Relevant bibliographies by topics / Syn flooding attack / Journal articles
To see the other types of publications on this topic, follow the link: Syn flooding attack.

Journal articles on the topic 'Syn flooding attack'

Author: Grafiati
Published: 3 June 2025
Last updated: 20 July 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Syn flooding attack.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Ramanauskaitė, Simona, and Antanas Čenys. "STOCHASTIC MODEL OF TCP SYN ATTACKS / STOCHASTINIS TCP SYN ATAKŲ MODELIS." Mokslas - Lietuvos ateitis 3, no. 1 (2011): 20–24. http://dx.doi.org/10.3846/mla.2011.004.

Full text
Abstract:
A great proportion of essential services are moving into internet space making the threat of DoS attacks even more actual. To estimate the real risk of some kind of denial of service (DoS) attack in real world is difficult, but mathematical and software models make this task easier. In this paper we overview the ways of implementing DoS attack models and offer a stochastic model of SYN flooding attack. It allows evaluating the potential threat of SYN flooding attacks, taking into account both the legitimate system flow as well as the possible attack power. At the same time we can assess the effect of such parameters as buffer capacity, open connection storage in the buffer or filte­ring efficiency on the success of different SYN flooding attacks. This model can be used for other type of memory depletion denial of service attacks.
APA, Harvard, Vancouver, ISO, and other styles
2

Ali, Hamid M., Ibraheem K. Ibraheem, and Sarah W. A. Ahmad. "Enhancement of the Detection of the TCP SYN Flooding (DDoS) Attack." Journal of Engineering 19, no. 6 (2023): 786–94. http://dx.doi.org/10.31026/j.eng.2013.06.10.

Full text
Abstract:
The major of DDoS attacks use TCP protocol and the TCP SYN flooding attack is the most common one among them. The SYN Cookie mechanism is used to defend against the TCP SYN flooding attack. It is an effective defense, but it has a disadvantage of high calculations and it doesn’t differentiate spoofed packets from legitimate packets. Therefore, filtering the spoofed packet can effectively enhance the SYN Cookie activity. Hop Count Filtering (HCF) is another mechanism used at the server side to filter spoofed packets. This mechanism has a drawback of being not a perfect and final solution in defending against the TCP SYN flooding attack. An enhanced mechanism of Integrating and combining the SYN Cookie with Hop Count Filtering (HCF) mechanism is proposed to protect the server from TCP SYN flooding. The results show that the defense against SYN flood DDoS attack is enhanced, since the availability of legitimate packets is increased and the time of SYN Cookie activity is delayed.
APA, Harvard, Vancouver, ISO, and other styles
3

Sun, Fei Xian, and Zhi Gang Wu. "Immune Danger Theory Based Model for SYN Flooding Attack Situation Awareness." Advanced Materials Research 181-182 (January 2011): 66–71. http://dx.doi.org/10.4028/www.scientific.net/amr.181-182.66.

Full text
Abstract:
This paper explores a novel danger theory based model to aware the situation for TCP SYN flooding attacks. Within in the presented model, the TCP SYN flooding attacks are looked as dangerous exogenous patterns, and induce danger signals to aware the situation of host computers, which is realized by hosted-based artificial immune detectors. After summarizing the danger theory, the model framework, correlative concepts, TCP SYN flooding attack detection, danger signal computation and attack situation awareness methods are described. Following that, the interrelated techniques are compared. Theoretical analysis results show that the proposed model is valid. Thus, it provides a good solution to computer network security.
APA, Harvard, Vancouver, ISO, and other styles
4

Mohd Fuzi, Mohd Faris, Nur Fatin Mohammad Ashraf, and Muhammad Nabil Fikri Jamaluddin. "Integrated Network Monitoring using Zabbix with Push Notification via Telegram." Journal of Computing Research and Innovation 7, no. 1 (2022): 147–55. http://dx.doi.org/10.24191/jcrinn.v7i1.282.

Full text
Abstract:
The world is becoming increasingly dependent on online services. To offer a service, a network must be in good health and free of any attacks. An attack happens when the confidentiality, integrity, or availability of a service is compromised. Network monitoring is a solution capable of maintaining these network devices from their usage up to detecting attacks. A denial of service (DoS) attack on a network can affect the network performance and can cause serious damage. Zabbix is an open-source network monitoring tool that is versatile and can be used to monitor hosts on a network. The purpose of this project is to detect possible ping and SYN flooding attempts on a server and send alerts to the administrator via Telegram. This project uses Zabbix to monitor a server for potential ping and SYN flooding attacks. Tcpdump is used to log the pings received by the server. When the server continuously receives 10 or more pings per second, an alert will be automatically generated and sent to the administrator via Telegram. Similarly, a SYN flood attack is detected by using netstat’s SYN_RECV flags. When the server continuously receives more than 10 SYN packets without an ACK packet, Zabbix will generate alerts that are sent via Telegram and update the dashboard to show a problem. Zabbix was able to accurately detect all ping flooding attempts on the server. However, SYN flooding attacks were not as accurately detected. The use of Zabbix can be implemented in small businesses or networks for an automated monitoring system. Future work can include more DDoS attacks and adding countermeasure actions when detecting attacks by blocking the IP or port associated with the attack. SYN flooding detection needs to be improved because only two out of three attacks were able to be caught.
APA, Harvard, Vancouver, ISO, and other styles
5

Yang, Chun-Hao, Jhen-Ping Wu, Fang-Yi Lee, Ting-Yu Lin, and Meng-Hsun Tsai. "Detection and Mitigation of SYN Flooding Attacks through SYN/ACK Packets and Black/White Lists." Sensors 23, no. 8 (2023): 3817. http://dx.doi.org/10.3390/s23083817.

Full text
Abstract:
Software-defined networking (SDN) is a new network architecture that provides programmable networks, more efficient network management, and centralized control than traditional networks. The TCP SYN flooding attack is one of the most aggressive network attacks that can seriously degrade network performance. This paper proposes detection and mitigation modules against SYN flooding attacks in SDN. We combine those modules, which have evolved from the cuckoo hashing method and innovative whitelist, to get better performance compared to current methods Our approach reduces the traffic through the switch and improves detection accuracy, also the required register size is reduced by half for the same accuracy.
APA, Harvard, Vancouver, ISO, and other styles
6

Lee, Se-Yul, and Yong-Soo Kim. "Design and Analysis of Probe Detection Systems for TCP Networks." Journal of Advanced Computational Intelligence and Intelligent Informatics 8, no. 4 (2004): 369–72. http://dx.doi.org/10.20965/jaciii.2004.p0369.

