A collaborative architecture agianst DDOS attacks for cloud computing systems. / Uma arquitetura colaborativa contra ataques distribuídos de negação de serviço para sistemas de computação em nuvem.

Thiago Rodrigues Meira de Almeida

14 December 2018

Distributed attacks, such as Distributed Denial of Service (DDoS) ones, require not only the deployment of standalone security mechanisms responsible for monitoring a limited portion of the network, but also distributed mechanisms which are able to jointly detect and mitigate the attack before the complete exhaustion of network resources. This need led to the proposal of several collaborative security mechanisms, covering different phases of the attack mitigation: from its detection to the relief of the system after the attack subsides. It is expected that such mechanisms enable the collaboration among security nodes through the distributed enforcement of security policies, either by installing security rules (e.g., for packet filtering) and/or by provisioning new specialized security nodes on the network. Albeit promising, existing proposals that distribute security tasks among collaborative nodes usually do not consider an optimal allocation of computational resources. As a result, their operation may result in a poor Quality of Service for legitimate packet flows during the mitigation of a DDoS attack. Aiming to tackle this issue, this work proposes a collaborative solution against DDoS attacks with two main goals: (1) ensure an optimal use of resources already available in the attack\'s datapath in a proactive way, and (2) optimize the placement of security tasks among the collaborating security nodes. Regardless the characteristics of each main goal, legitimate traffic must be preserved as packet loss is reduced as much as possible. / Sem resumo

Computação em nuvem

Segurança de redes

Cloud computing

DDOS

SDN

Security

SFC

En jämförelse av skyddsmetoder vid en TCP SYN-Flood-attack / A comparison of protection methods at a TCP SYN-Flood attack

Bilger, Mattias

January 2018

Syftet med studien är att undersöka hur processor-, minnesanvändning och responstid påverkas vid en Distributed Denial-of-Service (DDoS) attack av typen TCP SYN-Flood. För att testa detta används metoderna Baseline (utan SYN-Cookies), Mod_Evasive, Suricata samt SYN-Cookies. Delar av resultatet går att jämföra med tidigare forskning vad beträffar metoden SYN-Cookies med processoranvändning och responstid, för övriga metoder har det ej gått att hitta någon forskning som påvisar resursanvändning och responstid över tid. Studien kan hjälpa organisationer och myndigheter att göra ett informerat val av skydd mot en TCP SYN-Flood-attack beträffande processor-, minnesanvändning och responstid. Resultaten av studien visar att Mod_Evasive använder lägst processor-, minnesanvändning och har lägst responstid av skyddsmetoderna.

ddos

syn-flood

syn flood

Other Computer and Information Science

Annan data- och informationsvetenskap

High Orbit Ion Cannon : Går det att skydda sig?

Jonsson, Robin, Blixt, Simon

January 2012

No description available.

High Orbit Ion Cannon

Low Orbit Ion Cannon

HOIC

LOIC

DDoS

Botnet

Anonymous

Scalable and efficient distributed algorithms for defending against malicious Internet activity

Sung, Minho

31 July 2006

The threat of malicious Internet activities such as Distributed Denial of Service (DDoS) attacks, spam emails or Internet worms/viruses has been increasing in the last several years. The impact and frequency of these malicious activities are expected to grow unless they are properly addressed. In this thesis, we propose to design and evaluate a set of practical and effective protection measures against potential malicious activities in current and future networks. Our research objective is twofold. First, we design the methods to defend against DDoS attacks. Our research focuses on two important issues related to DDoS attack defense mechanisms. One issue is the method to trace the sources of attacking packets, which is known as IP traceback. We propose a novel packet logging based (i.e., hash-based) traceback scheme using only a one-bit marking field in IP header. It reduces processing and storage cost by an order of magnitude than the existing hash-based schemes, and is therefore scalable to much higher link speed (e.g., OC-768). Next, we propose an improved traceback scheme with lower storage overhead by using more marking space in IP header. Another issue in DDoS defense is to investigate protocol-independent techniques for improving the throughput of legitimate traffic during DDoS attacks. We propose a novel technique that can effectively filter out the majority of DDoS traffic, thus improving the overall throughput of the legitimate traffic. Second, we investigate the problem of distributed network monitoring. We propose a set of novel distributed data streaming algorithms that allow scalable and efficient monitoring of aggregated traffic. Our algorithms target the specific network monitoring problem of finding common content in traffic traversing several nodes/links across the Internet. These algorithms find applications in network-wide intrusion detection, early warning for fast propagating worms, and detection of hot objects and spam traffic.

