Pour voir les autres types de publications sur ce sujet consultez le lien suivant : Distributed attacks.
Thèses sur le sujet « Distributed attacks »
Créez une référence correcte selon les styles APA, MLA, Chicago, Harvard et plusieurs autres
Consultez les 50 meilleures thèses pour votre recherche sur le sujet « Distributed attacks ».
À côté de chaque source dans la liste de références il y a un bouton « Ajouter à la bibliographie ». Cliquez sur ce bouton, et nous générerons automatiquement la référence bibliographique pour la source choisie selon votre style de citation préféré : APA, MLA, Harvard, Vancouver, Chicago, etc.
Vous pouvez aussi télécharger le texte intégral de la publication scolaire au format pdf et consulter son résumé en ligne lorsque ces informations sont inclues dans les métadonnées.
Parcourez les thèses sur diverses disciplines et organisez correctement votre bibliographie.
1
Li, Chi-Pan. "A distributed scheme to detect and defend against distributed denial of service attacks /." View Abstract or Full-Text, 2003. http://library.ust.hk/cgi/db/thesis.pl?COMP%202003%20LI.
Texte intégralRésumé :
Thesis (M. Phil.)--Hong Kong University of Science and Technology, 2003.<br>Includes bibliographical references (leaves 102-107). Also available in electronic version. Access restricted to campus users.
2
Namuduri, Sarita. "Distributed Denial of Service Attacks (DDoS)- Consequences and Future." Thesis, Linköping University, Department of Electrical Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-8055.
Texte intégralRésumé :
<p>Denial of Service and the Distributed Denial of Service Attacks have recently emerged as one of the most newsworthy, if not the greatest, weaknesses of the Internet. This paper attempt to explain how they work, why they are hard to combat today, and what will need to happen if they are to be brought under control. It is divided into eight sections. The first is an overview of the current situation and also brief explanatory of the rest of the chapters being covered. The second is a detailed description of exactly how this attack works, and why it is hard to cope with today; of necessity it includes a description of how the Internet works today. The third section is totally about the different attacks in recent years and how they affected the people or the bigorganizations. The fourth section describes the short-term prospects, the tools which are used to rectify these attacks. The fifth is problems being faced with an explanatory of the percentage of attack in recent years and comparing the problems. The sixth is what can be done today to help alleviate this problem. The seventh section describes the legal actions and also legal actions that can be followed against the attack by the victim; and the eighth section describes the long-term picture, what will change to bring this class of problem under control, if not eliminate it entirely. And finally there are some appendices: a bibliography, giving references to original research work and announcements; a brief article on securing servers; and acknowledgments for the many people who helped make this paper possible.</p>
3
Ramanauskaitė, Simona. "Modelling and Research of Distributed Denial of Service Attacks." Doctoral thesis, Lithuanian Academic Libraries Network (LABT), 2012. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2012~D_20120723_105031-70003.
Texte intégralRésumé :
In the dissertation the Denial of Service (DoS) attacks and their models are investigated. DoS attack is a type of cyber attacks when an attacker tries to deny a service in the network machine. There are many types of DoS attacks, and therefore the main object of the dissertation is specified as distributed denial of service (DDoS) attacks. DDoS uses multiple agents at the same time to exhaust certain resources of network machine and make it unavailable.
The importance of DDoS attacks can be explained on the basis of the following facts: nowadays there are no countermeasures which can ensure full resistance to DDoS; DoS effect can be created even by legitimate users of the systems; internet services become more popular therefore the denial of such a service or diminishing of its quality can cause undesired impact on the other systems or their users.
The main objective of this dissertation is creation of model for the estimation of the composite DDoS attack success. This model would allow estimating of network machine resistance to different type and power DDoS attacks.
The dissertation consists of eight parts including Introduction, 5 chapters, Conclusions and References.
In the introduction, the investigated problem, importance of the thesis and the object of research are defined and the purpose and tasks of the thesis, scientific novelty are described together with the practical significance of results and defended statements. At the end of introduction, author’s... [to full text]<br>Disertacijoje nagrinėjamos internetinės paslaugos sutrikdymo (angl. DoS – Denial of Service) atakos ir jų modeliavimo priemonės. Tai kibernetinių atakų tipas, kurių metu siekiama tam tikro tinkle veikiančio mazgo teikiamas paslaugas padaryti neprieinamas jų teisėtiems klientams. DoS atakos gali turėti daug skirtingų tipų, todėl šio darbo pagrindinis tyrimų objektas yra srautinė internetinės paslaugos sutrikdymo (angl. DDoS – Distributed Denial of Service) ataka, kuri paslaugos sutrikdymo siekia naudodama bent kelis atakuojančiuosius kompiuterius vienu metu ir kuri siekia išnaudoti visus pasirinkto tipo resursus tą paslaugą teikiančiame mazge. DDoS atakos aktualios dėl šių priežasčių: šiuo metu nėra apsaugos priemonių, leidžiančių patikimai ir užtikrintai apsisaugoti nuo jų keliamos grėsmės; jas gali sukelti net ir teisėti vartotojai, netinkamai elgdamiesi ar esant netinkamai paruoštai sistemai; internete teikiamos paslaugos vis dažniau naudojamos kasdieniniame gyvenime ir jų blokavimas ar kokybės suprastėjimas gali neigiamai paveikti kitų sistemų ar jų vartotojų darbą.
Pagrindinis šios disertacijos tikslas – sukurti jungtinį DDoS atakos sėkmės tikimybės vertinimo modelį. Šis modelis leistų įvertinti kompiuterinės technikos sugebėjimą atlaikyti skirtingo tipo ir galingumo DDoS atakas, todėl galėtų būti taikomas prevencijai bei paslaugų tiekėjų kokybės vertinimui.
Disertaciją sudaro įvadas, penki skyriai, rezultatų apibendrinimas, naudotos literatūros ir autoriaus publikacijų... [toliau žr. visą tekstą]
4
Thing, Vrizlynn Ling Ling. "Adaptive Response System for Distributed Denial-of-Service Attacks." Thesis, Imperial College London, 2008. http://hdl.handle.net/10044/1/4264.
Texte intégralRésumé :
The continued prevalence and severe damaging effects of the Distributed Denial of Service (DDoS) attacks in today’s Internet raise growing security concerns and call for an immediate response to come up with better solutions to tackle DDoS attacks. The current DDoS prevention mechanisms are usually inflexible and determined attackers with knowledge of these mechanisms, could work around them. Most existing detection and response mechanisms are standalone systems which do not rely on adaptive updates to mitigate attacks. As different responses vary in their “leniency” in treating detected attack traffic, there is a need for an Adaptive Response System. We designed and implemented our DDoS Adaptive ResponsE (DARE) System, which is a distributed DDoS mitigation system capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integrations for both signature-based and anomaly-based detection modules. Additionally, the design of DARE’s individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. These components consist of an Enhanced TCP SYN Attack Detector and Bloom-based Filter, a DDoS Flooding Attack Detector and Flow Identifier, and a Non Intrusive IP Traceback mechanism. The components work together interactively to adapt the detections and responses in accordance to the attack types. Experiments conducted on DARE show that the attack detection and mitigation are successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests is maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. We also designed and implemented a Traffic Redirection Attack Protection System (TRAPS), a stand-alone DDoS attack detection and mitigation system for IPv6 networks. In TRAPS, the victim under attack verifies the authenticity of the source by performing virtual relocations to differentiate the legitimate traffic from the attack traffic. TRAPS requires minimal deployment effort and does not require modifications to the Internet infrastructure due to its incorporation of the Mobile IPv6 protocol. Experiments to test the feasibility of TRAPS were carried out in a testbed environment to verify that it would work with the existing Mobile IPv6 implementation. It was observed that the operations of each module were functioning correctly and TRAPS was able to successfully mitigate an attack launched with spoofed source IP addresses.
5
Karandikar, Sampada. "Analysis of distributed denial of service attacks and countermeasures." Connect to this title online, 2009. http://etd.lib.clemson.edu/documents/1263409912/.