Full text
Abstract:
Advanced computer network technology enables the connectivity of computers in an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and cannot detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We propose a network-based intrusion detection model using fuzzy cognitive maps (FCM) that detects intrusion by Denial of Service (DoS) attack detection using packet analysis. A DoS attack typically appears as a Probe and Syn Flooding attack. Syn Flooding Preventer using Fuzzy cognitive maps (SPuF) model captures and analyzes packet information to detect Syn flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulation using the "KDD’99 Competition Data Set" for the SPuF model shows that Probe detection exceeded 97%.
APA, Harvard, Vancouver, ISO, and other styles
7

Manna, Mehdi Ebady. "Review Of Syn-Flooding Attack Detection Mechanism." International Journal of Distributed and Parallel systems 3, no. 1 (2012): 99–117. http://dx.doi.org/10.5121/ijdps.2012.3108.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Jose, Ancy Sherin, Latha R. Nair, and Varghese Paul. "Towards Detecting Flooding DDOS Attacks Over Software Defined Networks Using Machine Learning Techniques." Revista Gestão Inovação e Tecnologias 11, no. 4 (2021): 3837–65. http://dx.doi.org/10.47059/revistageintec.v11i4.2411.

Full text
Abstract:
Distributed Denial of Service Attack (DDoS) has emerged as a major threat to cyber space. A DDoS attack aims at exhausting the resources of the victim causing financial and reputational damages to it. The availability of free software make launching of DDoS attacks easy. The difficulty in differentiating a DDoS traffic from a legitimate traffic burst such as a flash crowd makes DDoS difficult to be identified. A wide range of techniques have been used in conventional networks to detect and mitigate DDoS attacks. Though the advent of Software Defined Networking (SDN) makes a network easy to be managed even SDN is vulnerable to DDoS attacks. In this case, the controller of the SDN gets overloaded with the incoming packets from the switches. In fact, a solution based on security analytics can be put in place to ward off this threat as a proactive security measure using the flow level statistics available from the SDN. Compared to the packet analysis used in traditional networks which is resource expensive the flow level statistics is relatively inexpensive. This paper focuses on the design and implementation of an attack detection system for detecting the flooding DDoS attacks TCP SYN flooding attacks, HTTP request flooding attacks, UDP flooding attacks and ICMP flooding attacks over SDN network traffic. The system uses various classification algorithms to classify a traffic into normal or attack. The feature sets for classification were arrived at using a feature selection module with ANOVA (Analysis of Variance) F-Test statistical method. Performance evaluation of each of the classifiers was carried out for the three feature sets obtained from the feature selection module using various performance measures and the results have been tabulated. The feature set which gives the best performance in detecting malicious traffic has been identified.
APA, Harvard, Vancouver, ISO, and other styles
9

Azis, Muhammad Misbahul, Yufiz Azhar, and Syaifuddin Syaifuddin. "Analisa Sistem Identifikasi DDoS Menggunakan KNN Pada Jaringan Software Defined Network(SDN)." Jurnal Repositor 2, no. 7 (2020): 915. http://dx.doi.org/10.22219/repositor.v2i7.762.

Full text
Abstract:
AbstrakAbstrak - Kebutuhan pada jaringan mengutamakan performa untuk mendukung sebuah efisiensi jaringan merupakan hal penting untuk saat ini. Penentuan konfigurasi yang semakin banyak dan kompleks serta kontrol jaringan yang semakin rumit, membuat jaringan semakin tidak fleksibel dan susah untuk diterapkan pada sebuah topologi jaringan yang besar. Software Defined Network (SDN) muncul dengan mekanisme yang dapat menyelesaikan masalah tersebut. Pada dasarnya konsep dari Software Defined Network (SDN) adalah memisahkan kontroller dan data/forwarding plane, sehingga mampu untuk me-menejemen jaringan yang begitu banyak dalam sebuah kontroller. Namun pada kontroller belum memiliki keamanan yang cukup untuk melindungi dari serangan jaringan seperti DDoS, SYN Flooding Attack sehingga kontroller akan menjadi target dari attacker. Sehingga penelitian ini mengusulkan penambahan aplikasi machine learning pada kontroller untuk menangani serangan seperti DDoS dan SYN Flooding Attack. Dalam penelitian ini kontroller yang digunakan adalah ryu controller yang menggunakan bahasa pemrograman python. Dalam penelitian ini menggunakan topologi linear pada mininet dan membuat paket dalam format .pcap untuk pengujian serangan yang dilakukan. Sehingga dapat mengetahui rata-rata jumlah paket yang masuk dan keluar dan keberhasilan dalam melakukan mitigasi terhadap paket yang dianggap DDoS.Abstract The need for the network to prioritize performance to support a network efficiency is important for now. Determination of configurations that are more and more complex and increasingly complicated network control, makes the network more inflexible and difficult to apply to a large network topology. Software Defined Network (SDN) appears with a mechanism that can solve the problem. Basically the concept of Software Defined Network (SDN) is to separate the controller and the data / forwarding plane, so that it is able to manage so many networks in a controller. But the controller does not have enough security to protect against network attacks such as DDoS, SYN Flooding Attack so the controller will be the target of the attacker. So this study proposes adding machine learning applications to controllers to handle attacks such as DDoS and SYN Flooding Attack. In this study the controller used is the Ryu controller that uses the Python programming language. In this study using a linear topology on Mininet and create a package in. Pcap format for testing attacks carried out. So as to know the average number of incoming and outgoing packages and success in mitigating packages that are considered DDoS.
APA, Harvard, Vancouver, ISO, and other styles
10

S, Nithish Babu, Yogesh V, Mariswaran S, and Gowtham N. "Detection of DDOS Attack using Decision Tree Classifier in SDN Environment." Journal of Ubiquitous Computing and Communication Technologies 5, no. 2 (2023): 193–202. http://dx.doi.org/10.36548/jucct.2023.2.006.

Full text
Abstract:
Software Defined Networking (SDN) is a dynamic architecture that employs a variety of applications for making networks more adaptable and centrally controlled. It is easy to attack the entire network in SDN because the control plane and data plane are separated. DDoS attack is major danger to SDN service providers because it can shut down the entire network and stop services to all customers at any time. One of the key flaws of most SDN architectures is lack of susceptibility to DDoS attacks with its types like TCP flooding, UDP flooding, SYN flooding, ICMP flooding and DHCP flooding for detecting those kinds of attacks. The machine learning algorithms are widely used in recent years to identify DDoS attacks. This research utilizes Decision Tree Classifier for detection and classification of DDoS attacks on SDN. The Forward Feature Selection technique is also used in the research to select the best features from the dataset and from that dataset the data are employed to train and test the model by Decision Tree Classifier Algorithm. The decision Tree Classifier technique is a supervised method used to forecast desired values of observations using rudimentary machine learning decision rules derived from training data. Based on the accuracy of decision tree techniques, in future, a hybrid learning model will be designed for detecting the Distributed Denial of Services in an SDN environment with high accuracy and a low false negative rate.
APA, Harvard, Vancouver, ISO, and other styles
11

Bellaïche, Martine, and Jean-Charles Grégoire. "SYN flooding attack detection by TCP handshake anomalies." Security and Communication Networks 5, no. 7 (2011): 709–24. http://dx.doi.org/10.1002/sec.365.

