design SDNDefender, a SDN-based DDoS detection and defense mechanism, which is composed of two core components aiming to counter the most popular DDoS attacks including IP spoofing attack and TCP SYN flood attack. We carry out quantitative simulation experiments for evaluating SDNDefender from many metrics. The experimental results show that in contrast to other DDoS defense algorithms, SDNDefender not only efficiently validates spoofed packets and withstands well-known attacks but also defends unknown attacks according to the target’s available resources. Besides, SDNDefender could significantly reduce TCP half-open connections and improve detection accuracy, alleviating attack influences that exhaust the server’s resources and network bandwidth.
32
Mohd Yusof, Nur Nadiah, and Noor Suhana Sulaiman. "Cyber Attack Detection Dataset: A Review." Journal of Physics: Conference Series 2319, no. 1 (2022): 012029. http://dx.doi.org/10.1088/1742-6596/2319/1/012029.
Full textAbstract:
Abstract As cyber attack become more complicated, it becomes more difficult to identify breaches successfully. The inability to identify intrusions might jeopardize security services’ confidence, compromising data confidentiality, integrity, and availability. Cyber attacks like, Ping of Death, Botnets, also IP spoofing, as well as Social Engineering attacks, are becoming more common. A number of Intrusion Detection System (IDS) approaches developed to encounter cyber security intrusion. In order to discover attack patterns, the IDS performance was evaluated by employing dataset of IDS made up of network traffic properties. Intrusion detection is a classification problem in which different Artificial Intelligence techniques have been utilized to classify between legitimate also malicious network traffic. The multiple IDS datasets used to evaluate the IDS model are listed in this publication. These are new attack categories and recent datasets containing network attack features. This paper presents several IDS dataset with many existing evaluation techniques in model of IDS. Hopefully the outcome can be used in designing efficient and effective systems employing the benchmark and new IDS datasets.
33
Diash Firdaus, Afin Afin, Idi Sumardi, and Chalifa Chazar. "Deteksi Serangan Pada Jaringan Internet Of Things Medis Menggunakan Machine Learning Dengan Algoritma XGBoost." Cyber Security dan Forensik Digital 8, no. 1 (2025): 34–42. https://doi.org/10.14421/csecurity.2025.8.1.5036.
Full textAbstract:
Internet of Things (IoT) telah memberikan dampak besar pada sektor kesehatan, memungkinkan pengumpulan data pasien secara real-time dan meningkatkan efisiensi layanan kesehatan. Namun, adopsi perangkat IoT medis juga membawa tantangan baru terkait keamanan, terutama serangan Distributed Denial of Service (DDoS) yang dapat mengganggu layanan kritis. Penelitian ini melakukan deteksi terhadap lima jenis serangan, yaitu ARP Spoofing, Recon Attack, MQTT Attack, TCP/IP DoS, dan DDoS, menggunakan model machine learning dengan algoritma XGBoost. Dataset yang digunakan adalah CICIoMT2024, yang dirancang khusus untuk menilai keamanan perangkat medis terhubung, melibatkan 40 perangkat IoMT. XGBoost menunjukkan performa terbaik dengan akurasi, recall, presisi, dan F1-score yang unggul, mencapai akurasi 99.8%, presisi 92.4%, recall 96%, dan F1-score 93.8%. Sebelumnya, algoritma lain seperti Logistic Regression dan Naive Bayes menunjukkan akurasi masing-masing sebesar 79% dan 92% dalam mendeteksi serangan serupa, hal ini menunjukan keterbatasan dalam menangani pola yang lebih kompleks. Hasil ini menegaskan efektivitas XGBoost dalam mendeteksi ancaman keamanan dalam ekosistem IoT medis, memberikan perlindungan lebih baik terhadap potensi gangguan pada layanan kesehatan kritis. Kata kunci: Machine Learning, Keamanan Siber, xgboost, deteksi, Internet Medical of Things ------------------------- Abstract The Internet of Things (IoT) has significantly impacted the healthcare sector, enabling real-time