Texte intégral
6
Bhatia, Sajal. "Detecting distributed Denial-of-Service attacks and Flash Events." Thesis, Queensland University of Technology, 2013. https://eprints.qut.edu.au/62031/1/Sajal_Bhatia_Thesis.pdf.
Texte intégralRésumé :
This thesis investigates and develops techniques for accurately detecting Internet-based Distributed Denial-of-Service (DDoS) Attacks where an adversary harnesses the power of thousands of compromised machines to disrupt the normal operations of a Web-service provider, resulting in significant down-time and financial losses. This thesis also develops methods to differentiate these attacks from similar-looking benign surges in web-traffic known as Flash Events (FEs). This thesis also addresses an intrinsic challenge in research associated with DDoS attacks, namely, the extreme scarcity of public domain datasets (due to legal and privacy issues) by developing techniques to realistically emulate DDoS attack and FE traffic.
7
Eklund, Martin, and Patrik Ståhlberg. "Distributed denial of service attacks : Protection, Mitigation, and Economic Consequences." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-170924.
Texte intégralRésumé :
Distributed Denial of Service attacks is a problem that constantly threatens companies that rely on the internet for major parts of their business. A successful DDoS attack that manages to penetrate a company’s network can lead to devastating damages in the form of lost income, reduced productivity, increase in costs, and damage to the company’s image and reputation. The different DDoS attacks are many and of different character and often Offer different parts of the network, which makes it very difficult to defend against. It is also very clear that DDoS attacks are increasing in both numbers and size every year. From our experiments we have proven that anyone with little knowledge and limited resources can perform DDoS attacks that will make a website unavailable. This fact should cause companies that base their business on the internet, aware that they are likely to someday be subject to a DDoS attack. From our research we have found a variety of different DDoS solutions on the market that promise to offer protection. Many of which claim to protect against all different types of DDoS attacks. In practice it is impossible to find something that guarantees 100% safety. According to earlier research in the field, there are many different ways of protecting a network against DDoS attacks, e.g. via Software Defined Networking, Hop-Count Filtering, or Kill-bots. Our own tests show that a virtual firewall can offer protection against DDoS attacks on a low scale, but that such a solution has a number of weaknesses. If the firewall does protect the website, the attacker could instead shift to attacking the firewall itself. Our research also shows that the most common motives behind DDoS attacks are criminal purposes. Criminals use DDoS attacks to earn money by offering directed DDoS attacks against websites or by trying to blackmail companies into paying a fee for not being attacked. We have also seen that the economic consequence of DDoS attacks are devastating if not handled with a sufficiently fast response. After investigating the e-commerce company CDON.com we learned that they could potentially lose roughly 36 410 SEK per minute when a DDoS attack is underway against them. In today’s business climate it is important for companies to be able to rely on the internet for their activity and for customers to have easy access to the company’s products and services. However, companies’ websites are being attacked and thus these companies need an explicit plan of how to mitigate such attacks.<br>Distributed Denial of Service (DDoS) attacker är ett problem som ständigt hotar företag, som förlitar sig till internet för centrala delar av sin verksamhet. En DDoS-attack som lyckas penetrerar ett företags nätverk kan medföra förödande skador i form av förlorade intäkter, minskad produktivitet, ökade kostnader samt skada på företagets rykte/varumärke. DDoS-attackerna är många och av olika karaktär, som attackerar olika delar av ett företags nätverk, vilket leder till att det är svårt att effektivt skydda sig mot DDoS-attacker. Det står också klart att DDoS-attacker ökar både till antalet och storleksmässigt för varje år som går. Utifrån våra egna experiment har vi kunnat bevisa att vem som helst med små medel och begränsade kunskaper kan utföra en DDoS-attack som sänker en webbsida. Ett faktum som gör att alla företag vars verksamhet är baserad på internet bör räkna med att de någon gång bli utsatta för en DDoS-attack. Utifrån våra undersökningar kan vi se att det finns en uppsjö av olika DDoS-skydd på marknaden, skydd som hanterar några problem som DDoS-attacker medför, men det finns inga kompletta skydd som kan garantera 100 % säkerhet. Utifrån tidigare forskning på området framgår det att det finns många olika sätt att skydda sig mot DDoS-attacker, t.ex. genom Software Defined Networks, Hop-Count Filtering eller Kill-bots. Våra egna tester visar på att en virtuell brandvägg kan vara ett sätt att skydda sig mot DDoS-attacker, men testerna visar också att en sådan lösning inte heller är säker då man kan förstöra åtkomsten till webbsidan genom att överbelasta brandväggen.<p> Undersökningen visar också att ett av de vanligaste motiven bakom DDoS-attacker är kriminella ändamål. Kriminella som använder DDoS-attacker för att tjäna pengar genom att erbjuda riktade DDoS-attacker mot websidor eller genom försök att utpressa till betalning med DDoS-attacker som ett hot. Vi har kommit fram till att de ekonomiska konsekvenserna av DDoS-attacker kan vara ödestigna för företag om det inte hanteras i tid. Genom våra egna beräkningar har vi visat att e-handelsföretaget CDON.com riskerar att förlora ca 36 415,90 kr per minut som en DDoS-attack pågår mot företaget. Anledningen till av vi valt att ägnad denna uppsats åt DDoS-problemet, är den skrämmande ökningen av DDoS-attacker som man kan se sker årligen. Attackerna blir flera, de ökar storleksmässigt och de blir allt mer sofistikerade. Attackerna utförs också tillsynes omotiverat i vissa fall, men också välplanerade attacker utförs för att skada företag ekonomiskt. I dagens företagsklimat är det viktigt att företaget har möjlighet att använda sig av internet för att driva verksamheten och göra det enkelt för kunder att ta del av företagets produkter/tjänster. Att företags webbsidor blir utslagen på grund av en DDoS-attacker är idag en verklighet, och en tydlig plan för att hur man ska hantera en sådan incident bör finns på plats inom företag.
8
Fischer, Benjamin. "Vehicular Group Membership Resilient to Malicious Attacks." Thesis, Linköpings universitet, Programvara och system, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-158086.
Texte intégralRésumé :
There is a range of tools and techniques in the realm of information security that can be used to enhance the security of a distributed network protocol and some of them introduce new problems. A security analysis of the distributed network protocol SLMP is made and three vulnerabilities are identified; messages can be intercepted and tampered with, nodes can fake id, and leader nodes can do a lot of harm if they are malicious. Three versions of SLMP that aims to remedy these vulnerabilities are implemented and the results show that while they remedy the vulnerabilities some of them introduce new problems.
9
Negi, Chandan Singh. "Using network management systems to detect Distributed Denial of Service Attacks." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2001. http://handle.dtic.mil/100.2/ADA397257.
Texte intégralRésumé :
Thesis (M.S. in Information Systems Technology and M.S. in Computer Science)--Naval Postgraduate School, Sept. 2001.<br>Thesis advisors, Bordetsky, Alex ; Clark, Paul. "September 2001." Includes bibliographical references (p. 115-117). Also available in print.
10
Aditham, Santosh. "Mitigation of Insider Attacks for Data Security in Distributed Computing Environments." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6639.
Texte intégralRésumé :
In big data systems, the infrastructure is such that large amounts of data are hosted away from the users. Information security is a major challenge in such systems. From the customer’s perspective, one of the big risks in adopting big data systems is in trusting the service provider who designs and owns the infrastructure, with data security and privacy. However, big data frameworks typically focus on performance and the opportunity for including enhanced security measures is limited. In this dissertation, the problem of mitigating insider attacks is extensively investigated and several static and dynamic run-time techniques are developed. The proposed techniques are targeted at big data systems but applicable to any data system in general.
First, a framework is developed to host the proposed security techniques and integrate with the underlying distributed computing environment. We endorse the idea of deploying this framework on special purpose hardware and a basic model of the software architecture for such security coprocessors is presented. Then, a set of compile-time and run-time techniques are proposed to protect user data from the perpetrators. These techniques target detection of insider attacks that exploit data and infrastructure. The compile-time intrusion detection techniques analyze the control flow by disassembling program binaries while the run-time techniques analyze the memory access patterns of processes running on the system.