Full text
APA, Harvard, Vancouver, ISO, and other styles
12

Bang, Gihyun, Deokjai Choi, and Sangwon Bang. "A Protection Method using Destination Address Packet Sampling for SYN Flooding Attack in SDN Environments." Journal of Korea Multimedia Society 18, no. 1 (2015): 35–41. http://dx.doi.org/10.9717/kmms.2015.18.1.035.

Full text
APA, Harvard, Vancouver, ISO, and other styles
13

Islam, M. Mattah, Saifullah Shahid, Khush Bakhat Awar, Rashid Khan, and Muhammad Sohail. "Cyber-Security: Dos Attack Outcomes are Dangerous." European Journal of Electrical Engineering and Computer Science 5, no. 3 (2021): 54–59. http://dx.doi.org/10.24018/ejece.2021.5.3.297.

Full text
Abstract:
Dos attacks are an attractive and hot topic nowadays because it is very common for attackers to make a victim and exploit it. In this paper, different kinds of techniques and commands have implemented and contrast for the outcomes of these attacks. By performing, experiments problems are identified. By following experiments, the goal is prevention and mitigation of Dos attacks at large extent by knowing the outcomes of the attacks. For proving the work, different types of experiments are performed on different platforms and observed that Dos attacks are how dangerous to our systems. In this paper, hping3 and syn flooding are performed. Hping3 is used for sending packets in a modified, crafted form. It is the networking tool used by developers to perform a DOS attack. SYN flooding is used for sending so many requests in an insane amount to the server and used all of the resources of the server.
APA, Harvard, Vancouver, ISO, and other styles
14

Ramkumar, B. N., and T. Subbulakshmi. "Tcp Syn Flood Attack Detection and Prevention System using Adaptive Thresholding Method." ITM Web of Conferences 37 (2021): 01016. http://dx.doi.org/10.1051/itmconf/20213701016.

Full text
Abstract:
Transmission Control Protocol Synchronized (SYN) flooding contributes to a major part of the Denial of service attacks (Dos) because of the easy to exploit nature of the TCP three way handshake mechanism. Attackers use this weakness to overflow the TCP queue of the server and make its re-sources consumed resulting it to be unavailable for the requests of legitimate users. So we are in need of a quick and precise defence mechanism to detect the TCP-SYN Flood attack. The main objective of the paper is to propose a detection and prevention mechanism of the TCP-SYN flood attack using adaptive thresholding. Adaptive threshold algorithm (ATA) is used to calculate dynamic threshold .Thus this algorithm helps to overcome the limitations of static thresholding like high false positive ratio and also alert users after violation of the threshold calculated by adaptive thresholding algorithm. The result of the suggested mechanism is very effective in the detection and prevention of the TCP SYN flood attack using adaptive thresholding algorithm.
APA, Harvard, Vancouver, ISO, and other styles
15

Kavisankar and Chellappan. "CNoA: Challenging Number Approach for uncovering TCP SYN flooding using SYN spoofing attack." International Journal of Network Security & Its Applications 3, no. 5 (2011): 191–202. http://dx.doi.org/10.5121/ijnsa.2011.3515.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Mohammadi, Reza, Mauro Conti, Chhagan Lal, and Satish C. Kulhari. "SYN-Guard: An effective counter for SYN flooding attack in software-defined networking." International Journal of Communication Systems 32, no. 17 (2019): e4061. http://dx.doi.org/10.1002/dac.4061.

Full text
APA, Harvard, Vancouver, ISO, and other styles
17

ARFANUDIN, CITRA, Bambang Sugiantoro, and Yudi Prayudi. "ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX." Cyber Security dan Forensik Digital 2, no. 1 (2019): 1–7. http://dx.doi.org/10.14421/csecurity.2019.2.1.1388.

Full text
Abstract:
Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology
APA, Harvard, Vancouver, ISO, and other styles
18

Wang, Haojun. "Distributed Denial of Service Attack with Large Language Model." Highlights in Science, Engineering and Technology 138 (May 11, 2025): 132–37. https://doi.org/10.54097/586gg060.

Full text
Abstract:
Distributed Denial of Service (DDoS) attacks take full advantage of distributed networks by sending a relentless barrage of requests to a target server to disrupt the regular operation of the server. The main difference between a DDoS attack and a traditional Denial of Service (DoS) attack is its decentralized nature. This characteristic increases the attack's impact and thus creates incredible difficulty in prevention. Traditional DDoS strategies cover flooding attacks (e.g., TCP SYN and UDP floods), protocol usage techniques (e.g., SYN floods and the infamous Ping of Death), and resource exhaustion strategies (e.g., HTTP floods). Each of these proposed strategies relies on large amounts of bandwidth, and recent results achieved on detection systems provide more efficient mitigation means. A significant change in the pattern of modern DDoS attacks shows the rise of amplification attacks, an attack strategy that cleverly exploits weaknesses to increase traffic beyond its initial scale. In addition, the phenomenon of hybrid attacks has become more prominent, which integrates various DDoS tactics into more sophisticated and powerful attacks, e.g., combining application-layer attacks and traffic flooding, thereby crippling both the application and network layers. As network threats become more sophisticated, we must innovate our defence strategies to ensure their effectiveness. In order to gain a deeper understanding of the potential threat of DDoS, it is critical to delve deeper into traditional attack tactics, analyze specific case studies in depth, and explore the impact of emerging technologies. This article delves into traditional DDoS attacks, current threat perceptions, and how artificial intelligence can play a role in the face of these cold attacks.
APA, Harvard, Vancouver, ISO, and other styles
19

Jasvir, Markandy1 Manmohan Sharma2. "DIMINISH THE FLOODING ATTACK USING MUTUAL AUTHENTICATION IN MOBILE AD-HOC NETWORK." INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY 7, no. 5 (2018): 24–30. https://doi.org/10.5281/zenodo.1241365.