patient data collection and enhancing service efficiency. However, the adoption of medical IoT devices also introduces new security challenges, particularly Distributed Denial of Service (DDoS) attacks that can disrupt critical services. This study detects five types of attacks: ARP Spoofing, Recon Attack, MQTT Attack, TCP/IP DoS, and DDoS, using machine learning models with the XGBoost algorithm. The dataset used is CICIoMT2024, specifically designed to assess the security of connected medical devices, involving 40 IoMT devices. XGBoost demonstrated the best performance with superior accuracy, recall, precision, and F1-score, achieving 99.8% accuracy, 92.4% precision, 96% recall, and 93.8% F1-score. Previously, other algorithms such as Logistic Regression and Naive Bayes showed accuracies of 79% and 92% respectively in detecting similar attacks, but with limitations in handling more complex patterns. These results underscore the effectiveness of XGBoost in detecting security threats in the medical IoT ecosystem, providing enhanced protection against potential disruptions to critical healthcare services. Keywords: Machine Learning, Cybersecurity, xgboost, detection, Internet Medical of Things
34
Murugan, K., and P. Varalakshmi. "IP Spoofing Attack Mitigation using Extreme Learning Machine to Promote Secure Data Transmission." Asian Journal of Research in Social Sciences and Humanities 6, no. 6 (2016): 394. http://dx.doi.org/10.5958/2249-7315.2016.00217.3.
Full text
35
Yan, Jingchen, Zhe Du, Jifang Li, Shiduo Yang, Jinghao Li, and Jianbin Li. "A Threat Intelligence Analysis Method Based on Feature Weighting and BERT-BiGRU for Industrial Internet of Things." Security and Communication Networks 2022 (February 25, 2022): 1–11. http://dx.doi.org/10.1155/2022/7729456.
Full textAbstract:
The combination of 5G technology and the industrial Internet of things (IIoT) makes it possible to realize the interconnection of all things. Still, it also increases the risk of attacks such as large-scale DDoS attacks and IP spoofing attacks. Threat intelligence is a collection of information causing potential and nonpotential harm to the industrial Internet. Extracting network security entities and their relationships from threat intelligence text and constructing structured threat intelligence information are particularly important for IIoT security protection. However, threat intelligence is mostly text reports, which means the value information needs to be extracted manually by security analysts, and it is highly dependent on personnel experience. Therefore, this study proposes an IIoT threat intelligence analysis method based on feature weighting and BERT-BiGRU. In this method, BERT-BiGRU is used to classify attack behavior and attack strategy. Then, the attack behavior is weighted to make the classified result more accurate according to the relationship between attack strategy and attack behavior in ATT&CK for ICS knowledge. Finally, the possibility of attack and the harm degree of attack are calculated to form the threat value of the attack. The security analysts can judge the emergency response sequence by the threat value to improve the accuracy and efficiency of emergency response. The results indicate that the proposed method in this study is more accurate than the other standard methods and is more suitable for the unstructured threat intelligence analysis of IIoT.
36
Lee, Hae-Dong, Hyeon-Tae Ha, Hyun-Chul Baek, Chang-Gun Kim, and Sang-Bok Kim. "Efficient Detction and Defence Model against IP Spoofing Attack through Cooperation of Trusted Hosts." Journal of the Korean Institute of Information and Communication Engineering 16, no. 12 (2012): 2649–56. http://dx.doi.org/10.6109/jkiice.2012.16.12.2649.
Full text
37
Zhou, Qizhao, Junqing Yu, and Dong Li. "An Adaptive Authenticated Model for Big Data Stream SAVI in SDN-Based Data Center Networks." Security and Communication Networks 2021 (September 21, 2021): 1–14. http://dx.doi.org/10.1155/2021/5451820.
