Cooperative Defense Against DDoS Attack using GOSSIP Protocol

Sohail, Imran, Hayat, Sikandar

January 2009

The ability to detect and prevent a network from DDoS attack and to ensure the high quality infrastructure is a back bone of today’s network security issues. In this thesis, we have successfully validated an algorithm using OmNet++ Ver. 4.0 simulation to show how a DDoS attack can be detected and how the nodes can be protected from such an attack using GOSSIP protocol.

GOSSIP protocol

DDoS attack

Multicasting

Continuous Monitoring

Computer Sciences

Datavetenskap (datalogi)

Telecommunications

Telekommunikation

Analys av DDoS-attacker för identifiering och prevention

Genestig, Peter, Gustafsson, Joel

January 2014

Beroendet av internet har ökat markant över de senaste tjugo åren, detta har medförtatt tjänster som tidigare tillhandahölls lokalt i fysisk form har sakta fasats ut. Samhälletsförtroende för internet och dess struktur medför vissa svagheter, som öppnar upp förattacker vilka kan överbelasta plattformar och göra företagets tjänster otillgängliga.Syftet med arbetet är att identifiera DDoS-attacker från pcap-filer och undersöka hurDRDoS-attacker skalar. Arbetet tar även upp frågeställningar om likheter och skillnadermellan attackerna som används samt huruvida de skiljer sig från legitim trafik och hurdetta kan vara ett problem när skydd eller liknande implementeras.För att besvara frågeställningarna har vi valt att göra tre experiment samt analys. De treexperiment görs i en fysisk labbmiljö där attackerna kan ske på ett kontrollerat miljö,där pcap-filer kan samlas in för analys.I arbetet påvisades att en reflektionsattack som utnyttjade DNS kunde uppnå enskalning med en faktor på 80 gånger. Det har även påvisats vilka likheter som finnsmellan de fem attacker som granskades.

Analys

DDoS

DRDoS

Identifiering

Prevention

Computer Engineering

Datorteknik

Computer Systems

Datorsystem

Rozšíření nástroje JMeter / Implementation of plugins for JMeter

Švehlák, Milan

January 2017

This thesis discusses the load testing tool JMeter and its opportunities for expansion by modules carrying out cyber attacks of the type Denial of Service (DoS). To begin with, there is a theoretical overview of cyber attacks of this type. The following chapter, talks about the JMeter tool, namely its functions and expansion options. After that, it is proceeded to the actual design and realization of the modules. The module implementing the attack HTTP Flood is created first. This module uses internal functions of the program JMeter. This new module is tested. Next chapter folows the procedure of creating modules, that use external generator of network traffic. Modules SYN Flood, ICMP Flood and NTP Flood are implemented using the generator Trafgen. Module implementing attack Slowloris uses a Python script as a generator of the attack. Finally, all the new modules are tested.

Automatizovaná tvorba reportů zátěžového testování / Automatic Generation of Load Testing Reports

Oškera, Jakub

January 2018

The diploma thesis deals with the development of a tool for automated generation of load testing reports, which is implemented in the form of a plug-in into the load tester JMeter as one of its components. The theoretical part contains an analysis of load testing and DDoS parameters, which are the output of a web report. The thesis includes an analysis of available template processors. Based on the analysis of processor’s properties, the most appropriate one was chosen. This processor was then used in a tool that, using the web technologies, generates a report in a form of interactive web page. The thesis also mentions the installation and operation of the created JMeter software plug-in. The diploma thesis describes the whole process of the development of the plug-in.

Automatická mitigace DDoS útoku / Automation of DDoS Attack Mitigation

Nagy, Peter

January 2018

The aim of this thesis is automation of DDoS attack mitigation. This thesis provides an overview of GNU/Linux network platforms and different approaches for their configuration. The aim is to select a platform that could be extended to automate DDoS mitigation. DDoS attack types are explained as well. Selected methods for DDoS mitigation are described in more detail such as Remote Triggered Black Hole and BGP Flowspec. Existing tools like DDoS Defender and FastNetMon are used to detect a DDoS attack. NETX was chosen as target implementation platform. To communicate with devices, API or BGP protocol with Flowspec extension are used.