Full text
Abstract:
Mobile ad-hoc network (MANET) is a group of wireless mobile nodes and dedicated routers used by base station. MANET application in mobility management, broad casting, and bandwidth management are important issue in routing and information gathering<strong>. </strong>In MANET, Different types of attack has been developed today which degrade the performance of network and makes it less efficient like SYN flooding, Black hole attack,Worm hole attack, Grey hole attack etc.In this paper, we are representing flooding attack proposed by various author inmobile ad-hoc network.
APA, Harvard, Vancouver, ISO, and other styles
20

Nashat, Dalia, and Fatma A. Hussain. "Multifractal detrended fluctuation analysis based detection for SYN flooding attack." Computers & Security 107 (August 2021): 102315. http://dx.doi.org/10.1016/j.cose.2021.102315.

Full text
APA, Harvard, Vancouver, ISO, and other styles
21

R.C, Prathibha, and Rejimol Robinson R R. "A Comparative Study of Defense Mechanisms against SYN Flooding Attack." International Journal of Computer Applications 98, no. 18 (2014): 16–21. http://dx.doi.org/10.5120/17282-7414.

Full text
APA, Harvard, Vancouver, ISO, and other styles
22

Orozco, Alex M. S., Augusto P. Fernandes, and Giovani H. Costa. "SIMULAÇÃO DE SYN FLOODING ATTACK NO COMMON OPEN RESEARCH EMULATOR." Revista Competência 7, no. 1 (2014): 161–73. http://dx.doi.org/10.24936/2177-4986.v7n1.2014.156.

Full text
Abstract:
Este trabalho aborda a utilização do Common Open Research Emulator (CORE) como plataforma para a simulação de ataques de negação de serviço (DoS - De-nial of Service), como o ataque de inundação de SYN. O CORE permite facilmente projetar uma topologia de rede fictícia e definir serviços a serem executados nos componentes da rede. Com base na infraestrutura projetada, o ataque é disparado, e os dados que trafegam pela rede são analisados através de uma ferramenta de IDS/IPS (Intrusion Detection and Prevention System). Após a detecção do ataque, contramedidas são aplicadas buscando interromper o fluxo de dados entre o atacante e a vítima. De forma a efetivar as contramedidas, são utilizadas as ferramentas SNORT e Guardian. Esta estrutura permite que o processo de simulação ocorra antes de efetivar a aquisição da infraestrutura, diminuindo o índice de risco do projeto. Este ambiente permite também as atividades de ensino e treinamento na área de redes de computadores e segurança da informação e comunicação de forma simples.P a l a v r a s - c h a v e : CORE. Ataque de negação de serviço. Sistema de prevenção e detecção de intrusões.
APA, Harvard, Vancouver, ISO, and other styles
23

Rahul, A., B. Suresh kumar, and S. K. Prashanth. "Detection of Intruders and Flooding in VoIP using IDS, Jacobson Fast and Hellinger Distance Algorithms." American Journal of Advanced Computing 1, no. 1 (2020): 1–6. http://dx.doi.org/10.15864/ajac.1106.

Full text
Abstract:
VoIP services are becoming increasingly a big competition to existing telephony services (PSTN). Hence, the need arises to protect VoIP services from all kinds of attacks that target network bandwidth, server capacity or server architectural constrains. SIP Protocol is used for VoIP connection establishment. It works based on either TCP or UDP Protocols. This protocol structure is almost as same as HTTP Protocol, i.e. for every request there will be some response, even though the request is invalid. HTTP Protocol is prone to flooding attacks, like SYN-Flood attack. Because of Session Initiation Protocol (SIP) is same as HTTP, SIP is also prone to Flooding attacks. The proposed Intrusion Detection System (IDS) is used to detect the intruders in telephony system. Genetic algorithm is used to recognize the authorized user. VoIP Flood Detection System (VFDS) is aimed to detect TCP Flooding attacks and SIP Flooding attacks on SIP devices using Jacobian Fast and Hellinger distance algorithms. The Jacobian Fast Algorithm fixes the threshold limit and Hellinger distance calculation is a statistical anomaly based algorithm uses to detect deviation in traffic
APA, Harvard, Vancouver, ISO, and other styles
24

Nugraha, Muhammad, Isyana Paramita, Ardiansyah Musa, Deokjai Choi, and Buseung Cho. "Utilizing OpenFlow and sFlow to Detect and Mitigate SYN Flooding Attack." Journal of Korea Multimedia Society 17, no. 8 (2014): 988–94. http://dx.doi.org/10.9717/kmms.2014.17.8.988.

Full text
APA, Harvard, Vancouver, ISO, and other styles
25

Ravichandran, S., and M. Umamaheswari. "Design and Development of Collaborative Detection and Taxonomy of DDoS Attacks Using ESVM." Asian Journal of Computer Science and Technology 6, no. 2 (2017): 27–32. http://dx.doi.org/10.51983/ajcst-2017.6.2.1783.

Full text
Abstract:
Distributed Denial of Service (DDoS) assault is a ceaseless basic risk to the web. Application layer DDoS Attack is gotten from the lower layers. Application layer based DDoS assaults utilize honest to goodness HTTP asks for after foundation of TCP three-way handshaking and overpowers the casualty assets, for example, attachments, CPU, memory, circle, database transfer speed. Arrange layer based DDoS assaults sends the SYN, UDP and ICMP solicitations to the server and debilitates the transfer speed. An oddity discovery system is proposed in this paper to identify DDoS assaults utilizing Enhanced Support Vector Machine (ESVM). The Application layer DDoS Attack, for example, HTTP Flooding, DNS Spoofing and Network layer DDoS Attack, for example, Port Scanning, TCP Flooding, UDP Flooding, ICMP Flooding, Land Flooding. Session Flooding is taken as test tests for ESVM. The Normal client gets to conduct characteristics is taken as preparing tests for ESVM. The movement from the testing tests and preparing tests are Cross Validated and the better arrangement exactness is acquired. Application and Network layer DDoS assaults are arranged with order exactness of 99 % with ESVM.
APA, Harvard, Vancouver, ISO, and other styles
26

Shah, Sayed Qaiser Ali, Farrukh Zeeshan Khan, and Muneer Ahmad. "Mitigating TCP SYN flooding based EDOS attack in cloud computing environment using binomial distribution in SDN." Computer Communications 182 (January 2022): 198–211. http://dx.doi.org/10.1016/j.comcom.2021.11.008.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

Geetha, K., and N. Sreenath. "Detection of SYN Flooding Attack in Mobile Ad hoc Networks with AODV Protocol." Arabian Journal for Science and Engineering 41, no. 3 (2015): 1161–72. http://dx.doi.org/10.1007/s13369-015-1963-8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
28

Hsu, Fu-Hau, Chia-Hao Lee, Chun-Yi Wang, Rui-Yi Hung, and YungYu Zhuang. "DDoS Flood and Destination Service Changing Sensor." Sensors 21, no. 6 (2021): 1980. http://dx.doi.org/10.3390/s21061980.