Full textAbstract:
With the rapid development of data-driven and bandwidth-intensive applications in the Software Defined Networking (SDN) northbound interface, big data stream is dynamically generated with high growth rates in SDN-based data center networks. However, a significant issue faced in big data stream communication is how to verify its authenticity in an untrusted environment. The big data stream traffic has the characteristics of security sensitivity, data size randomness, and latency sensitivity, putting high strain on the SDN-based communication system during larger spoofing events in it. In addition, the SDN controller may be overloaded under big data stream verification conditions on account of the fast increase of bandwidth-intensive applications and quick response requirements. To solve these problems, we propose a two-phase adaptive authenticated model (TAAM) by introducing source address validation implementation- (SAVI-) based IP source address verification. The model realizes real-time data stream address validation and dynamically reduces the redundant verification process. A traffic adaptive SAVI that utilizes a robust localization method followed by the Sequential Probability Ratio Test (SPRT) has been proposed to ensure differentiated executions of the big data stream packets forwarding and the spoofing packets discarding. The TAAM model could filter out the unmatched packets with better packet forwarding efficiency and fundamental security characteristics. The experimental results demonstrate that spoofing attacks under big data streams can be directly mitigated by it. Compared with the latest methods, TAAM can achieve desirable network performance in terms of transmission quality, security guarantee, and response time. It drops 97% of the spoofing attack packets while consuming only 9% of the controller CPU utilization on average.
38
Sharma, Vedna, and Monika Thakur. "Analyse and Detect the IP Spoofing Attack in Web Log Files Using BPNN for Classification." International Journal of Computer Trends and Technology 42, no. 2 (2016): 117–23. http://dx.doi.org/10.14445/22312803/ijctt-v42p120.
Full text
39
Hafizh, M. Nasir, Imam Riadi, and Abdul Fadlil. "Forensik Jaringan Terhadap Serangan ARP Spoofing menggunakan Metode Live Forensic." Jurnal Telekomunikasi dan Komputer 10, no. 2 (2020): 111. http://dx.doi.org/10.22441/incomtech.v10i2.8757.
Full textAbstract:
Pada jaringan komputer, protokol yang bertugas untuk untuk menerjemahkan IP address menjadi MAC Address adalah Address Resolution Protocol (ARP). Sifat stateless pada protokol ARP, menyebabkan protokol ARP memiliki celah dari segi keamanan. Celah ini dapat menimbulkan serangan terhadap ARP Protocol, disebabkan karena ARP request yang dikirimkan secara broadcast, sehingga semua host yang berada pada satu broadcast domain dapat merespon pesan ARP tersebut walaupun pesan tersebut bukan ditujukan untuknya. Serangan inilah yang biasa disebut dengan ARP Spoofing. Serangan ini dapat berimbas pada serangan-serangan yang lain, seperti serangan Man In The Middle Attack, Packet Sniffing, dan Distributed Denial of Service. Metode Live Forensic digunakan untuk mengidentifikasi dan mendeteksi serangan ketika sistem dalam keadaan menyala. Berdasarkan hasil penelitian yang dilakukan terbukti bahwa dengan penggunaan metode Live Forensics, investigator dapat dengan cepat mendeteksi suatu serangan dan mengidentifikasi penyerangnya.
40
Momot, Vladyslav, and Volodymyr Porokhniak. "Research of methods for counteracting Transport Layer attacks in information and communication networks." Problemi telekomunìkacìj, no. 2(35) (November 28, 2024): 26–46. https://doi.org/10.30837/pt.2024.2.03.