The proposed techniques have been implemented as prototypes and extensively tested using big data applications. Experiments were conducted on big data frameworks such as Hadoop and Spark using cloud-based services. Experimental results indicate that the proposed techniques successfully detect insider attacks in the context of data loss, data degradation, data exposure and infrastructure degradation.
11
Vuković, Ognjen, and György Dán. "On the Security of Distributed Power System State Estimation under Targeted Attacks." KTH, Kommunikationsnät, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-122442.
Texte intégralRésumé :
State estimation plays an essential role in the monitoring and control of power transmission systems. In modern, highly inter-connected power systems the state estimation should be performed in a distributed fashion and requires information exchange between the control centers of directly connected systems. Motivated by recent reportson trojans targeting industrial control systems, in this paper we investigate how a single compromised control center can affect the outcome of distributed state estimation. We describe five attack strategies, and evaluate their impact on the IEEE 118 benchmark power system. We show that that even if the state estimation converges despite the attack, the estimate can have up to 30% of error, and bad data detection cannot locate theattack. We also show that if powerful enough, the attack can impede the convergence of the state estimation, and thus it can blind the system operators. Our results show that it is important to provide confidentiality for the measurement data in order to prevent the most powerful attacks. Finally, we discuss a possible way to detect and to mitigate these attacks.<br><p>QC 20130522</p>
12
Khanapure, Vishal. "Memory efficient distributed detection of node replication attacks in wireless sensor networks." [Gainesville, Fla.] : University of Florida, 2009. http://purl.fcla.edu/fcla/etd/UFE0025072.
Texte intégral
13
Venkataraman, Aravind. "802.11 Fingerprinting to Detect Wireless Stealth Attacks." Digital Archive @ GSU, 2008. http://digitalarchive.gsu.edu/cs_theses/57.
Texte intégralRésumé :
We propose a simple, passive and deployable approach for fingerprinting traffic on the wired side as a solution for three critical stealth attacks in wireless networks. We focus on extracting traces of the 802.11 medium access control (MAC) protocol from the temporal arrival patterns of incoming traffic streams as seen on the wired side, to identify attacker behavior. Attacks addressed include unauthorized access points, selfish behavior at the MAC layer and MAC layer covert timing channels. We employ the Bayesian binning technique as a means of classifying between delay distributions. The scheme requires no change to the 802.11 nodes or protocol, exhibits minimal computational overhead and offers a single point of discovery. We evaluate our model using experiments and simulations.
14
Khan, Ahmed Waheed. "Towards Utilization of Distributed On-Chip Power Delivery Against EM Side-Channel Attacks." Scholar Commons, 2018. http://scholarcommons.usf.edu/etd/7178.
Texte intégralRésumé :
Non-invasive side-channel attacks (SCAs) are potent attacks on a cryptographic circuit that can reveal its secret key without requiring lots of equipment. EM side-channel leakage is typically the derivative of the power consumption profile of a circuit. Since the fluctuations of the supply voltage strongly depend on the topology and features of the power distribution network (PDN), design of the PDN has a direct impact on EM side-channel leakage signature.
In this thesis, we explore the security implications of distributed on-chip voltage regulators against EM side-channel attacks. Extensive HFSS simulations have demonstrated that the maximum EM radiation can be reduced by 33 dB and 11 dB, respectively, at the top and bottom sides of an integrated circuit through distributed on-chip voltage regulation. The primary reason is that the power is delivered locally through partially shorter and thinner metal lines as compared to off-chip implementation.
15
Vordos, Ioannis. "Mitigating distributed denial of service attacks with Multiprotocol Label Switching--Traffic Engineering (MPLS-TE)." Thesis, Monterey, Calif. : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/March/09Mar%5FVordos.pdf.
Texte intégralRésumé :
Thesis (M.S. in Computer Science)--Naval Postgraduate School, March 2009.<br>Thesis Advisor(s): Xie, Geoffry. "March 2009." Description based on title screen as viewed on April 23, 2009. Author(s) subject terms: Traffic Engineering, Distributed Denial of Service Attacks, Sinkhole Routing, Blackhole Routing. Includes bibliographical references (p. 115-119). Also available in print.
16
Needels, Keith. "Detecting and recovering from overlay routing attacks in peer-to-peer distributed hash tables /." Online version of thesis, 2008. http://hdl.handle.net/1850/8800.
Texte intégral
17
Di, Mauro Mario. "Statistical models for the characterization, identification and mitigation of distributed attacks in data networks." Doctoral thesis, Universita degli studi di Salerno, 2018. http://hdl.handle.net/10556/3088.
Texte intégralRésumé :
2016 - 2017<br>The thesis focuses on statistical approaches to model, mitigate, and prevent distributed network attacks.
When dealing with distributed network attacks (and, more in general, with cyber-security problems), three
fundamental phases/issues emerge distinctly.
The first issue concerns the threat propagation across the network, which entails an "avalanche" effect,
with the number of infected nodes increasing exponentially as time elapses.
The second issue regards the design of proper mitigation strategies (e.g., threat detection, attacker's
identification) aimed at containing the propagation phenomenon. Finally (and this is the third issue), it is
also desirable to act on the system infrastructure to grant a conservative design by adding some controlled
degree of redundancy, in order to face those cases where the attacker has not been yet defeated.
The contributions of the present thesis address the aforementioned relevant issues, namely, propagation,
mitigation and prevention of distributed network attacks. A brief summary of the main contributions is
reported below.
The first contribution concerns the adoption of Kendall’s birth-and-death process as an analytical model for
threat propagation. Such a model exhibits two main properties: i) it is a stochastic model (a desirable
requirement to embody the complexity of real-world networks) whereas many models are purely
deterministic; ii) it is able to capture the essential features of threat propagation through a few parameters
with a clear physical meaning. By exploiting the remarkable properties of Kendall’s model, the exact
solution for the optimal resource allocation problem (namely, the optimal mitigation policy) has been
provided for both conditions of perfectly known parameters, and unknown parameters (with the latter case
being solved through a Maximum-Likelihood estimator).
The second contribution pertains to the formalization of a novel kind of randomized Distributed Denial of
Service (DDoS) attack. In particular, a botnet (a network of malicious entities) is able to emulate some
normal traffic, by picking messages from a dictionary of admissible requests. Such a model allows to
quantify the botnet “learning ability”, and to ascertain the real nature of users (normal or bot) via an
indicator referred to as MIR (Message Innovation Rate). Exploiting the considered model, an algorithm that
allows to identify a botnet (possibly) hidden in the network has been devised. The results are then
extended to the case of a multi-cluster environment, where different botnets are concurrently present in
the network, and an algorithm to identify the different clusters is conceived.
The third contribution concerns the formalization of the network resilience problem and the consequent
design of a prevention strategy. Two statistical frameworks are proposed to model the high availability
requirements of network infrastructures, namely, the Stochastic Reward Network (SRN), and the Universal
Generating Function (UGF) frameworks. In particular, since in the network environment dealing with multidimensional
quantities is crucial, an extension of the classic UGF framework, called Multi-dimensional UGF
(MUGF), is devised. [edited by author]<br>XVI n.s.
18
McNevin, Timothy John. "Mitigating Network-Based Denial-of-Service Attacks with Client Puzzles." Thesis, Virginia Tech, 2005. http://hdl.handle.net/10919/31941.
Texte intégralRésumé :
Over the past few years, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have become more of a threat than ever. These attacks are aimed at denying or degrading service for a legitimate user by any means necessary. The need to propose and research novel methods to mitigate them has become a critical research issue in network security. Recently, client puzzle protocols have received attention as a method for combating DoS and DDoS attacks. In a client puzzle protocol, the client is forced to solve a cryptographic puzzle before it can request any operation from a remote server or host. This thesis presents the framework and design of two different client puzzle protocols: Puzzle TCP and Chained Puzzles.
Puzzle TCP, or pTCP, is a modification to the Transmission Control Protocol (TCP) that supports the use of client puzzles at the transport layer and is designed to help combat various DoS attacks that target TCP. In this protocol, when a server is under attack, each client is required to solve a cryptographic puzzle before the connection can be established. This thesis presents the design and implementation of pTCP, which was embedded into the Linux kernel, and demonstrates how effective it can be at defending against specific attacks on the transport layer.
