1 |
Genomgång av skyddsmetoder för TCP SYN floodingThorstensson, Jonatan January 2010 (has links)
Följande arbete behandlar möjliga lösningar för hantering av SYN flooding, en Denial-of-Service-attack mot tjänster som använder TCP för kommunikation över datanätverk. Ett flertal olika skyddsmetoder, med varierande ansatser, identifieras, beskrivs och undersöks. Även möjligheter att kombinera dessa analyseras. Det visas att genom att implementera existerande skydd, samt kombinera flera av dessa begränsas hotet från SYN flooding avsevärt. Rekommendationer presenteras dessutom för hur organisationer bör gå tillväga för att säkra tjänster som riskerar att utsättas för SYN flooding-attacker genom att implementera skydd nära tjänsten först samt därefter ytterligare lager allt längre ut i nätverket.
|
2 |
Measurement and analysis of BitTorrentSadafal, Videsh 10 October 2008 (has links)
BitTorrent is assumed and predicted to be the world's largest Peer to Peer (P2P)
network. Previous studies of the protocol mainly focus on its file sharing algorithm,
and many relevant aspects of the protocol remain untouched. In the thesis, we conduct a number of experiments to explore those untouched aspects. We implement a
BitTorrent crawler to collect data from trackers and peers, and statistically analyze
it to understand the characteristics and behaviors of the BitTorrent protocol better.
We find that the expected lifetime of a peer in the BitTorrent is 56.6 minutes and
the activity is diurnal. Peers show strong preference towards a limited number of
torrents, and 10% of torrents are responsible for 67% of traffic. The US contributes
maximum number of peers to the BitTorrent and µTorrent emerges as the favorite
BitTorrent client. We measure the strength of Distributed Denial of Service (DDoS)
attack using BitTorrent network and conclude that it is transient and weak. Finally
we address and discuss the content locatability problem in BitTorrent and propose
two solutions.
|
3 |
Genomgång av skyddsmetoder för TCP SYN floodingThorstensson, Jonatan January 2010 (has links)
<p>Följande arbete behandlar möjliga lösningar för hantering av SYN flooding, en Denial-of-Service-attack mot tjänster som använder TCP för kommunikation över datanätverk. Ett flertal olika skyddsmetoder, med varierande ansatser, identifieras, beskrivs och undersöks. Även möjligheter att kombinera dessa analyseras. Det visas att genom att implementera existerande skydd, samt kombinera flera av dessa begränsas hotet från SYN flooding avsevärt. Rekommendationer presenteras dessutom för hur organisationer bör gå tillväga för att säkra tjänster som riskerar att utsättas för SYN flooding-attacker genom att implementera skydd nära tjänsten först samt därefter ytterligare lager allt längre ut i nätverket.</p>
|
4 |
A defense framework for flooding-based DDoS attacksYou, Yonghua 29 August 2007 (has links)
Distributed denial of service (DDoS) attacks are widely regarded as a major threat to the Internet. A flooding-based DDoS attack is a very common way to attack a victim machine by sending a large number of malicious traffic. In this thesis, we propose a distance-based distributed DDoS defense framework which defends against attacks by coordinating between the distance-based DDoS defense systems of the source ends and the victim end. The proposed defense system has three major components: detection, traceback, and response. In the detection component, two distance-based detection techniques are employed. First, a distance-based technique is used to detect attacks based on a distance statistical model. Second, a statistical traffic rate forecasting technique is applied to identify attack traffic within the traffic, that are separated based on distance to the victim-end network. For the traceback component, the existing Fast Internet Traceback (FIT) technique is employed to find remote edge routers which forward attack traffic to the victim. In the response component, the distance-based rate limit mechanism quickly lowers attack traffic by setting up rate limits on these routers. We evaluate the distance-based DDoS defense system on a network simulation platform called NS2. The results demonstrate that both detection techniques are capable of detecting flooding-based DDoS attacks, and the defense system can effectively control attack traffic to sustain quality of service for legitimate users. Moreover, the system shows better performance in defeating flooding-based DDoS attacks compared to the pushback technique which uses a local aggregate congestion control mechanism. / Thesis (Master, Computing) -- Queen's University, 2007-08-22 23:01:20.581
|
5 |
Security of smart city network infrastructures : design and implementation : application to “Sunrise – Smart City” Demonstrator / Sécurité des infrastructures de la ville intelligente : concept et mise en œuvre : application au démonstrateur "Ville intelligente - Sunrise"Semaan Nasr, Elie 29 November 2017 (has links)