Full textAbstract:
The work analyzes the most common threats and defines network security objectives, as well as describes quantitative and qualitative indicators of network security, classified into five categories. The work contains an analysis of attacks targeting all seven layers of the Open Systems Interconnection (OSI) model and provides their common features and mechanisms, attack examples, and tools used to carry them out. A review and comparative characteristic of methods for countering transport layer attacks is performed, as well as an experimental study of the effectiveness of the selected methods for countering attacks using the example of the TCP PUSH ACK Flood attack. Particular attention is paid to the transport layer due to its popularity among cybercriminals who carry out distributed denial-of-service attacks using the shortcomings of the TCP and UDP protocols. After studying the theoretical information about the transport layer of the OSI model, special attention is paid to the mechanisms of the TCP protocol, in particular, the selected methods of countering attacks at the transport layer are studied, and their advantages and disadvantages are described. A conclusion is made regarding the effectiveness of the implemented methods of countering the TCP PUSH ACK Flood attack based on the average and maximum values of CPU usage, the percentage of lost packets (Packet Loss), the average and maximum response time, as well as the availability of access to the deployed web page on the victim's server. The final part of the work provides recommendations for improving server software and transport layer protocols, in particular TCP, in order to increase the effectiveness of countering distributed denial-of-service attacks, which are based on the abuse of prohibited flag combinations, IP address spoofing, and sending «Martian packets».
41
Nafir, Abdenacer, Smaine Mazouzi, and Salim Chikhi. "A New Information-Based Heuristic for Distributed DDoS Detection and Mitigation." International Journal of Organizational and Collective Intelligence 12, no. 4 (2022): 1–16. http://dx.doi.org/10.4018/ijoci.312221.
Full textAbstract:
In this paper a novel collective method for DDoS detection is introduced. The method is distributed and implemented as a multi-agent system, and where local decision is based on an information-based heuristic, namely the entropy. According the calculated entropy a router exchange data with its neighbors aiming at collectively decide if a DDoS is ongoing or not. Most of the works of the literature that are based on the entropy they have used source addresses. The authors' method is based on the entropy of the distances traveled by the packets, so spoofing IP packets will be hard to perform by hackers. Each router combines its decision with those of its neighbors. Such a collective detection allows to apply defense against the attack despite the victim is out of service or cannot perform DDoS mitigation because the traffic is congested in its neighborhood. Conducted experiments using the platform OMNet++ show the potential of the new method for efficient collaborative and distributed detection and mitigation of DDoS attacks.
42
Nasir, Manir, Danlami Gabi, Salihu Alhassan Libata, and Mujtaba Haruna. "COUNTERMEASURE TO MAN-IN-THE-MIDDLE ATTACK BASED ON EMAIL HIJACKING USING TRY-HYBRID SUPERVISED LEARNING TECHNIQUES." FUDMA JOURNAL OF SCIENCES 9, no. 2 (2025): 66–74. https://doi.org/10.33003/fjs-2025-0902-3062.
Full textAbstract:
Email communication faces an escalating threat from Man-in-the-Middle (MitM) attacks, which compromise the security and integrity of emails, leading to the risk of data breaches, financial losses, and reputational harm. Traditional email security measures, such as SSL/TLS encryption and authentication protocols (e.g., SPF, DKIM, DMARC), have become increasingly insufficient in countering these advanced MitM attacks. The growing sophistication of MitM techniques, including SSL stripping, DNS spoofing, and session hijacking. This research proposes a countermeasure to MitM attacks based on email hijacking using a try-hybrid supervised learning technique. timestamps, IP addresses, port numbers, packet sizes, and various security-related indicators. The development of the MitM attack detection technique employed a try-hybrid mitm attack detection technique, which combines the strengths of three machine learning algorithms: Random Forest, Gradient Boosting Machine (GBM), and Support Vector Machine (SVM).The results demonstrate the effectiveness of the proposed try-hybrid model, achieving an accuracy of 95.8%, surpassing Benchmark 1 (92.4%) and Benchmark 2 (90.1%). Precision improves to 94.3% compared to Benchmark 1 (91.0%) and Benchmark 2 (88.5%). Similarly, recall is enhanced to 96.5% against Benchmark 1 (89.7%) and Benchmark 2 (87.2%). The F1 score of 95.4% significantly outperforms Benchmark 1 (90.3%) and Benchmark 2 (87.8%). Moreover, the proposed model achieves a lower False Positive Rate (FPR) of 3.2% compared to Benchmark 1 (5.6%) and Benchmark 2 (6.8%).These results highlight the robustness and reliability of the try-hybrid model in enhancing email security by effectively detecting and mitigating advanced MitM attacks.