Chained Puzzles is an extension to the Internet Protocol (IP) that utilizes client puzzles to mitigate the crippling effects of a large-scale DDoS flooding attack by forcing each client to solve a cryptographic problem before allowing them to send packets into the network. This thesis also presents the design of Chained Puzzles and verifies its effectiveness with simulation results during large-scale DDoS flooding attacks.<br>Master of Science
19
Cordeiro, Weverton Luis da Costa. "Limiting fake accounts in large-scale distributed systems through adaptive identity management." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2014. http://hdl.handle.net/10183/90442.
Texte intégralRésumé :
Sistemas online como Facebook, Twitter, Digg, e comunidades BitTorrent (entre vários outros) oferecem um processo leve para a obtenção de identidades (por exemplo, confirmar um endereço de e-mail válido; os requisitos podem variar dependendo do sistema), de modo que os usuários possam cadastrar-se facilmente nos mesmos. Tal conveniência vem com um preço, no entanto: com um pequeno esforço, um atacante pode obter uma grande quantidade de contas falsas (ataque Sybil), e utilizá-las para executar atividades maliciosas (que possam prejudicar os usuários legítimos) ou obter vantagens indevidas. É extremamente desafiador (senão impossível) desenvolver uma única solução de gerenciamento de identidades que seja ao mesmo tempo capaz de oferecer suporte a uma variedade de usuários usando dispositivos heterogêneos e adequada para uma diversidade de ambientes (por exemplo, sistemas distribuídos de larga escala, Internet das Coisas, e Internet do Futuro). Como consequência, a comunidade de pesquisa tem focado no projeto de soluções de gerenciamento de identidades customizadas, em cenários com um conjunto bem definido de propósitos, requisitos e limitações. Nesta tese, abordamos o problema de contas falsas em sistemas distribuídos de larga escala. Mais especificamente, nos concentramos em sistemas baseados no paradigma para- par e que podem acomodar esquemas de gerenciamento de identidades leves e de longo prazo (ex., sistemas de compartilhamento de arquivos e de live streaming, sistemas de detecção de intrusão colaborativos, entre outros); leves porque os usuários devem obter identidades sem precisar fornecer “provas de identidade” (ex., passaporte) e/ou pagar taxas; e longo prazo porque os usuários devem ser capazes de manter suas identidades (ex., através de renovação) por um período indefinido. Nosso principal objetivo é propor um arcabouço para precificar adaptativamente as solicitações de identidades como uma abordagem para conter ataques Sybil. A ideia chave é estimar um grau de confiança para as solicitações de identidades, calculada como função do número de identidades já concedidas em um dado período, considerando a origem dessas solicitações. Nossa abordagem baseia-se em prova de trabalho e usa desafios criptográficos como um recurso para conter atacantes. Nesta tese, nós também concentramos esforços na reformulação dos desafios tradicionais, de modo a torná-los “verdes” e “´uteis”. Os resultados obtidos via simulação e experimentação mostraram a viabilidade técnica de usar desafios verdes e ´uteis para o gerenciamento de identidades. Mais importante, eles mostraram que caracterizar as solicitações de identidades com base na origem das mesmas constitui uma abordagem promissora para lidar com a redução substancial da disseminação de contas falsas.<br>Online systems such as Facebook, Twitter, Digg, and BitTorrent communities (among various others) offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address; the actual requirements may vary depending on the system), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can obtain a horde of fake accounts (Sybil attack), and use them to either perform malicious activities (that might harm legitimate users) or obtain unfair benefits. It is extremely challenging (if not impossible) to devise a single identity management solution at the same time able to support a variety of end-users using heterogeneous devices, and suitable for a multitude of environments (e.g., large-scale distributed systems, Internet-of-Things, and Future Internet). As a consequence, the research community has focused on the design of system-specific identity management solutions, in scenarios having a well-defined set of purposes, requirements, and constraints. In this thesis, we approach the issue of fake accounts in large-scale, distributed systems. More specifically, we target systems based on the peer-to-peer paradigm and that can accommodate lightweight, long-term identity management schemes (e.g., file sharing and live streaming networks, collaborative intrusion detection systems, among others); lightweight because users should obtain identities without being required to provide “proof of identity” (e.g., passport) and/or pay taxes; and long-term because users should be able to maintain their identities (e.g., through renewal) for an indefinite period. Our main objective is to propose a framework for adaptively pricing identity requests as an approach to limit Sybil attacks. The key idea is to estimate a trust score for identity requests, calculated as a as function of the number of identities already granted in a given period, and considering their source of origin. Our approach relies on proof of work, and uses cryptographic puzzles as a resource to restrain attackers. In this thesis, we also concentrate on reshaping traditional puzzles, in order to make them “green” and “useful”. The results obtained through simulation and experimentation have shown the feasibility of using green and useful puzzles for identity management. More importantly, they have shown that profiling identity requests based on their source of origin constitutes a promising approach to tackle the dissemination of fake accounts.
20
Jawad, Dina, and Felicia Rosell. "Speak-up as a Resource Based Defence against Application Layer Distributed Denial-of-Service Attacks." Thesis, KTH, Skolan för datavetenskap och kommunikation (CSC), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-166597.
Texte intégralRésumé :
Under de senaste åren har antalet DDoS-attacker i Internets applikationsskikt ökat. Detta problem behöver adresseras. Den här rapporten presenterar ett antal existerande metoder för att upptäcka och skydda mot DDoS-attacker i applikationsskiktet. En metod för detta ändamål är att hitta avvikelser av olika typer hos de attackerande klienterna, för att urskilja mellan attackerande och vanliga klienter. Detta är ett brett utforskatförsvarsområde med många positiva resultat, men dessa metoder har ett antal brister, som att de kan resultera i både falska positiva och negativa resultat. En metod som ännu inte har undersökts tillräckligt är resurs-baserat försvar. Det är en metod med mycket potential, eftersom den tydligare kan skilja på goda och onda klienter under en DDoS-attack. Speak-up är en sådan metod och är huvudfokus i denna rapport. För- och nackdelarna med Speak-up har undersökts och resultaten visar på att Speak-up har potential till att bli ett kraftfullt verktyg mot DDoS-attacker. Speak-up har dock sina begränsningar och är därför inte det bästa alternativet under vissa typer av dessa DDoS-attacker.<br>In recent years, the internet has endured an increase in application layer DDoS attacks. It is a growing problem that needs to be addressed. This paper presents a number of existing detection and protection methods that are used to mitigate application layer DDoS attacks. Anomaly detection is a widely explored area for defence and there have been many findings that show positive results in mitigating attacks. However, anomaly detection possesses a number of flaws, such as causing false positives and negatives. Another method that has yet to become thoroughly examined is resource based defence. This defence method has great potential as it addresses clear differences between legitimate users and attackers during a DDoS attack. One such defence method is called Speak-up and is the center of this paper. The advantages and limitations of Speak-up have been explored and the findings suggest that Speak-up has the potential to become a strong tool in defending against DDoS attacks. However, Speak-up has its limitations and may not be the best alternative during certain types of application layer DDoS attacks.
21
Ikusan, Ademola A. "Collaboratively Detecting HTTP-based Distributed Denial of Service Attack using Software Defined Network." Wright State University / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=wright1515067456228498.
Texte intégral
22
Saw, Tee Huu. "Evaluation of a multi-agent system for simulation and analysis of distributed denial-of-service attacks." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Dec%5FSaw.pdf.
Texte intégralRésumé :
Thesis (M.S. in Computer Science)--Naval Postgraduate School, December 2003.<br>Thesis advisor(s): James B. Michael, Mikhail Auguston. Includes bibliographical references (p. 52-54). Also available online.
23
Yu, Xuan Hamilton John A. "A defense system on DDOS attacks in mobile ad hoc networks." Auburn, Ala., 2007. http://repo.lib.auburn.edu/2006%20Fall/Dissertations/YU_XUAN_49.pdf.