Le but de cette thèse est de concevoir et mettre en œuvre une stratégie de renseignement sur les menaces cyber afin de soutenir les décisions stratégiques. L'alerte précoce et la détection des violations sont décisives, ce qui signifie que l'accent de la cyber sécurité a évolué vers l'intelligence des menaces. Pour cette raison, nous avons créé, analysé, mis en œuvre et testé deux solutions. La première solution agit comme un mécanisme prédictif et proactif. C'est un nouveau cadre utilisé pour analyser et évaluer quantitativement les vulnérabilités associées à un réseau de villes intelligentes. Cette solution utilise le modèle de chaîne de Markov pour déterminer le niveau de gravité de vulnérabilité le plus élevé d'un chemin d'attaque potentiel du réseau. Le niveau de gravité élevé amènera l'administrateur système à appliquer des mesures de sécurité appropriées à priori aux attaques. La deuxième solution agit comme un mécanisme défensif ou auto-protecteur. Ce cadre atténue les attaques par disponibilité zero-day basées sur Identification, Heuristics et Load Balancer dans un délai raisonnable. Ce mécanisme défensif a été proposé principalement pour atténuer les attaques par déni de service distribué (DDoS) car elles sont considérées comme l'une des attaques de disponibilité les plus sévères qui pourraient paralyser le réseau de la ville intelligente et provoquer une panne complète. Cette solution repose sur deux équilibreurs de charge dans lesquels le premier utilise une approche heuristique et le second agit comme une sauvegarde pour produire une solution dans un délai raisonnable. / The purpose of this thesis is to design and implement a cyber-threat intelligence strategy to support strategic decisions. Early warning and detection of breaches are decisive to being in a state of readiness, meaning that the emphasis of cybersecurity has changed to threat intelligence. For that reason, we created, analyzed, implemented, and tested two solutions. The first solution acts as a predictive and proactive mechanism. It is a novel framework used to analyze and evaluate quantitatively the vulnerabilities associated with a smart city network. This solution uses the Markov Chain Model to determine the highest vulnerability severity level of a potential attack path in the attacks graph of the network. High severity level of a potential attack path will lead the system administrator to apply appropriate security measures a priori to attacks occurrence. The second solution acts as a defensive or self-protective mechanism. This framework mitigates the zero-day availability attacks based on Identification, Heuristics and Load Balancer in a reasonable time frame. This defensive mechanism has been proposed mainly to mitigate Distributed Denial of Service (DDoS) attacks since they are considered one of the most severe availability attacks that could paralyze the smart city’s network and cause complete black out. This solution relies on two load balancers in which the first one uses a heuristic approach, and the second acts as a backup to produce a solution in a reasonable time frame.
|
6 |
Problematika sítí typu botnetKlubal, Martin January 2013 (has links)
No description available.
|
7 |
Evaluation of Moving Target IPv6 Defense and Distributed Denial of Service DefensesDiMarco, Peter Lewis 13 December 2013 (has links)
A Denial-of-Service (DoS) attack is a network attack from a single machine that attempts to prevent the victim, the targeted machine, from communicating to other devices on the network or perform its normal tasks. The extension of these attacks to include many malicious machines became known as Distributed Denial-of-Service (DDoS) attacks. DDoS attacks cause an immense amount of strain on both the victim and the devices used to reach the victim. In reaction to these attacks, preexisting technologies were used as DDoS defenses to mitigate the effects. The two most notable defenses used are the firewall and Internet Protocol Security (IPsec). The technologies behind these defenses emerged over twenty years ago and since then have been updated to conform to the newest Internet protocols. While these changes have kept the technologies viable, these defenses have still fallen victim to successful attacks.
Because of the number of Internet connected devices and the small address space in Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6) was developed to solve the address space problem. With IPv6 however, there are new problems to address; therefore, these aforementioned defenses have to be further modifed to accommodate the new protocol. Moving Target IPv6 Defense (MT6D) has been developed to attempt to leverage the new standard against DDoS attacks in the IPv6 arena. This research evaluates the DDoS prevention capabilities of the aging defenses relative to the newly developed MT6D to determine which defense is best suited to defend against these attacks for a variety of scenarios. The threat environment in this study is limited to Synchronize (SYN) Flood, HTTP/GET Flood, Denial6, Dos-New-IP6, and Slowloris attacks. Attacks on the MT6D key distribution mechanism are not considered. Strengths and weaknesses of the aforementioned defenses are presented and analyzed.