Network security

DDoS attack

Computer networks Security measures

Computer networks Monitoring

Modeling and control of network traffic for performance and secure communications

Xiong, Yong

17 February 2005

The objective of this research is to develop innovative techniques for modeling and control of network congestion. Most existing network controls have discontinuous actions, but such discontinuity in control actions is commonly omitted in analytical models, and instead continuous models were widely adopted in the literature. This approximation works well under certain conditions, but it does cause significant discrepancy in creating robust, responsive control solutions for congestion management. In this dissertation, I investigated three major topics. I proposed a generic discontinuous congestion control model and its design methodology to guarantee asymptotic stability and eliminate traffic oscillation, based on the sliding mode control (SMC) theory. My scheme shows that discontinuity plays a crucial role in optimization of the I-D based congestion control algorithms. When properly modeled, the simple I-D control laws can be made highly robust to parameter and model uncertainties. I discussed applicability of this model to some existing flow or congestion control schemes, e.g. XON/XOFF, rate and window based AIMD, RED, etc. It can also be effectively applied to design of detection and defense of distributed denial of service (DDoS) attacks. DDoS management can be considered a special case of the flow control problem. Based on my generic discontinuous congestion control model, I developed a backward-propagation feedback control strategy for DDoS detection and defense. It not only prevents DDoS attacks but also provides smooth traffic and bounded queue size. Another application of the congestion control algorithms is design of private group communication networks. I proposed a new technique for protection of group communications by concealment of sender-recipient pairs. The basic approach is to fragment and disperse encrypted messages into packets to be transported along different paths, so that the adversary cannot efficiently determine the source/recipient of a message without correct ordering of all packets. Packet flows among nodes are made balanced, to eliminate traffic patterns related to group activities. I proposed a sliding window-based flow control scheme to control transmission of payload and dummy packets. My algorithms allow flexible tradeoff between traffic concealment and performance requirement.

discontinuous congestion control

network performance

sliding mode control

DDoS

traffic anonymity

Αναγνώριση επιθέσεων DDoS σε δίκτυα υπολογιστών

Δαμπολιάς, Ιωάννης

16 May 2014

Στόχος της εργασίας είναι η μελέτη των κατανεμημένων επιθέσεων άρνησης υπηρεσίας σε δίκτυα υπολογιστών καθώς και οι τρόποι αντιμετώπισής και αναγνώρισής τους με χρήση νευρωνικού δικτύου. / The aim of this work is the study of distributed denial of service attacks on computer networks. Analyze the methods of DDoS attacks as well as how to deal and recognize them by using neural network.

Δίκτυα υπολογιστών

005.8

Computer networks

Distributed denial of service (DDoS)

Προστασία συστημάτων από κατανεμημένες επιθέσεις στο Διαδίκτυο / Protecting systems from distributed attacks on the Internet

Στεφανίδης, Κυριάκος

17 March 2014

Η παρούσα διατριβή πραγματεύεται το θέμα των κατανεμημένων επιθέσεων άρνησης υπηρεσιών στο Διαδίκτυο. Αναλύει τα υπάρχοντα συστήματα αντιμετώπισης και τα εργαλεία που χρησιμοποιούνται για την εξαπόλυση τέτοιου είδους επιθέσεων. Μελετά τον τρόπο που οργανώνονται οι επιθέσεις και παρουσιάζει την αρχιτεκτονική και την υλοποίηση ενός πρωτότυπου συστήματος ανίχνευσης των πηγών μιας κατανεμημένης επίθεσης άρνησης υπηρεσιών, καθώς και αντιμετώπισης των επιθέσεων αυτών. Τέλος, ασχολείται με το θέμα της ανεπιθύμητης αλληλογραφίας ως μιας διαφορετικού είδους επίθεση άρνησης υπηρεσιών και προτείνει ένα πρωτότυπο τρόπο αντιμετώπισής της. / In our thesis we deal with the issue of Distributed Denial of Service attacks on the Internet. We analyze the current defense methodologies and the tools that are used to unleash this type of attacks. We study the way that those attacks are constructed and organized and present a novel architecture, and its implementation details, of a system that is able to trace back to the true sources of such an attack as well as effectively filter such attacks in real time. Lastly we deal with the issue of spam e-mail as a different form of a distributed denial of service attack and propose a novel methodology that deals with the problem.