Texte intégral
24
Mekhitarian, Araxi, and Amir Rabiee. "A simulation study of an application layer DDoS detection mechanism." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-191145.
Texte intégralRésumé :
Over the last couple of years the rise of application layer Distributed Denial of Service (DDoS) attacks has significantly increased. Because of this, many issues have been raised on how organizations and companies can protect themselves from intrusions and damages against their systems and services. The consequences from these attacks are many, ranging from revenue losses for companies to stolen personal data. As the technologies are evolving, application layer DDoS attacks are becoming more effective and there is not a concrete solution that entirely protects against them. This thesis focuses on the available defense mechanisms and presents a general overview of different types of application layer DDoS attacks and how they are constructed. Moreover this report provides a simulation based on one of the defense mechanisms mentioned, named CALD. The simulation tested two different application layer DDoS attacks and showed that CALD can detect and differentiate between the two attacks. This report can be used as a general information source for application layer DDoS attacks, how to detect them and how to defend against them. Furthermore the simulation can be used as a basis on how well a relatively small-scaled implementation of CALD can detect DDoS attacks on the application layer.<br>Under de senaste åren har ökningen av Distributed Denial of Service (DDoS) attacker på applikationslagret ökat markant. På grund av detta har många frågor uppkommit om hur organisationer och företag kan skydda sig mot intrång och skador mot sina system och tjänster. Konsekvenserna av dessa attacker är många, allt från intäktsförluster för företag till stulen personlig data. Eftersom tekniken utvecklas, har DDoS attacker på applikationslagret blivit mer effektiva och det finns inte en konkret lösning för att hindra dem. Denna rapport fokuserar på de tillgängliga försvarsmekanismer och presenterar en allmän översikt över olika typer av DDoS-attacker på applikationslagret och hur de är uppbyggda. Dessutom bidrar den här rapporten med en redovisning av en simulering baserad på en av de försvarsmekanismer som nämns i rapporten, CALD. Simuleringen testade två olika attacker på applikationslagret och visar att CALD kan upptäcka och skilja mellan de två attackerna. Denna rapport kan användas som en allmän informationskälla för DDoSattacker på applikationslagret och hur man försvarar sig mot och upptäcker dessa. Vidare kan simuleringen användas som utgångspunkt på hur väl en relativt småskalig implementering av CALD kan upptäcka DDoS-attacker på applikationslagret.
25
Han, Kai. "Scheduling Distributed Real-Time Tasks in Unreliable and Untrustworthy Systems." Diss., Virginia Tech, 2010. http://hdl.handle.net/10919/26917.
Texte intégralRésumé :
In this dissertation, we consider scheduling distributed soft real-time tasks in unreliable
(e.g., those with arbitrary node and network failures) and untrustworthy systems (e.g., those
with Byzantine node behaviors). We present a distributed real-time scheduling algorithm
called Gamma. Gamma considers a distributed (i.e., multi-node) task model where tasks are
subject to Time/Utility Function (or TUF) end-to-end time constraints, and the scheduling
optimality criterion of maximizing the total accrued utility. The algorithm makes three novel
contributions. First, Gamma uses gossip for reliably propagating task scheduling parameters
and for discovering task execution nodes. Second, Gamma achieves distributed real-time
mutual exclusion in unreliable environments. Third, the algorithm guards against potential
disruption of message propagation due to Byzantine attacks using a mechanism called
Launcher-Attacker-Infective-Susceptible-Immunized-Removed-Consumer (or LAISIRC). By
doing so, the algorithm schedules tasks with probabilistic termination-time satisfactions,
despite system unreliability and untrustworthiness.
We analytically establish several timeliness and non-timeliness properties of the algorithm
including probabilistic end-to-end task termination time satisfactions, optimality
of message overheads, mutual exclusion guarantees, and the mathematical model of the
LAISIRC mechanism. We conducted simulation-based experimental studies and compared
Gamma with its competitors. Our experimental studies reveal that Gammaâ s scheduling algorithm
accrues greater utility and satisfies a greater number of deadlines than do competitor
algorithms (e.g., HVDF) by as much as 47% and 45%, respectively. LAISIRC is more tolerant
to Byzantine attacks than competitor protocols (e.g., Path Verification) by obtaining as much as 28% higher correctness ratio. Gammaâ s mutual exclusion algorithm accrues greater
utility than do competitor algorithms (e.g., EDF-Sigma) by as much as 25%. Further, we
implemented the basic Gamma algorithm in the Emulab/ChronOS 250-node testbed, and
measured the algorithmâ s performance. Our implementation measurements validate our
theoretical analysis and the algorithm's effectiveness and robustness.<br>Ph. D.
26
Nilsson, Sebastian. "The Current State of DDoS Defense." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3933.
Texte intégralRésumé :
A DDoS attack is an attempt to bring down a machine connected to the Internet. This is done by having multiple computers repeatedly sending requests to tie up a server making it unable to answer legitimate requests. DDoS attacks are currently one of the biggest security threats on the internet according to security experts. We used a qualitative interview with experts in IT security to gather data to our research. We found that most companies are lacking both in knowledge and in their protection against DDoS attacks. The best way to minimize this threat would be to build a system with redundancy, do a risk analysis and revise security policies. Most of the technologies reviewed were found ineffective because of the massive amount of data amplification attacks can generate. Ingress filtering showed promising results in preventing DDoS attacks by blocking packages with spoofed IP addresses thus preventing amplification attacks.
27
Devasundaram, Shanmuga Sundaram. "PERFORMANCE EVALUATION OF A TTL-BASED DYNAMIC MARKING SCHEME IN IP TRACEBACK." University of Akron / OhioLINK, 2006. http://rave.ohiolink.edu/etdc/view?acc_num=akron1164051699.
Texte intégral
28
Kaynar, Kerem [Verfasser], Sahin [Akademischer Betreuer] Albayrak, Sahin [Gutachter] Albayrak, Alexander [Gutachter] Schill, and Albert [Gutachter] Levi. "Distributed log analysis for scenario-based detection of multi-step attacks and generation of near-optimal defense recommendations / Kerem Kaynar ; Gutachter: Sahin Albayrak, Alexander Schill, Albert Levi ; Betreuer: Sahin Albayrak." Berlin : Technische Universität Berlin, 2017. http://d-nb.info/1156178177/34.
Texte intégral
29
Martimiano, Taciane. "Distributed attacker." reponame:Repositório Institucional da UFSC, 2017. https://repositorio.ufsc.br/xmlui/handle/123456789/176799.
Texte intégralRésumé :
Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2017<br>Made available in DSpace on 2017-06-27T04:22:41Z (GMT). No. of bitstreams: 1
345978.pdf: 978430 bytes, checksum: e7dbdcc1dd284e84bcac339aae3f6488 (MD5)
Previous issue date: 2017<br>Abstract : Security ceremonies are extensions of security protocols, including all that is out-of-bounds for protocols. Nowadays we lack a base description language and a detailed threat model for security ceremonies in order to be able to use symbolic evaluation methods and verify claims embedded in ceremonies. Our goal is to contribute with a syntax and detailed threat model for ceremonies description in order to establish our proposal for a new attacker type named Distributed Attacker (DA in brief). Moreover, we also developed a strategy for symbolic evaluation of our attacker model using First-Order Logic (FOL) and an automatic theorem prover. Lastly, we present scenarios formally analysed with our methodology, including cases we could not have with standard Dolev-Yao or Multi-Attacker models. For instance, our most interesting scenario is when several attackers gather only pieces of an user's credentials and, by putting together their knowledge, collude to attack this user's email account.<br><br>Protocolos de segurança são subconjuntos das chamadas cerimônias de segurança. Atualmente não se tem uma linguagem de descrição e um modelo de ameaça detalhado para cerimônias de segurança, necessários para o uso de métodos de avaliação simbólica e verificação de suposições presentes em cerimônias. O objetivo desta dissertação é contribuir com uma sintaxe para descrição de mensagens de cerimônias e apropriado modelo de ameaça a fim de estabelecer a proposta para um novo tipo de atacante (nomeado Atacante Distribuído). Adicionalmente, uma estratégia para execução de avaliação simbólica também foi desenvolvida, utilizando lógica de primeira ordem e um provador de teoremas automático. Por fim, cenários formalmente analisados com o modelo de atacante proposto são exibidos, incluindo casos não passíveis de serem simulados com modelos padrão como Dolev-Yao ou Multi-Attacker. Por exemplo, o caso mais interessante é o que apresenta vários atacantes com conhecimento apenas de partes das credenciais de um usuário, mas que ao colaborar entre si conseguem atacar a conta de email desse usuário.