This project examines different metrics including the performance impact on the machines and the client throughput in an instrumented testbed. MT6D has high operating costs and low throughput compared to the other defenses. Under DDoS attacks, the firewall is unable to prevent attacks in IPv6 due to the inability to determine the same host from multiple Internet Protocol (IP) addresses. Overall, IPsec and MT6D effectively mitigate the DDoS attacks. Although, MT6D is susceptible to some attacks due to its operating at the guest level. At this point in MT6D's development, the difference in performance could be considered a reasonable price to pay for the added benefits from MT6D. / Master of Science
|
8 |
Potlačení DoS útoků s využitím strojového učení / Mitigation of DoS Attacks Using Machine LearningGoldschmidt, Patrik January 2021 (has links)
Útoky typu odoprenia služby (DDoS) sú v dnešných počítačových sieťach stále frekventovanejším bezpečnostným incidentom. Táto práca sa zameriava na detekciu týchto útokov a poskytnutie relevantných informácii za účelom ich mitigácie v reálnom čase. Spomínaná funkcionalita je dosiahnutá s využitím techník prúdového dolovania z dát a strojového učenia. Výsledkom práce je sada nástrojov zastrešujúca celý proces strojového učenia - od vlastnej extrakcie príznakov cez predspracovanie dát až po export natrénovaného modelu pripraveného na nasadenie v produkcii. Experimentálne výsledky vyhodnotené na viacerých reálnych a syntetických dátových sadách poukazujú na presnosť systému väčšiu ako 99% s možnosťou spoľahlivej detekcie prebiehajúceho útoku do 4 sekúnd od jeho začiatku.
|
9 |
Modelling and Research of Distributed Denial of Service Attacks / Srautinių atakų įtakos internetinės paslaugos sutrikdymui modeliavimas ir tyrimasRamanauskaitė, Simona 23 July 2012 (has links)
In the dissertation the Denial of Service (DoS) attacks and their models are investigated. DoS attack is a type of cyber attacks when an attacker tries to deny a service in the network machine. There are many types of DoS attacks, and therefore the main object of the dissertation is specified as distributed denial of service (DDoS) attacks. DDoS uses multiple agents at the same time to exhaust certain resources of network machine and make it unavailable.
The importance of DDoS attacks can be explained on the basis of the following facts: nowadays there are no countermeasures which can ensure full resistance to DDoS; DoS effect can be created even by legitimate users of the systems; internet services become more popular therefore the denial of such a service or diminishing of its quality can cause undesired impact on the other systems or their users.
The main objective of this dissertation is creation of model for the estimation of the composite DDoS attack success. This model would allow estimating of network machine resistance to different type and power DDoS attacks.
The dissertation consists of eight parts including Introduction, 5 chapters, Conclusions and References.
In the introduction, the investigated problem, importance of the thesis and the object of research are defined and the purpose and tasks of the thesis, scientific novelty are described together with the practical significance of results and defended statements. At the end of introduction, author’s... [to full text] / Disertacijoje nagrinėjamos internetinės paslaugos sutrikdymo (angl. DoS – Denial of Service) atakos ir jų modeliavimo priemonės. Tai kibernetinių atakų tipas, kurių metu siekiama tam tikro tinkle veikiančio mazgo teikiamas paslaugas padaryti neprieinamas jų teisėtiems klientams. DoS atakos gali turėti daug skirtingų tipų, todėl šio darbo pagrindinis tyrimų objektas yra srautinė internetinės paslaugos sutrikdymo (angl. DDoS – Distributed Denial of Service) ataka, kuri paslaugos sutrikdymo siekia naudodama bent kelis atakuojančiuosius kompiuterius vienu metu ir kuri siekia išnaudoti visus pasirinkto tipo resursus tą paslaugą teikiančiame mazge. DDoS atakos aktualios dėl šių priežasčių: šiuo metu nėra apsaugos priemonių, leidžiančių patikimai ir užtikrintai apsisaugoti nuo jų keliamos grėsmės; jas gali sukelti net ir teisėti vartotojai, netinkamai elgdamiesi ar esant netinkamai paruoštai sistemai; internete teikiamos paslaugos vis dažniau naudojamos kasdieniniame gyvenime ir jų blokavimas ar kokybės suprastėjimas gali neigiamai paveikti kitų sistemų ar jų vartotojų darbą.