Full text
Abstract:
In this paper, we aim to detect distributed denial of service (DDoS) attacks, and receive a notification of destination service, changing immediately, without the additional efforts of other modules. We designed a kernel-based mechanism to build a new Transmission Control Protocol/Internet Protocol (TCP/IP) connection smartly by the host while the users or clients not knowing the location of the next host. Moreover, we built a lightweight flooding attack detection mechanism in the user mode of an operating system. Given that reinstalling a modified operating system on each client is not realistic, we managed to replace the entry of the system call table with a customized sys_connect. An effective defense depends on fine detection and defensive procedures. In according with our experiments, this novel mechanism can detect flooding DDoS successfully, including SYN flood and ICMP flood. Furthermore, through cooperating with a specific low cost network architecture, the mechanism can help to defend DDoS attacks effectively.
APA, Harvard, Vancouver, ISO, and other styles
29

Oussama, Sbai, and Elboukhari Mohamed. "Deep learning intrusion detection system for mobile ad hoc networks against flooding attacks." International Journal of Artificial Intelligence (IJ-AI) 11, no. 3 (2022): 878–85. https://doi.org/10.11591/ijai.v11.i3.pp878-885.

Full text
Abstract:
Mobile ad hoc networks (MANETs) are infrastructure-less, dynamic wireless networks and self-configuring, in which the nodes are resource constrained. With the exponential evolution of the paradigm of smart homes, smart cities, smart logistics, internet of things (IoT) and internet of vehicle (IoV), MANETs and their networks family, such as flying ad-hoc networks (FANETs), vehicular ad-hoc networks (VANETs), and wireless sensor network (WSN), are the backbone of the whole networks. Because of their multitude use, MANETs are vulnerable to various attacks, so intrusion detection systems (IDS) are used in MANETs to keep an eye on activities in order to spot any intrusions into networks. In this paper, we propose a knowledge-based intrusion detection system (KBIDS) to secure MANETs from two classes of distributed denial of service (DDoS) attacks, which are UDP/data and SYN flooding attacks. We use the approach of deep learning exactly deep neural network (DNN) with CICDDoS2019 dataset. Simulation results obtained show that the proposed architecture model can attain very interesting and encouraging performance and results (Accuracy, Precision, Recall and F1-score).
APA, Harvard, Vancouver, ISO, and other styles
30

Okafor, P. U., S. N. Arinze, and C. Uka. "Development of Java Logical Program Synchronous Floods Distributed Denial of Service Algorithm, for Improving Data Security at Backend Server." International Journal of Information Sciences and Engineering 6, no. 2 (2022): 1–10. https://doi.org/10.5281/zenodo.7151791.

Full text
Abstract:
<strong>ABSTRACT</strong> <em>The work aims to improve data security at the backend server using the SYN Floods detection algorithm (Java Logical Program). In the development of the Java Logical Program (JLP), Java programming and Hypertext scripting languages were used in the development of the anomaly detection algorithm, while Hypertext Markup Language was used for the deployment of the system using the NetBeans integrated development environment. A TCP 3-Way Handshake connection protocol was deployed in establishing a full-duplex communication between the client and the server in the network.&nbsp; MySQL and SQLite were deployed to create the database connection and objects for an easy query of the database. The functionality test was carried out based on the data rate threshold and time of response. Test deployed flow records from WIDE MAWI WORKING GROUP repository for the developed JLP, SYN and FIN Difference (SynFinDiff) and Partial Completion Filter (PCF), two methods for monitoring and analyzing network traffic in detecting SYN flooding attacks. Results showed that JLP achieved a traffic data rate threshold of 11 as against SynFinDiff and PCF thresholds of 5 and 20 respectively. The significance of the result is that the developed system will not be reporting an attack for any period during which traffic is under the threshold thereby, eliminating false positives attack when TCP retransmission packets with half-opened connections are detected.&nbsp; Also, JLP detected an attack on data stored at the backend server within 0.17 seconds, which is a 43% improvement compared to 0.3seconds achieved by SynFinDiff which on the other hand outperformed the PCF response time.</em>
APA, Harvard, Vancouver, ISO, and other styles
31

Priambodo, Dimas Febriyan, Achmad Husein Noor Faizi, Fika Dwi Rahmawati, Septia Ulfa Sunaringtyas, Jeckson Sidabutar, and Tiyas Yulita. "Collaborative Intrusion Detection System with Snort Machine Learning Plugin." JOIV : International Journal on Informatics Visualization 8, no. 3 (2024): 1230. http://dx.doi.org/10.62527/joiv.8.3.2018.

Full text
Abstract:
The increasing prevalence of cybercrime and cyber-attacks underscores the imperative need for organizations to implement robust network security measures. Nevertheless, current Intrusion Detection Systems (IDS) often rely on single-sensor or multi-sensor in the same type of IDS, including Host-Based IDS (HIDS) or Network-Based IDS (NIDS), which inherently possess limited detection capabilities. To address this limitation, this research combines NIDS and HIDS components into a collaborative-IDS system, thus expanding the scope of intrusion detection and enhancing the efficacy of the established attack mitigation system. However, the integration of NIDS and HIDS introduces formidable challenges, notably the elevated rates of False Positive and False Negative alerts. To surmount these challenges, the researcher employs machine learning techniques in the form of Snort plugins and comparison methods to heighten the precision of attack detection. The obtained results unequivocally illustrate the effectiveness of this approach. Using a Support Vector Machine for static analysis of the NSL-KDD dataset attains an outstanding 99% detection rate for Denial of Service (DoS) attacks and an impressive 98% detection rate for Probe attacks. Furthermore, in dynamic real-time attack simulations, the machine learning plugins exhibit remarkable proficiency in detecting various types of DoS attacks, concurrently offering more comprehensive identification of SYN Flooding DoS attacks compared to the Snort community rules set. These findings signify a significant advancement in intrusion detection, paving the way for more robust and accurate network security systems in an era of escalating cyber threats.
APA, Harvard, Vancouver, ISO, and other styles
32

Nemade, Dr Sandip, Prof Manish Kumar Gurjar, and Zareena Jamaluddin. "A Novel Method for Early Detection of SYN Flooding based DoS attack in Mobile Ad Hoc Network." International Journal of Engineering Trends and Technology 7, no. 4 (2014): 187–91. http://dx.doi.org/10.14445/22315381/ijett-v7p272.

Full text
APA, Harvard, Vancouver, ISO, and other styles
33

Rama, Koteswara Rao G., Prasad R. Satya, Sastri A. Pathanjali, and E. S. N. Prasad P. "ENHANCING THE IMPREGNABILITY OF LINUX SERVERS." International Journal of Network Security & Its Applications (IJNSA) 6, no. 2 (2014): 21–31. https://doi.org/10.5281/zenodo.6516347.