30
Moore, Tyler Weston. "Cooperative attack and defense in distributed networks." Thesis, University of Cambridge, 2008. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.612283.
Texte intégral
31
Saied, Alan. "Distributed Denial of Service (DDoS) attack detection and mitigation." Thesis, King's College London (University of London), 2015. http://kclpure.kcl.ac.uk/portal/en/theses/distributed-denial-of-service-ddos-attack-detection-and-mitigation(eaa45e51-f602-46da-a37a-75c3ae71d2db).html.
Texte intégralRésumé :
A Distributed Denial of Service (DDoS) attack is an organised distributed packet-storming technique that aims to overload network devices and the communication channels between them. Its major objective is to prevent legitimate users from accessing networks, servers, services, or other computer resources. In this thesis, we propose, implement and evaluate a DDoS Detector approach consisting of detection, defence and knowledge sharing components. The detection component is designed to detect known and unknown DDoS attacks using an Artificial Neural Network (ANN) while the defence component prevents forged DDoS packets from reaching the victim. DDoS Detectors are distributed across one or more networks in order to mitigate the strength of a DDoS attack. The knowledge sharing component uses encrypted messages to inform other DDoS Detectors when it detects a DDoS attack. This mechanism increases the efficacy of the detection mechanism between the DDoS Detectors. This approach has been evaluated and tested against other related approaches in terms of Sensitivity, Specificity, False Positive Rate (FPR), Precision, and Detection Accuracy. A major contribution of the research is that this approach achieves a 98% DDoS detection and mitigation accuracy, which is 5% higher than the best result of previous related approaches.
32
Skog, Andersen Jonas, and Ammar Alderhally. "Denial-of-service attack : A realistic implementation of a DoS attack." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-120690.
Texte intégralRésumé :
This report describes some of the most well known denial of service attacks (DoS-attacks). This will be done in the first part of the report, the second part describes an implementation of a DoS-attack. The main purpose of its first part is to closer examine common DoS-attacks, the purpose of such attacks, the protection methods that can be deployed to mitigate these attacks and the ways that are used to measure these attacks. The second part describes a implementation of a practical attack implemented using HTTP POST requests to overwhelm a web server, so called HTTP POST attack. The attack was carried out using different number of attack nodes, up to the default maximum limit for Apache web server. The attack succeeded after several attempts with different parameters. As a result of the experiments we learnt that a successful HTTP POST attack needs to take between 15% and 100% of the maximum permitted clients to make an impact on the server’s response time. The server that was attacked had no defence mechanism to protect itself against DoS-attacks. One important thing to note is that this attack is carried out in a protected environment so as not to affect the external environment.
33
Karaaslan, Ibrahim. "Anti-sensor Network: Distortion-based Distributed Attack In Wireless Sensor Networks." Master's thesis, METU, 2008. http://etd.lib.metu.edu.tr/upload/3/12609276/index.pdf.
Texte intégralRésumé :
In this thesis, a novel anti-sensor network paradigm is introduced against wireless sensor networks (WSN). Anti-sensor network (ASN) aims to destroy application reliability by adaptively and anonymously introducing adequate level of artificial distortion into the communication of the event features transported from the sensor nodes (SN) to the sink. ASN is composed of anti-sensor nodes (aSN) randomly distributed
over the sensor network field. aSNs pretend to be SNs tomaintain anonymity and so improve resiliency against attack detection and prevention mechanisms. Performance
evaluations via mathematical analysis and simulation experiments show that ASN can effectively reduce the application reliability of WSN.
34
Khanal, Sandarva, and Ciara Lynton. "Packet Simulation of Distributed Denial of Service (DDoS) Attack and Recovery." International Foundation for Telemetering, 2013. http://hdl.handle.net/10150/579511.
Texte intégralRésumé :
ITC/USA 2013 Conference Proceedings / The Forty-Ninth Annual International Telemetering Conference and Technical Exhibition / October 21-24, 2013 / Bally's Hotel & Convention Center, Las Vegas, NV<br>Distributed Denial of Service (DDoS) attacks have been gaining popularity in recent years. Most research developed to defend against DDoS attacks have focused on analytical studies. However, because of the inherent nature of a DDoS attack and the scale of a network involved in the attack, analytical simulations are not always the best way to study DDoS attacks. Moreover, because DDoS attacks are considered illicit, performing real attacks to study their defense mechanisms is not an alternative. For this reason, using packet/network simulators, such as OPNET Modeler, is the best option for research purposes. Detection of an ongoing DDoS attack, as well as simulation of a defense mechanism against the attack, is beyond the scope of this paper. However, this paper includes design recommendations to simulate an effective defense strategy to mitigate DDoS attacks. Finally, this paper introduces network links failure during simulation in an attempt to demonstrate how the network recovers during and following an attack.
35
Selliah, Sentil. "Mobile agent based attack resistant architecture for distributed intrusion detection system." Morgantown, W. Va. : [West Virginia University Libraries], 2001. http://etd.wvu.edu/templates/showETD.cfm?recnum=2060.
Texte intégralRésumé :
Thesis (M.S.)--West Virginia University, 2001.<br>Title from document title page. Document formatted into pages; contains vii, 61 p. : ill. Includes abstract. Includes bibliographical references (p. 50-52).
36
Ma, Mingxiao. "Attack Modelling and Detection in Distributed and Cooperative Controlled Microgrid Systems." Electronic Thesis or Diss., Université de Lorraine, 2021. http://www.theses.fr/2021LORR0111.
Texte intégralRésumé :
Les micro-réseaux électriques s'appuient sur des approches de contrôle distribuées et coopératives pour garantir des décisions opérationnelles sûres et fiables de leurs générateurs distribués (DG). Cependant, de nombreuses cyber-attaques sophistiquées peuvent viser ces systèmes, tromper leurs méthodes de détection traditionnelles et avoir des conséquences importantes sur l'infrastructure électrique. Dans cette thèse, nous étudions les attaques ciblant les systèmes de contrôle associés à ces micro-réseaux. Nous avons développé dans un premier temps une nouvelle attaque nommée MaR (Measurement as Reference) qui cible les consignes de synchronisation échangées entre les entités du système de contrôle. Nous avons analysé par simulation numérique l'impact de cette attaque sur la stabilité du micro-réseau et la convergence du système de contrôle vers une consigne commune. Nous avons également développé des modèles d'analyse des attaques de type injection de fausses données et déni de service sur ces systèmes pour étudier leurs impacts et leur détection. Ensuite, nous avons proposé un framework qui permet de détecter ces attaques, en se basant sur l'apprentissage automatique des caractéristiques des paquets réseau échangés entres les entités d'un système de contrôle distribué. Nous avons mis en œuvre une plate-forme expérimentale représentative d'un micro-réseau électrique et son système de contrôle pour collecter des jeux de données et valider notre framework, en particulier son module de détection des attaques.Enfin, nous avons évalué les performances de différents algorithmes d'apprentissage automatique pour détecter les attaques que nous avons introduites sur la plate-forme expérimentale. Nos résultats montrent que les algorithmes basés sur les techniques d'arbres, à l'image des arbres de décision, les forêts aléatoire et AdaBoost offrent les meilleures performances en termes de précision et de justesse pour détecter les différentes attaques et les distinguer<br>Modern low-voltage microgrid systems rely on distributed and cooperative control approaches to guarantee safe and reliable operational decisions of their inverter-based distributed generators (DGs). However, many sophisticated cyber-attacks can target these systems, deceive their traditional detection methods and cause a severe impact on the power infrastructure. In this thesis, we systematically study the vulnerabilities and threats of distributed controlled microgrid systems. We design a novel attack named "measurement-as-reference" (MaR) attack and take it as a typical stealthy attack example to theoretically analyze the attack impact on the microgrid system and use numerical simulation results to verify the analysis. We provide mathematical models of possible false data injection (FDI) and denial of service (DoS) attacks in a representative distributed and cooperative controlled microgrid system. We propose a secure control framework with an attack detection module based on machine learning techniques. To validate the effectiveness of this framework, we implement two typical attacks, MaR attack and delay injection attack, on a hardware platform modeled after a microgrid system. We collect datasets from the platform and validate the performance of multiple categories of machine learning algorithms to detect such attacks. Our results show that tree-based classifiers (Decision Tree, Random Forest and AdaBoost) outperform other algorithms and achieve excellent performance in detecting normal behavior, delay injection and false data attacks
37
Laurens, Vicky. "DDoSniffer: An attack detection tool detecting TCP-based distributed denial of service attack traffic at the agent machines." Thesis, University of Ottawa (Canada), 2006. http://hdl.handle.net/10393/27384.