43
Yazov, Yuri, Oleg Avsentev, Alexander Avsentev, and Irina Rubtsova. "Method for Assessing Effectiveness of Protection of Electronic Document Management using the Petri and Markov Nets Apparatus." SPIIRAS Proceedings 18, no. 6 (2019): 1269–300. http://dx.doi.org/10.15622/sp.2019.18.6.1269-1300.
Full textAbstract:
Traditional approaches to assessing the effectiveness of information security, based on a comparison of the possibilities of realizing threats to information security in absence and application of protection measures, do not allow to analyze the dynamics of suppression by security measures of the process of implementing threats. The paper proposes a new indicator of the effectiveness of protection of electronic documents, aimed at assessing the possibility of advancing security measures of the process of implementing threats in electronic document management systems using the probability-time characteristics of the dynamics of the application of protection measures and the implementation of threats to electronic documents. Mathematical models were developed using the Petri-Markov network apparatus and analytical relationships were obtained for calculating the proposed indicator using the example of the "traffic tunneling" threat (placing intruder packets in trusted user packets) and unauthorized access (network attacks) to electronic documents, as well as the threat of intrusion of malicious program by carrying out an "blind IP spoofing" attack (network address spoofing). Examples of calculating the proposed indicator and graphs of its dependence on the probability of detecting network attacks by the intrusion detection system and on the probability of malware detection by the anti-virus protection system are given. Quantitative dependencies are obtained for the effectiveness of protection of electronic documents due to being ahead of protection measures for threat realization processes, both on the probability of detecting an intrusion or the probability of detecting a malicious program, and on the ratio of the time spent by the protection system on detecting an attempt to implement a threat and taking measures to curb its implementation, and threat implementation time. Models allow not only to evaluate the effectiveness of measures to protect electronic documents from threats of destruction, copying, unauthorized changes, etc., but also to quantify the requirements for the response time of adaptive security systems to detectable actions aimed at violating the security of electronic documents, depending on the probability -temporal characteristics of threat realization processes, to identify weaknesses in protection systems related to the dynamics of threat realization and the reaction of defense systems to such threats electronic document.
44
Alquhayz, Hani, Nasser Alalwan, Ahmed Ibrahim Alzahrani, Ali H. Al-Bayatti, and Mhd Saeed Sharif. "Policy-Based Security Management System for 5G Heterogeneous Networks." Wireless Communications and Mobile Computing 2019 (November 14, 2019): 1–14. http://dx.doi.org/10.1155/2019/4582391.
Full textAbstract:
Advances in mobile phone technology and the growth of associated networks have been phenomenal over the last decade. Therefore, they have been the focus of much academic research, driven by commercial and end-user demands for increasingly faster technology. The most recent generation of mobile network technology is the fifth generation (5G). 5G networks are expected to launch across the world by 2020 and to work with existing 3G and 4G technologies to provide extreme speed despite being limited to wireless technologies. An alternative network, Y-Communication (Y-Comm), proposes to integrate the current wired and wireless networks, attempting to achieve the main service requirements of 5G by converging the existing networks and providing an improved service anywhere at any time. Quality of service (QoS), vertical handover, and security are some of the technical concerns resulting from this heterogeneity. In addition, it is believed that the Y-Comm convergence will have a greater influence on security than was the case with the previous long-term evolution (LTE) 4G networks and with future 5G networks. The purpose of this research is to satisfy the security recommendations for 5G mobile networks. This research provides a policy-based security management system, ensuring that end-user devices cannot be used as weapons or tools of attack, for example, IP spoofing and man-in-the-middle (MITM) attacks. The results are promising, with a low disconnection rate of less than 4% and 7%. This shows the system to be robust and reliable.