Ασφάλεια δικτύων

005.8

Network security

Attacks on structured P2P overlay networks : Simulating Sybil Attacks

Tefera, Mismaku Hiruy

January 2014

No description available.

P2P

DHT

Chord

CAN

Pastry

Tapestry

P-Grid and MediaSense

Sybil attack

DDos attack

OMNeT++

OverSim.

Framework for botnet emulation and analysis

Lee, Christopher Patrick

12 March 2009

Criminals use the anonymity and pervasiveness of the Internet to commit fraud, extortion, and theft. Botnets are used as the primary tool for this criminal activity. Botnets allow criminals to accumulate and covertly control multiple Internet-connected computers. They use this network of controlled computers to flood networks with traffic from multiple sources, send spam, spread infection, spy on users, commit click fraud, run adware, and host phishing sites. This presents serious privacy risks and financial burdens to businesses and individuals. Furthermore, all indicators show that the problem is worsening because the research and development cycle of the criminal industry is faster than that of security research. To enable researchers to measure botnet connection models and counter-measures, a flexible, rapidly augmentable framework for creating test botnets is provided. This botnet framework, written in the Ruby language, enables researchers to run a botnet on a closed network and to rapidly implement new communication, spreading, control, and attack mechanisms for study. This is a significant improvement over augmenting C++ code-bases for the most popular botnets, Agobot and SDBot. Rubot allows researchers to implement new threats and their corresponding defenses before the criminal industry can. The Rubot experiment framework includes models for some of the latest trends in botnet operation such as peer-to-peer based control, fast-flux DNS, and periodic updates. Our approach implements the key network features from existing botnets and provides the required infrastructure to run the botnet in a closed environment.

Simulation

Simulators

Emulation

Spam

DDoS

Information security

Botnets

Network security

Computer networks Security measures

Computer crimes

Australian Legal Ramifications of Information System and Data Security Compromise: A review of issues, technology and law.

Quentin Cregan

Unknown Date

Computer intrusions and attacks compromise individuals, companies and communities. Whilst it is clear that computer and information security studies point to a generalised increase in the number and sophistication of computer security attacks over the past decade and that nations now entirely rely upon computer systems, insufficient attention is paid to the protection of those systems. Computer data and network systems affect our everyday lives, from the supply-chain software that ensures that the shelves are stocked at the supermarket, to systems that manage finance and share markets. Compromises of computer security are, therefore, rightly seen both as an attack on those individual entities whose systems and information are compromised, and as a communal attack upon the people and organisations that rely upon or use computer systems, both directly and indirectly. The aim of this thesis is to give an analysis of computer system security, information protections and the legal ramifications of computer security compromise, notably, data security compromise in Australia. Ultimately, the aim is to address three overlapping questions: what are the ways in which systems are breached, what are the legal consequences of a breach and are those consequences adequate? This paper looks at the underlying technology and relationships between actors involved in the majority of security compromises and looks at the common factors in how systems and networks are attacked and actors damaged. The paper then goes on to look at criminal liability for security compromises and shows how a criminal analysis feeds into the proper civil law consideration of the topic. Finally, the paper looks at data security through the lens of privacy. Ultimately, this paper concludes that Australia is inconsistent in its legal responses to information security incidents. Such variations are based on the area of law being discussed and dependent on the breach methodology and outcome. The criminal law provides the most current and potent legal protection any business or individual has had in this field. This is followed by statutory privacy law which provides a narrow degree of coverage and provides only a weak conciliation process for addressing data security issues. Finally, common law and equity provide the most uncertain commercial remedies for those that suffer data security breach. This paper concludes that present protections are inadequate and uncertain, and that change is required.

18 Law and Legal Studies