Modelování a detekce útoku SlowDrop / Modeling and detection of SlowDrop attack

Mazánek, Pavel

January 2020

The work's main topic is a recently published slow DoS attack called SlowDrop. The work focuses on the subject of describing the current state of the DoS problem as a whole and the SlowDrop attack as well. It works with this theoretical basis during the implementation of it's own SlowDrop attack model. This model is tested in various scenarios and the outcome results are analyzed and constructively discussed. Furthermore defensive mechanisms against this threat and DoS attacks in general are proposed, specific methods shown and configurations recommended. These methods are followingly tested and evaluated. Last but not least the traffic of a SlowDrop attacker and a legitimate client with bad connection, which the SlowDrop attack is trying to immitate, are compared. From this comparison final conclusions of this work are drawn.

Detekce útoku SlowDrop / SlowDrop attack detection

Náčin, Peter

January 2021

The diploma thesis is focused on the detection of a slow DoS attack named SlowDrop. The attack tries to imitate a legitimate person with a slow internet connection and does not show a new strong signature, so the attack is difficult to detect. The diploma thesis is based on the work of Ing. Mazanek in which the SlowDrop attack script was created. At the theoretical level, the issue of DoS attacks is described in general, but also in particular. Furthermore, the work develops methods for solving the problem of SlowDrop attack detection. The methods are then defined in detail and tested in a simulation environment. The practical part describes data analysis, signature detection, anomaly detection using neural networks and a detection script. In all practical parts, the used technologies and solution procedures are described in detail. The specific implementation of the solution and the achieved results are also presented. Finally, the individual results are evaluated, compared individually, but also among themselves. The obtained results show that the attack is detectable using a neural network and by created detection script.

Proxy servery v síti Internet / Proxy servers in Internet

Henek, Jan

January 2016

The goal of this paper is to analyze the representation of proxy servers in cyber attacks conducted by Internet. For this purpose I used method which compares tested IP address with database of open proxy servers. I assembled a list of IP address taken from the blacklist of cyber attacks committed in 2015. Then I checked this list with the created program Proxy checker and compared them with a database of open proxy servers. By measurement I demonstrate the inefficacy of this method for reverse detection of proxy servers in the IP list of past attacks.

Detekce anomálií síťového provozu / Network Anomaly Detection

Lieskovan, Tomáš

January 2017

This semester project presents an analysis of network traffic and detection of anomalies in network traffic by several various means. In the first part of the paper there is an explanation of the methods aiming at denial of service. Then in the second part an implementation of protection by means of selected solutions is presented. The intent is to compare these means which are supposed to detect cyber attacks aiming at denial of service. Another intent is to choose the best solutions from the categories of open-source and commercial solutions. The target of the master thesis was to work out a comparison between actual solutions for detection of DoS and DDoS attacks.

Domain-Driven Security’s take on Denial-of-Service (DoS) Attacks / Domändriven säkerhet som skydd mot Denial-of-Service-attacker

Arnör, Johan

January 2016

Many companies and organisations today suffer from Denial-of-Service (DoS) attacks, which can have direct and indirect economical consequences. This thesis tackles this problem with a novel approach by utilising domain specific behaviour and knowledge. The goal is to distinguish malicious attacks from legitimate usage and to alter overall system behaviour at the event of a DoS attack. Distributed DoS attacks (DDoS) are examined as well as a category suggested in this thesis, namely Domain DoS attacks. A simple e-commerce system is developed based on the principles of Domain-Driven Design in order to test the given approach. Five examples of DoS attacks are presented and tested towards the system. The results indicate that utilising domain behaviour is a suitable approach in order to mitigate DoS attacks, but it requires deep integration with the application itself. / Många företag och organisationer lider idag av Denial-of-Service-attacker (DoS-attacker), som kan få direkta och indirekta ekonomiska konsekvenser. Denna avhandling ser nytänkande på detta problem genom att dra nytta av domänspecifikt beteende och kunskap. Målet är att skilja skadliga attacker från legitimt användande och att ändra systemets beteende i händelse av en DoS-attack. Distribuerade DoS-attacker (DDoS) undersöks så väl som en kategori föreslagen i denna avhandling, kallad Domän DoS-attacker. Ett enkelt e-handelssystem utvecklas baserat på principer från domändriven design i syfte att testa den givna tesen. Fem exempel av DoS-attacker är presenterade och testade gentemot systemet. Resultaten indikerar att utnyttjandet av domänbeteende är ett lämpligt tillvägagångssätt för att avvärja DoS-attacker, men att det kräver djup integration med applikationen.

Denial-of-Service

DoS

DDoS

Domain DoS

Domain-Driven Design

Domain-Driven Security

Computer Sciences

Datavetenskap (datalogi)