45
Söğüt, Esra, and O. Ayhan Erdem. "A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems." Applied Sciences 13, no. 10 (2023): 5993. http://dx.doi.org/10.3390/app13105993.
Full textAbstract:
Industrial automation and control systems have gained increasing attention in the literature recently. Their integration with various systems has triggered considerable developments in critical infrastructure systems. With different network structures, these systems need to communicate with each other, work in an integrated manner, be controlled, and intervene effectively when necessary. Supervision Control and Data Acquisition (SCADA) systems are mostly utilized to achieve these aims. SCADA systems, which control and monitor the connected systems, have been the target of cyber attackers. These systems are subject to cyberattacks due to the openness to external networks, remote controllability, and SCADA-architecture-specific cyber vulnerabilities. Protecting SCADA systems on critical infrastructure systems against cyberattacks is an important issue that concerns governments in many aspects such as economics, politics, transport, communication, health, security, and reliability. In this study, we physically demonstrated a scaled-down version of a real water plant via a Testbed environment created including a SCADA system. In order to disrupt the functioning of the SCADA system in this environment, five attack scenarios were designed by performing various DDoS attacks, i.e., TCP, UDP, SYN, spoofing IP, and ICMP Flooding. Additionally, we evaluated a scenario with the baseline behavior of the SCADA system that contains no attack. During the implementation of the scenarios, the SCADA system network was monitored, and network data flow was collected and recorded. CNN models, LSTM models, hybrid deep learning models that amalgamate CNN and LSTM, and traditional machine learning models were applied to the obtained data. The test results of various DDoS attacks demonstrated that the hybrid model and the decision tree model are the most suitable for such environments, reaching the highest test accuracy of 95% and 99%, respectively. Moreover, we tested the hybrid model on a dataset that is used commonly in the literature which resulted in 98% accuracy. Thus, it is suggested that the security of the SCADA system can be effectively improved, and we demonstrated that the proposed models have a potential to work in harmony on real field systems.
46
ATC. "INFORMATION CENTRIC NETWORKS AND ITS SECURITY CHALLENGES." Journal of Data Acquistion an Processing 38, no. 3 (2023): 5160–83. https://doi.org/10.5281/zenodo.14333572.
Full textAbstract:
An new networking discipline called "information centric networking" (ICN) has the power tocompletely alter how the Internet functions. ICNs allow users to immediately access contentfrom anywhere on the network, regardless of its physical location, by identifying each item ofinformation by its name instead by the destination host to which it will be routed over thenetwork. This makes ICN networks more scalable, secure, and efficient. However, since ICNinfrastructure is still a relatively new technology, it faces several security challenges. Theseinclude the threat of privacy breach, spoofing, distributed denial-of-service attacks, and theinadequate authentication protocol. To ensure that ICN networks' full potential be realised,these security issues will need to be resolved. The delivery of content within a network, asopposed to a specific device, is the main goal of information centric networking (ICN),communications architecture. By letting the network to use content as the fundamental unit oftransport rather than the conventional end-points, this developing network architecture seeksto enhance the existing Internet routing model. The purpose of ICN is to offer an improved andmore secure framework for the delivery of content over the Internet. An Information CentricNetwork (ICN) is an architecture that utilizes an indexed structure for the dynamic distributionof digital content. This structure allows nodes within the network to send and query for contentbased on user-defined keywords and topics, rather than relying solely on the IP addresses ofnetwork endpoints. This approach provides a more efficient and reliable method of contentdelivery, as it becomes easier to locate, route, and deliver digital content irrespective of itssource or destination. Security is an essential component for any network and is especiallyimportant for Information Centric Networks because the increased complexity of the networkstructure introduces new attack surfaces and an increased reliance on caching. Attacks likedenial-of-service attacks, cache poisoning, packet replay, and other forms of maliciousbehaviour are among the security difficulties faced by ICNs. More security measures arerequired to protect against these types of attacks, including mechanisms such as encryption,authentication, and authorization. Additionally, secure content distribution needs to beestablished in order to prevent malicious entities from accessing or altering content data. Asnetworks complexity continues to increase and more data is digitized, security needs to remain a top priority in order to protect the integrity of networks, services, and content
47
Dr., N. Arumugam. "A Survey of Network Based Detection and Defense Mechanisms Countering the IP Spoofing Problems." International Journal of Trend in Scientific Research and Development 2, no. 5 (2018): 704–10. https://doi.org/10.31142/ijtsrd15921.