Full text
Abstract:
Worldwide IT industry is experiencing a rapid shift towards Service Oriented Architecture (SOA). As a response to the current trend, all the IT firms are adopting business models such as cloud based services which rely on reliable and highly available server platforms. Linux servers are known to be highly secure. Network security thus becomes a major concern to all IT organizations offering cloud based services. The fundamental form of attack on network security is Denial of Service. This paper focuses on fortifying the Linux server defence mechanisms resulting in an increase in reliability and availability of services offered by the Linux server platforms. To meet this emerging scenario, most of the organizations are adopting business models such as cloud computing that are dependant on reliable server platforms. Linux servers are well ahead of other server platforms in terms of security. This brings network security to the forefront of major concerns to an organization. The most common form of attacks is a Denial of Service attack. This paper focuses on mechanisms to detect and immunize Linux servers from DoS . &nbsp;
APA, Harvard, Vancouver, ISO, and other styles
34

Amru, Malothu, Raju Jagadeesh Kannan, Enthrakandi Narasimhan Ganesh, et al. "Network intrusion detection system by applying ensemble model for smart home." International Journal of Electrical and Computer Engineering (IJECE) 14, no. 3 (2024): 3485. http://dx.doi.org/10.11591/ijece.v14i3.pp3485-3494.

Full text
Abstract:
The exponential advancements in recent technologies for surveillance become an important part of life. Though the internet of things (IoT) has gained more attention to develop smart infrastructure, it also provides a large attack surface for intruders. Therefore, it requires identifying the attacks as soon as possible to provide a secure environment. In this work, the network intrusion detection system, by applying the ensemble model (NIDSE) for Smart Homes is designed to identify the attacks in the smart home devices. The problem of classifying attacks is considered a classification predictive modeling using eXtreme gradient boosting (XGBoosting). It is an ensemble approach where the models are added sequentially to correct the errors until no further improvements or high performance can be made. The performance of the NIDSE is tested on the IoT network intrusion (IoT-NI) dataset. It has various types of network attacks, including host discovery, synchronized sequence number (SYN), acknowledgment (ACK), and hypertext transfer protocol (HTTP) flooding. Results from the cross-validation approach show that the XGBoosting classifier classifies the nine attacks with micro average precision of 94% and macro average precision of 85%.
APA, Harvard, Vancouver, ISO, and other styles
35

Amru, Malothu, Kannan Raju Jagadeesh, Ganesh Enthrakandi Narasimhan, et al. "Network intrusion detection system by applying ensemble model for smart home." Network intrusion detection system by applying ensemble model for smart home 14, no. 3 (2024): 3485–94. https://doi.org/10.11591/ijece.v14i3.pp3485-3494.

Full text
Abstract:
The exponential advancements in recent technologies for surveillance&nbsp;become an important part of life. Though the internet of things (IoT) has&nbsp;gained more attention to develop smart infrastructure, it also provides a large&nbsp;attack surface for intruders. Therefore, it requires identifying the attacks as&nbsp;soon as possible to provide a secure environment. In this work, the network&nbsp;intrusion detection system, by applying the ensemble model (NIDSE) for&nbsp;Smart Homes is designed to identify the attacks in the smart home devices.&nbsp;The problem of classifying attacks is considered a classification predictive&nbsp;modeling using eXtreme gradient boosting (XGBoosting). It is an ensemble&nbsp;approach where the models are added sequentially to correct the errors until&nbsp;no further improvements or high performance can be made. The&nbsp;performance of the NIDSE is tested on the IoT network intrusion (IoT-NI)&nbsp;dataset. It has various types of network attacks, including host discovery,&nbsp;synchronized sequence number (SYN), acknowledgment (ACK), and&nbsp;hypertext transfer protocol (HTTP) flooding. Results from the cross-validation approach show that the XGBoosting classifier classifies the nine&nbsp;attacks with micro average precision of 94% and macro average precision of&nbsp;85%.
APA, Harvard, Vancouver, ISO, and other styles
36

Söğüt, Esra, and O. Ayhan Erdem. "A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems." Applied Sciences 13, no. 10 (2023): 5993. http://dx.doi.org/10.3390/app13105993.

Full text
Abstract:
Industrial automation and control systems have gained increasing attention in the literature recently. Their integration with various systems has triggered considerable developments in critical infrastructure systems. With different network structures, these systems need to communicate with each other, work in an integrated manner, be controlled, and intervene effectively when necessary. Supervision Control and Data Acquisition (SCADA) systems are mostly utilized to achieve these aims. SCADA systems, which control and monitor the connected systems, have been the target of cyber attackers. These systems are subject to cyberattacks due to the openness to external networks, remote controllability, and SCADA-architecture-specific cyber vulnerabilities. Protecting SCADA systems on critical infrastructure systems against cyberattacks is an important issue that concerns governments in many aspects such as economics, politics, transport, communication, health, security, and reliability. In this study, we physically demonstrated a scaled-down version of a real water plant via a Testbed environment created including a SCADA system. In order to disrupt the functioning of the SCADA system in this environment, five attack scenarios were designed by performing various DDoS attacks, i.e., TCP, UDP, SYN, spoofing IP, and ICMP Flooding. Additionally, we evaluated a scenario with the baseline behavior of the SCADA system that contains no attack. During the implementation of the scenarios, the SCADA system network was monitored, and network data flow was collected and recorded. CNN models, LSTM models, hybrid deep learning models that amalgamate CNN and LSTM, and traditional machine learning models were applied to the obtained data. The test results of various DDoS attacks demonstrated that the hybrid model and the decision tree model are the most suitable for such environments, reaching the highest test accuracy of 95% and 99%, respectively. Moreover, we tested the hybrid model on a dataset that is used commonly in the literature which resulted in 98% accuracy. Thus, it is suggested that the security of the SCADA system can be effectively improved, and we demonstrated that the proposed models have a potential to work in harmony on real field systems.
APA, Harvard, Vancouver, ISO, and other styles
37

Rao, Gottapu Sankara, and P. Krishna Subbarao. "A Novel Approach for Detection of DoS / DDoS Attack in Network Environment using Ensemble Machine Learning Model." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 9 (2023): 244–53. http://dx.doi.org/10.17762/ijritcc.v11i9.8340.