Texte intégralRésumé :
Distributed Denial of Service (DDoS) attacks are an important and challenging security threat. Despite of the availability of several defence mechanisms and ongoing academic research in the field, attackers handle to build a large network of agent machines. This research developed a tool, DDoSniffer, to tackle the DDoS attack by detecting ongoing attack traffic at the agent machines. Due to the diversity in DDoS attack strategies, it is not realistic to deal with all type of attacks with one single solution. DDoSniffer focuses on TCP-based attacks. Different scenarios were tested to evaluate the performance of DDoSniffer when detecting what we classified as connection attacks and bandwidth attacks. The former attacks generate connections with four packets or fewer. The latter attacks create connections with traffic ratios larger than usual. Detection is the minimum requirement of all defence mechanisms, and DDoSniffer is capable of detecting a broad range of attacks within seconds.
38
Andersson, Karl, and Marcus Odlander. "Detecting a Distributed Denial-of-Service Attack Using Speed Test Data: A Case Study on an Attack with Nationwide Impact." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-120611.
Texte intégralRésumé :
This thesis presents a case study that investigates a large Distributed Denial of Service (DDoS) attack and how it affected speed tests observed by the crowd-based speed test application Bredbandskollen. Furthermore, the thesis also investigates the possibility of using crowd-based speed tests as a method to detect a DDoS attack. This method has very low overhead which makes it an interesting complement to other methods. This thesis also shows that there was a significant deviation in the number of measurements during the DDoS attack considered in the case study compared to the year average. Furthermore, the measurements of the peak day of the attack had a higher average download speed than the year average. Whereas the higher download speed observation at first may appear non-intuitive, we briefly discuss potential explanations and how such positive anomalies could potentially be used to detect attacks. Detecting DDoS attacks early can lead to earlier recognition of network problems which can aid Internet Service Providers (ISPs) in maintaining the availability of their networks.
39
Chen, Yao. "A novel marking-based detection and filtering scheme against distributed denial of service attack." Thesis, University of Ottawa (Canada), 2006. http://hdl.handle.net/10393/27117.
Texte intégralRésumé :
The Denial of Service (DoS) attack, including Distributed Denial of Service (DDoS) Attack, has become one of the major threats to the Internet today. The victim's resources are exhausted so that its services are disrupted under the DoS attack. Spoofed packets, in which the source IP addresses are forged, are usually used by attackers to implement the attacks or disguise their actual locations.
In this thesis, we investigate DoS attack, analyze some existing defense mechanisms, and compare their strengths and weaknesses. Then, we present a novel Marking-based DDoS Attack Detection and Filtering (MDADF) scheme. The MDADF system can distinguish and filter out spoofed IP packets by maintaining a record of the legitimate users and their markings. The system also functions as a DDoS attack detector. We evaluate the performance of this under various conditions in a simulated environment. The results demonstrate that the system is effective in defending against massive DDoS attacks, even when only 20% of the routers on the Internet participate in the marking process. The system is specially effective against IP-spoofed attacks, which are the most difficult to control, although it works well even under randomized attacks. Moreover, the system detects the occurrence of an attack quite quickly and precisely.
40
Cappelleri, Vincenzo-Maria. "Randomness, Age, Work: Ingredients for Secure Distributed Hash Tables." Doctoral thesis, Università degli studi di Padova, 2017. http://hdl.handle.net/11577/3423231.
Texte intégralRésumé :
Distributed Hash Tables (DHTs) are a popular and natural choice when dealing with dynamic resource location and routing. DHTs basically provide two main functions: saving (key, value) records in a network environment and, given a key, find the node responsible for it, optionally retrieving the associated value. However, all predominant DHT designs suffer a number of security flaws that expose nodes and stored data to a number of malicious attacks, ranging from disrupting correct DHT routing to corrupting data or making it unavailable. Thus even if DHTs are a standard layer for some mainstream systems (like BitTorrent or KAD clients), said vulnerabilities may prevent more security-aware systems from taking advantage of the ease of indexing and publishing on DHTs.
Through the years a variety of solutions to the security flaws of DHTs have been proposed both from academia and practitioners, ranging from authentication via Central Authorities to social-network based ones. These solutions are often tailored to DHT specific implementations, simply try to mitigate without eliminating hostile actions aimed at resources or nodes. Moreover all these solutions often sports serious limitations or make strong assumptions on the underlying network.
We present, after after providing a useful abstract model of the DHT protocol and infrastructure, two new primitives. We extend a “standard” proof-of-work primitive making of it also a “proof of age” primitive (informally, allowing a node to prove it is “sufficiently old”) and a “shared random seed” primitive (informally, producing a new, shared, seed that was completely unpredictable in a “sufficiently remote” past). These primitives are then integrated into the basic DHT model obtaining an “enhanced” DHT design, resilient to many common attacks. This work also shows how to adapt a Block Chain scheme – a continuously growing list of records (or blocks) protected from alteration or forgery – to provide a possible infrastructure for our proposed secure design.
Finally a working proof-of-concept software implementing an “enhanced” Kademlia-based DHT is presented, together with some experimental results showing that, in practice, the performance overhead of the additional security layer is more than tolerable.
Therefore this work provides a threefold contribution. It describes a general set of new primitives (adaptable to any DHT matching our basic model) achieving a secure DHT;
it proposes an actionable design to attain said primitives; it makes public a proof-of-concept implementation of a full “enhanced” DHT system, which a preliminary performance evaluation shows to be actually usable in practice.<br>Nel contesto dell’indirizzamento dinamico basato su risorse le Tabelle di Hash Distribuite (DHT) si rivelano una scelta naturale oltre che molto apprezzata. Le DHT forniscono due funzioni principali: il salvataggio di coppie (chiave, valore) e, data una chiave, la localizzazione del nodo per essa responsabile, opzionalmente unita al recupero del valore associato. La maggior parte delle DHT realizzate sono ad ogni modo vulnerabili a falle di sicurezza che espongono i nodi ed i dati salvati ad un certo numero di possibili attacchi. Tali attacchi spaziano dall’impedire il corretto instradamento sulla DHT al corrompere o rendere indisponibili i dati. Anche se le DHT sono uno standard de facto in sistemi molto diffusi (come per esempio i client di BitTorrent o per la rete KAD) la debolezza di fronte a questi attacchi potrebbe tuttavia impedirne l’adozione da parte di sistemi maggiormente incentrati sulla sicurezza, pur potendo trarre vantaggio dalla facilità di indicizzazione e pubblicazione delle DHT.
Nel corso degli anni, sia da parte della comunità accademica che da parte di sviluppatori professionisti, sono state proposte molte possibili soluzioni al problema di sicurezza della DHT, spaziando da idee basate sul controllo esercitato da parte di Autorità Centrali a meccanismi basati sulle social network. Le proposte sono spesso personalizzate per specifiche realizzazioni delle DHT o, spesso, cercano semplicemente di mitigare senza eliminare la possibilità di azioni ostili verso i nodi o le risorse. Inoltre le soluzioni proposte spesso dimostrano di essere seriamente limitate o basate su assunzioni piuttosto forti relativamente alla rete di riferimento.