Full textAbstract:
Today, the Internet is a public, cooperative, and self sustaining facility accessible to hundreds of millions of people worldwide. The phenomenal growth of the Internet owes much to the simplicity of its design principles, which allow to widely interconnecting heterogeneous systems. The design principles of Internet's do not provide any form of control for a server to dictate how much traffic it wants to receive and from whom. As a result, Internet hosts are vulnerable to network attacks like Denial of Service DoS and Distributed Denial of Service DDoS attacks, whose economic and social impact has grown to considerable proportions. One of the major threats to the Internet is source IP address spoofing. In current Internet communication world, validity of the source of IP packet is an important issue. The problems of IP spoofing alarm legitimate users of the Internet. This paper review recent progress of IP spoofing detection and defenses by various researchers. Dr. N. Arumugam "A Survey of Network-Based Detection and Defense Mechanisms Countering the IP Spoofing Problems" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-5 , August 2018, URL: https://www.ijtsrd.com/papers/ijtsrd15921.pdf
48
Dr., Harish Joshi, Ashok Bawge Prof., Uzma Kausar Prof., Rishikesh, Pratiksha, and Hinn Benny. "Mitigating ARP Poisoning Via Modified ICMP and Voting Mechanism." Journal of Research in Electrical Power System 1, no. 2 (2025): 8–16. https://doi.org/10.5281/zenodo.15573683.
Full textAbstract:
<em>Address Resolution Protocol (ARP) poisoning is a key vulnerability exploited in advanced LAN attacks, such as Denial- of-Service (DoS) and Man-in-the-Middle (MITM) attacks. The stateless nature of ARP weakens network security, especially in Ethernet environments. To detect such threats, the proposed method involves monitoring network traffic through a Central Server (CS), which then sends a trap ICMP ping packet and analyzes the response to identify malicious activity. For prevention, a voting-based mechanism is used to select a trustworthy CS. By validating and correcting <IP, MAC> pair entries in hosts' cache tables, the CS effectively mitigates ARP poisoning while preserving system performance. This technique relies on ICMP and voting, offering backward compatibility, low cost, minimal traffic overhead, and easy deployment providing a robust solution to detect and prevent MITM-based ARP poisoning while addressing ARP’s inherent weaknesses.</em>
49
Sudhakaran, Pradeep. "Detection of Spoofing Attacks on SDN through IP Trace Back Protocol." Journal of Advanced Research in Dynamical and Control Systems 12, SP4 (2020): 55–61. http://dx.doi.org/10.5373/jardcs/v12sp4/20201466.
Full text
50
Lin, Jin Cherng, Men Jue Koo, and Cheng Sheng Wang. "A Proposal for a Schema for ARP Spoofing Protection." Applied Mechanics and Materials 284-287 (January 2013): 3275–79. http://dx.doi.org/10.4028/www.scientific.net/amm.284-287.3275.
Full textAbstract:
IP scheme over Ethernet is one of the world's most widely used network structure. However, ARP Spoofing attacks still remain as one of serious security threats on the local area network. Despite the seriousness, there is no protective mechanism that can effectively protect against ARP Spoofing attacks available yet. This paper proposes an ARP query process mechanism that corresponds with the current IP/MAC mapping correlations based upon the existing ARP protocol and the "Direct Communication" characteristic of the LAN. It can effectively protect against ARP Spoofing attacks without change of network structures or an increase of investments in personnel and equipments.