Full text
Abstract:
One of the most serious threat to network security is Denial of service (DOS) attacks. Internet and computer networks are now important parts of our businesses and daily lives. Malicious actions have become more common as our reliance on computers and communication networks has grown. Network threats are a big problem in the way people communicate today. To make sure that the networks work well and that users' information is safe, the network data must be watched and analysed to find malicious activities and attacks. Flooding may be the simplest DDoS assault. Computer networks and services are vulnerable to DoS and DDoS attacks. These assaults flood target systems with malicious traffic, making them unreachable to genuine users. The work aims to enhance the resilience of network infrastructures against these attacks and ensure uninterrupted service delivery. This research develops and evaluates enhanced DoS/DDoS detection methods. DoS attacks usually stop or slow down legal computer or network use. Denial-of-service (DoS) attacks prevent genuine users from accessing and using information systems and resources. The OSI model's layers make up the computer network. Different types of DDoS strikes target different layers. The Network Layer can be broken by using ICMP Floods or Smurf Attacks. The Transport layer can be attacked using UDP Floods, TCP Connection Exhaustion, and SYN Floods. HTTP-encrypted attacks can be used to get through to the application layer. DoS/DDoS attacks are malicious attacks. Protect network data from harm. Computer network services are increasingly threatened by DoS/DDoS attacks. Machine learning may detect prior DoS/DDoS attacks. DoS/DDoS attacks proliferate online and via social media. Network security is IT's top priority. DoS and DDoS assaults include ICMP, UDP, and the more prevalent TCP flood attacks. These strikes must be identified and stopped immediately. In this work, a stacking ensemble method is suggested for detecting DoS/DDoS attacks so that our networked data doesn't get any worse. This paper used a method called "Ensemble of classifiers," in which each class uses a different way to learn. In proposed methodology Experiment#1 , I used the Home Wifi Network Traffic Collected and generated own Dataset named it as MywifiNetwork.csv, whereas in proposed methodology Experiment#2, I used the kaggle repository “NSL-KDD benchmark dataset” to perform experiments in order to find detection accuracy of dos attack detection using python language in jupyter notebook. The system detects attack-type or legitimate-type of network traffic during detection ML classification methods are used to compare how well the suggested system works. The results show that when the ensembled stacking learning model is used, 99% of the time it is able to find the problem. In proposed methodology two Experiments are implemented for comparing detection accuracy with the existing techniques. Compared to other measuring methods, we get a big step forward in finding attacks. So, our model gives a lot of faith in securing these networks. This paper will analyse the behaviour of network traffics.
APA, Harvard, Vancouver, ISO, and other styles
38

Tung, Yung-Hao, Hung-Chuan Wei, Yen-Wu Ti, Yao-Tung Tsou, Neetesh Saxena, and Chia-Mu Yu. "Counteracting UDP Flooding Attacks in SDN." Electronics 9, no. 8 (2020): 1239. http://dx.doi.org/10.3390/electronics9081239.

Full text
Abstract:
Software-defined networking (SDN) is a new networking architecture with a centralized control mechanism. SDN has proven to be successful in improving not only the network performance, but also security. However, centralized control in the SDN architecture is associated with new security vulnerabilities. In particular, user-datagram-protocol (UDP) flooding attacks can be easily launched and cause serious packet-transmission delays, controller-performance loss, and even network shutdown. In response to applications in the Internet of Things (IoT) field, this study considers UDP flooding attacks in SDN and proposes two lightweight countermeasures. The first method sometimes sacrifices address-resolution-protocol (ARP) requests to achieve a high level of security. In the second method, although packets must sometimes be sacrificed when undergoing an attack before starting to defend, the detection of the network state can prevent normal packets from being sacrificed. When blocking a network attack, attacks from the affected port are directly blocked without affecting normal ports. The performance and security of the proposed methods were confirmed by means of extensive experiments. Compared with the situation where no defense is implemented, or similar defense methods are implemented, after simulating a UDP flooding attack, our proposed method performed better in terms of the available bandwidth, central-processing-unit (CPU) consumption, and network delay time.
APA, Harvard, Vancouver, ISO, and other styles
39

Nan, Haymarn Oo, Cahyadi Risdianto Aris, Chaw Ling Teck, and Htein Maw Aung. "Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm." International Journal of Computer Networks & Communications (IJCNC) 12, no. 3 (2020): 75–95. https://doi.org/10.5281/zenodo.3946219.

Full text
Abstract:
Flooding attack is a network attack that sends a large amount of traffic to the victim networks or services to cause denial-of-service. In Software-Defined Networking (SDN) environment, this attack might not only breach the hosts and services but also the SDN controller. Besides, it will also cause a disconnection of links between the controller and the switches. Thus, an effective detection and mitigation technique of flooding attacks is required. Statistical analysis techniques are widely used for the detection and mitigation of flooding attacks. However, the effectiveness of these techniques strongly depends on the defined threshold. Defining the static threshold is a tedious job and most of the time produces a high false positive alarm .In this paper, we proposed the dynamic threshold which is calculated using modified adaptive threshold algorithm (MATA). The original ATA is based on the Exponential Weighted Moving Average (EWMA) formula which produces the high number of false alarms. To reduce the false alarms, the alarm signal will only be generated after a minimum number of consecutive violations of the threshold. This, however, has increased the false negative rate when the network is under attack. In order to reduce this false negative rate, MATA adapted the baseline traffic info of the network infrastructure. The comparative analysis of MATA and ATA are performed through the measurement of false negative rate, and accuracy of detection rate. Our experimental results show that MATA is able to reduce false negative rates up to 17.74% and increase the detection accuracy of 16.11%over the various types of flooding attacks at the transport layer.
APA, Harvard, Vancouver, ISO, and other styles
40

Mohammadi, Reza, Reza Javidan, and Mauro Conti. "SLICOTS: An SDN-Based Lightweight Countermeasure for TCP SYN Flooding Attacks." IEEE Transactions on Network and Service Management 14, no. 2 (2017): 487–97. http://dx.doi.org/10.1109/tnsm.2017.2701549.

Full text
APA, Harvard, Vancouver, ISO, and other styles
41

Kim, Jong-Min, Hong-Ki Kim, and Joon-Hyung Lee. "Comparative Analysis of Effective Algorithm Techniques for the Detection of Syn Flooding Attacks." Jouranl of Information and Security 23, no. 5 (2023): 73–79. http://dx.doi.org/10.33778/kcsa.2023.23.5.073.

Full text
APA, Harvard, Vancouver, ISO, and other styles
42

Mowla, Nishat, Inshil Doh, and Kijoon Chae. "CSDSM: Cognitive switch-based DDoS sensing and mitigation in SDN-driven CDNi word." Computer Science and Information Systems 15, no. 1 (2018): 163–85. http://dx.doi.org/10.2298/csis170328044m.