Pagrindinis šios disertacijos tikslas – sukurti jungtinį DDoS atakos sėkmės tikimybės vertinimo modelį. Šis modelis leistų įvertinti kompiuterinės technikos sugebėjimą atlaikyti skirtingo tipo ir galingumo DDoS atakas, todėl galėtų būti taikomas prevencijai bei paslaugų tiekėjų kokybės vertinimui.
Disertaciją sudaro įvadas, penki skyriai, rezultatų apibendrinimas, naudotos literatūros ir autoriaus publikacijų... [toliau žr. visą tekstą]
|
10 |
Srautinių atakų įtakos internetinės paslaugos sutrikdymui modeliavimas ir tyrimas / Modelling and Research of Distributed Denial of Service AttacksRamanauskaitė, Simona 23 July 2012 (has links)
Disertacijoje nagrinėjamos internetinės paslaugos sutrikdymo (angl. DoS – Denial of Service) atakos ir jų modeliavimo priemonės. Tai kibernetinių atakų tipas, kurių metu siekiama tam tikro tinkle veikiančio mazgo teikiamas paslaugas padaryti neprieinamas jų teisėtiems klientams. DoS atakos gali turėti daug skirtingų tipų, todėl šio darbo pagrindinis tyrimų objektas yra srautinė internetinės paslaugos sutrikdymo (angl. DDoS – Distributed Denial of Service) ataka, kuri paslaugos sutrikdymo siekia naudodama bent kelis atakuojančiuosius kompiuterius vienu metu ir kuri siekia išnaudoti visus pasirinkto tipo resursus tą paslaugą teikiančiame mazge. DDoS atakos aktualios dėl šių priežasčių: šiuo metu nėra apsaugos priemonių, leidžiančių patikimai ir užtikrintai apsisaugoti nuo jų keliamos grėsmės; jas gali sukelti net ir teisėti vartotojai, netinkamai elgdamiesi ar esant netinkamai paruoštai sistemai; internete teikiamos paslaugos vis dažniau naudojamos kasdieniniame gyvenime ir jų blokavimas ar kokybės suprastėjimas gali neigiamai paveikti kitų sistemų ar jų vartotojų darbą.
Pagrindinis šios disertacijos tikslas – sukurti jungtinį DDoS atakos sėkmės tikimybės vertinimo modelį. Šis modelis leistų įvertinti kompiuterinės technikos sugebėjimą atlaikyti skirtingo tipo ir galingumo DDoS atakas, todėl galėtų būti taikomas prevencijai bei paslaugų tiekėjų kokybės vertinimui.
Disertaciją sudaro įvadas, penki skyriai, rezultatų apibendrinimas, naudotos literatūros ir autoriaus publikacijų... [toliau žr. visą tekstą] / In the dissertation the Denial of Service (DoS) attacks and their models are investigated. DoS attack is a type of cyber attacks when an attacker tries to deny a service in the network machine. There are many types of DoS attacks, and therefore the main object of the dissertation is specified as distributed denial of service (DDoS) attacks. DDoS uses multiple agents at the same time to exhaust certain resources of network machine and make it unavailable.
The importance of DDoS attacks can be explained on the basis of the following facts: nowadays there are no countermeasures which can ensure full resistance to DDoS; DoS effect can be created even by legitimate users of the systems; internet services become more popular therefore the denial of such a service or diminishing of its quality can cause undesired impact on the other systems or their users.
The main objective of this dissertation is creation of model for the estimation of the composite DDoS attack success. This model would allow estimating of network machine resistance to different type and power DDoS attacks.
The dissertation consists of eight parts including Introduction, 5 chapters, Conclusions and References.
In the introduction, the investigated problem, importance of the thesis and the object of research are defined and the purpose and tasks of the thesis, scientific novelty are described together with the practical significance of results and defended statements. At the end of introduction, author’s... [to full text]
|
Page generated in 0.0156 seconds