In questo lavoro, dopo aver fornito un’utile e generica astrazione del protocollo e delle infrastrutture di una DHT, presentiamo due nuove primitive. Estendiamo la “normale” funzione di proof-of-work facendo si che offra anche una “prova d’età” (ossia, informalmente, permette di provare che un nodo sia sufficientemente “anziano”) ed una primitiva che permetta l’accesso ad un seme randomico
distribuito. Utilizzando queste due nuove primitive ed integrandole nell’astrazione basilare otteniamo una DHT “migliorata”, resistente a molti degi comuni attacchi inferti a questi sistemi. Inoltre mostreremo come un sistema basato sulle Block Chain – una collezione di “blocchi di dati” protetta contro la contraffazione – possa fornire una possibile fondazione per la nostra DHT migliorata. Infine abbiamo realizzato un software prototipo che realizza una DHT sicura basata sul sistema Kademlia. Utilizzando questo software abbiamo condotto degli esperimenti, dimostrando come questo sistema sia utilizzabile in pratica nonostante il lavoro addizionale richiesto dai nodi.
Concludendo questo lavoro forniamo il seguente contributo: descriviamo un nuovo insieme di primitive per ottenere una DHT sicura (adattabile ad ogni sistema conforme alla nostra definizione di DHT), proponiamo un’architettura concreta per ottenere una DHT migliorata, ed annunciamo una versione prototipale e funzionante di questo sistema.
41
Chan, Yik-Kwan Eric, and 陳奕鈞. "Investigation of a router-based approach to defense against Distributed Denial-of-Service (DDoS) attack." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B30173309.
Texte intégral
42
Ding, Sze Yi. "On Distributed Strategies in Defense of a High Value Unit (HVU) Against a Swarm Attack." Thesis, Monterey, California. Naval Postgraduate School, 2012. http://hdl.handle.net/10945/17356.
Texte intégralRésumé :
Approved for public release; distribution is unlimited<br>Swarm attacks are of great concern to the U.S. Navy as well as to navies around the world and commercial ships transiting through waters with high volume of marine traffic. A large group of hostile ships can hide themselves among various other small ships, like pleasure crafts, fishing boats and transport vessels, and can make a coordinated attack against a High Value Unit (HVU) while it passes by. The HVU can easily be overwhelmed by the numbers and sustain heavy damage or risk being taken over. The objective of this thesis is to develop heuristic algorithms that multiple defenders can use to intercept and stop the advances of multiple attackers. The attackers are in much larger numbers compared to the defenders, and are moving in on a slow moving HVU. Pursuit guidance laws and proportional navigation (PN) guidance laws, commonly used in missile guidance strategies, are modified to be used by the defenders to try intercepting attackers that outnumber them. Another objective is to evaluate the effectiveness of the heuristic algorithms in defending the HVU against the swarm attack. The probability that the HVU survives the swarm attack will be used as a measure of effectiveness of the algorithms. The impact of various parameters, like the number of defenders and the speed of defenders, on the effectiveness of the algorithms are also evaluated.
43
Sung, Minho. "Scalable and efficient distributed algorithms for defending against malicious Internet activity." Diss., Available online, Georgia Institute of Technology, 2006, 2006. http://etd.gatech.edu/theses/available/etd-07172006-134741/.
Texte intégralRésumé :
Thesis (Ph. D.)--Computing, Georgia Institute of Technology, 2007.<br>Xu, Jun, Committee Chair ; Ahamad, Mustaque, Committee Member ; Ammar, Mostafa, Committee Member ; Bing, Benny, Committee Member ; Zegura, Ellen, Committee Member.
44
Vašek, Jiří. "Distribuovaný systém kryptoanalýzy." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2012. http://www.nusl.cz/ntk/nusl-219474.
Texte intégralRésumé :
This thesis should introduce a reader with basic objectives of parallel computing followed by distributed systems. The thesis is also aimed at description of cryptographic attacks. The main point should be to obtain theoretic information for design of distributed system for cryptoanalysis.
45
Thames, John Lane. "Advancing cyber security with a semantic path merger packet classification algorithm." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/45872.
Texte intégralRésumé :
This dissertation investigates and introduces novel algorithms, theories, and supporting frameworks to significantly improve the growing problem of Internet security. A distributed firewall and active response architecture is introduced that enables any device within a cyber environment to participate in the active discovery and response of cyber attacks. A theory of semantic association systems is developed for the general problem of knowledge discovery in data. The theory of semantic association systems forms the basis of a novel semantic path merger packet classification algorithm. The theoretical aspects of the semantic path merger packet classification algorithm are investigated, and the algorithm's hardware-based implementation is evaluated along with comparative analysis versus content addressable memory. Experimental results show that the hardware implementation of the semantic path merger algorithm significantly outperforms content addressable memory in terms of energy consumption and operational timing.
46
Buček, Hynek. "Generátor síťových útoků." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2013. http://www.nusl.cz/ntk/nusl-236362.
Texte intégralRésumé :
This thesis is focused on the study of the best-known network attacks, especially on those that can be theoretically detected without knowledge of the contents of transmitted messages. The goal is to use the basis of acquired knowledge to create a tool that will simulate the behavior of the communication in different network attacks. Simulation outputs will be used for testing the quality of security tools designed to defend against network attacks. The simulator will be used only for offline testing, it will not be possible to carry out real attacks. Purpose of this work is to improve the security against network attacks nowadays.
47
KALLAS, KASSEM. "A Game-Theoretic Approach for Adversarial Information Fusion in Distributed Sensor Networks." Doctoral thesis, Università di Siena, 2017. http://hdl.handle.net/11365/1005735.
Texte intégralRésumé :
Every day we share our personal information through digital systems which are constantly exposed to threats. For this reason, security-oriented disciplines of signal processing have received increasing attention in the last decades: multimedia forensics, digital watermarking, biometrics, network monitoring, steganography and steganalysis are just a few examples. Even though each of these fields has its own peculiarities, they all have to deal with a common problem: the presence of one or more adversaries aiming at making the system fail. Adversarial Signal Processing lays the basis of a general theory that takes into account the impact that the presence of an adversary has on the design of effective signal processing tools.
By focusing on the application side of Adversarial Signal Processing, namely adversarial information fusion in distributed sensor networks, and adopting a game-theoretic approach, this thesis contributes to the above mission by addressing four issues. First, we address decision fusion in distributed sensor networks by developing a novel soft isolation defense scheme that protects the
network from adversaries, specifically, Byzantines. Second, we develop an optimum decision fusion strategy in the presence of Byzantines. In the next step, we propose a technique to reduce the complexity of the optimum fusion by relying on a novel nearly-optimum message passing algorithm based on factor graphs. Finally, we introduce a defense mechanism to protect decentralized networks running consensus algorithm against data falsification attacks.
48
Hamadeh, Ihab. "Attack attribution for distributed denial-of-service and worm attacks." 2006. http://etda.libraries.psu.edu/theses/approved/WorldWideIndex/ETD-1431/index.html.
Texte intégral
49
Cheng, Wei-Cheng, and 鄭偉成. "Intrusion Detection on Distributed Attacks." Thesis, 2003. http://ndltd.ncl.edu.tw/handle/21899987184770671237.
Texte intégralRésumé :
碩士<br>國立中山大學<br>資訊管理學系研究所<br>91<br>The number of significant security incidents tends to increase day by day in recent years. The distributed denial of service attacks and worm attacks extensively influence the network and cause serious damages.
In the thesis, we analyze these two critical distributed attacks. We propose an intrusion detection approach against this kind of attacks and implement an attack detection system based on the approach. We use anomaly detection of intrusion detecting techniques and observed the anomalous distribution of packet fields to perform the detection. The proposed approach records the characteristics of normal traffic volumes so that to make detections more flexible and more precise. Finally, we evaluated our approach by experiments.
50
Gao, Zhiqiang. "On mitigating distributed denial of service attacks." Thesis, 2006. http://library1.njit.edu/etd/fromwebvoyage.cfm?id=njit-etd2006-111.
Texte intégral