Full text
Abstract:
Content Delivery Networks (CDNs) are increasingly deployed for their efficient content delivery and are often integrated with Software Defined Networks (SDNs) to achieve centrality and programmability of the network. However, these networks are also an attractive target for network attackers whose main goal is to exhaust network resources. One attack approach is to over-flood the OpenFlow switch tables containing routing information. Due to the increasing number of different flooding attacks such as DDoS, it becomes difficult to distinguish these attacks from normal traffic when evaluated with traditional attack detection methods. This paper proposes an architectural method that classifies and defends all possible forms of DDoS attack and legitimate Flash Crowd traffic using a segregated dimension functioning cognitive process based in a controller module. Our results illustrate that the proposed model yields significantly enhanced performance with minimal false positives and false negatives when classified with optimal Support Vector Machine and Logistic Regression algorithms. The traffic classifications initiate deployment of security rules to the OpenFlow switches, preventing new forms of flooding attacks. To the best of our knowledge, this is the first work conducted on SDN-driven CDNi used to detect and defend against all possible DDoS attacks through traffic segregated dimension functioning coupled with cognitive classification.
APA, Harvard, Vancouver, ISO, and other styles
43

Dumka, Ankur, Alaknanda Ashok, and Parag Verma. "Performance Analysis of DDoS Attack on SDN and Proposal of Cracking Agorithm." International Journal of Information Technology Project Management 11, no. 4 (2020): 1–12. http://dx.doi.org/10.4018/ijitpm.2020100101.

Full text
Abstract:
The software-defined network (SDN) emerges as an updated technology that changes the scenario of networking where the network is managed by means of software. Any network is always not secure, and hence, the research in terms of securing this network is an area of research. DDoS is one of the attacks that makes a network insecure. This paper proposes the impact in terms of performance of SDN networks due to DDoS attack and proposes a new algorithm for increasing the performance of network. The proposed algorithm prevents the DDoS attack at the application level of flooding by keeping track of IP addresses and thus improves the performance of the network by preventing from DDoS attacks.
APA, Harvard, Vancouver, ISO, and other styles
44

Chou, Li-Der, Chien-Chang Liu, Meng-Sheng Lai, et al. "Behavior Anomaly Detection in SDN Control Plane: A Case Study of Topology Discovery Attacks." Wireless Communications and Mobile Computing 2020 (November 20, 2020): 1–16. http://dx.doi.org/10.1155/2020/8898949.

Full text
Abstract:
Software-defined networking controllers use the OpenFlow discovery protocol (OFDP) to collect network topology status. The OFDP detects the link between switches by generating link layer discovery protocol (LLDP) packets. However, OFDP is not a security protocol. Attackers can use it to perform topology discovery via injection, man-in-the-middle, and flooding attacks to confuse the network topology. This study proposes a correlation-based topology anomaly detection mechanism. Spearman’s rank correlation is used to analyze the network traffic between links and measure the round-trip time of each LLDP frame to determine whether a topology discovery via man-in-the-middle attack exists. This study also adds a dynamic authentication key and counting mechanism in the LLDP frame to prevent attackers from using topology discovery via injection attack to generate fake links and topology discovery via flooding attack to cause network routing or switching abnormalities.
APA, Harvard, Vancouver, ISO, and other styles
45

Han, Yu, Liumei Zhang, Yichuan Wang, Xi Deng, Zhendong Gu, and Xiaohui Zhang. "Research on the Security of IPv6 Communication Based on Petri Net under IoT." Sensors 23, no. 11 (2023): 5192. http://dx.doi.org/10.3390/s23115192.

Full text
Abstract:
The distribution of wireless network systems challenges the communication security of Internet of Things (IoT), and the IPv6 protocol is gradually becoming the main communication protocol under the IoT. The Neighbor Discovery Protocol (NDP), as the base protocol of IPv6, includes address resolution, DAD, route redirection and other functions. The NDP protocol faces many attacks, such as DDoS attacks, MITM attacks, etc. In this paper, we focus on the communication-addressing problem between nodes in the Internet of Things (IoT). We propose a Petri-Net-based NS flooding attack model for the flooding attack problem of address resolution protocols under the NDP protocol. Through a fine-grained analysis of the Petri Net model and attacking techniques, we propose another Petri-Net-based defense model under the SDN architecture, achieving security for communications. We further simulate the normal communication between nodes in the EVE-NG simulation environment. We implement a DDoS attack on the communication protocol by an attacker who obtains the attack data through the THC-IPv6 tool. In this paper, the SVM algorithm, random forest algorithm (RF) and Bayesian algorithm (NBC) are used to process the attack data. The NBC algorithm is proven to exhibit high accuracy in classifying and identifying data through experiments. Further, the abnormal data are discarded through the abnormal data processing rules issued by the controller in the SDN architecture, to ensure the security of communications between nodes.
APA, Harvard, Vancouver, ISO, and other styles
46

Baik, Namkyun, and Namhi Kang. "Multi-Phase Detection of Spoofed SYN Flooding Attacks." International Journal of Grid and Distributed Computing 11, no. 3 (2018): 23–32. http://dx.doi.org/10.14257/ijgdc.2018.11.3.03.

Full text
APA, Harvard, Vancouver, ISO, and other styles
47

Wang, Shangguang, Qibo Sun, Hua Zou, and Fangchun Yang. "Detecting SYN flooding attacks based on traffic prediction." Security and Communication Networks 5, no. 10 (2012): 1131–40. http://dx.doi.org/10.1002/sec.428.

Full text
APA, Harvard, Vancouver, ISO, and other styles
48

Gavaskar, S., R. Surendiran, and E. Ramaraj. "Three Counter Defense Mechanism for TCP SYN Flooding Attacks." International Journal of Computer Applications 6, no. 6 (2010): 12–15. http://dx.doi.org/10.5120/1083-1399.

Full text
APA, Harvard, Vancouver, ISO, and other styles
49

Abbasvand, Sara. "Defense against SYN-flooding Attacks by using Game Theory." Indian Journal of Science and Technology 7, no. 10 (2014): 1618–24. http://dx.doi.org/10.17485/ijst/2014/v7i10.6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
50

Jean, Tajer Mo Adda*1 &. Benjamin Aziz2. "DETECTION OF FLOODING ATTACKS ON MOBILE AGENTS USING SKETCH TECHNIQUE AND DIVERGENCE MEASURES." INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY 6, no. 8 (2017): 112–21. https://doi.org/10.5281/zenodo.839137.

Full text
Abstract:
This paper deals with detection of SYN flooding attacks which are the most common type of attacks in a Mobile Agent World. We propose a new framework for the detection of flooding attacks by integrating Divergence measures over Sketch data structure. The performance of the proposed framework is investigated in terms of detection probability and false alarm ratio. We focus on tuning the parameter of Divergence Measures to optimize the performance. We will evaluate the performance of the proposed divergence measure via the receiver operating characteristic. Our analysis results prove that our proposed algorithm outperforms the existing solutions.
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography