Global ETD Search

61	Design and Analysis of Anomaly Detection and Mitigation Schemes for Distributed Denial of Service Attacks in Software Defined Network. An Investigation into the Security Vulnerabilities of Software Defined Network and the Design of Efficient Detection and Mitigation Techniques for DDoS Attack using Machine Learning Techniques Sangodoyin, Abimbola O. January 2019 (has links) Software Defined Networks (SDN) has created great potential and hope to overcome the need for secure, reliable and well managed next generation networks to drive effective service delivery on the go and meet the demand for high data rate and seamless connectivity expected by users. Thus, it is a network technology that is set to enhance our day-to-day activities. As network usage and reliance on computer technology are increasing and popular, users with bad intentions exploit the inherent weakness of this technology to render targeted services unavailable to legitimate users. Among the security weaknesses of SDN is Distributed Denial of Service (DDoS) attacks. Even though DDoS attack strategy is known, the number of successful DDoS attacks launched has seen an increment at an alarming rate over the last decade. Existing detection mechanisms depend on signatures of known attacks which has not been successful in detecting unknown or different shades of DDoS attacks. Therefore, a novel detection mechanism that relies on deviation from confidence interval obtained from the normal distribution of throughput polled without attack from the server. Furthermore, sensitivity analysis to determine which of the network metrics (jitter, throughput and response time) is more sensitive to attack by introducing white Gaussian noise and evaluating the local sensitivity using feed-forward artificial neural network is evaluated. All metrics are sensitive in detecting DDoS attacks. However, jitter appears to be the most sensitive to attack. As a result, the developed framework provides an avenue to make the SDN technology more robust and secure to DDoS attacks. Software Defined Networks (SDN) Network security Attack detection Attack mitigation Controller
62	Network Anomaly Detection with Incomplete Audit Data Patcha, Animesh 04 October 2006 (has links) With the ever increasing deployment and usage of gigabit networks, traditional network anomaly detection based intrusion detection systems have not scaled accordingly. Most, if not all, systems deployed assume the availability of complete and clean data for the purpose of intrusion detection. We contend that this assumption is not valid. Factors like noise in the audit data, mobility of the nodes, and the large amount of data generated by the network make it difficult to build a normal traffic profile of the network for the purpose of anomaly detection. From this perspective, the leitmotif of the research effort described in this dissertation is the design of a novel intrusion detection system that has the capability to detect intrusions with high accuracy even when complete audit data is not available. In this dissertation, we take a holistic approach to anomaly detection to address the threats posed by network based denial-of-service attacks by proposing improvements in every step of the intrusion detection process. At the data collection phase, we have implemented an adaptive sampling scheme that intelligently samples incoming network data to reduce the volume of traffic sampled, while maintaining the intrinsic characteristics of the network traffic. A Bloom filters based fast flow aggregation scheme is employed at the data pre-processing stage to further reduce the response time of the anomaly detection scheme. Lastly, this dissertation also proposes an expectation-maximization algorithm based anomaly detection scheme that uses the sampled audit data to detect intrusions in the incoming network traffic. / Ph. D. high speed networks Anomaly detection weighted sampling denial-of-service expectation-maximization
63	Evaluation of and Mitigation against Malicious Traffic in SIP-based VoIP Applications in a Broadband Internet Environment Wulff, Tobias January 2010 (has links) Voice Over IP (VoIP) telephony is becoming widespread, and is often integrated into computer networks. Because of his, it is likely that malicious software will threaten VoIP systems the same way traditional computer systems have been attacked by viruses, worms, and other automated agents. While most users have become familiar with email spam and viruses in email attachments, spam and malicious traffic over telephony currently is a relatively unknown threat. VoIP networks are a challenge to secure against such malware as much of the network intelligence is focused on the edge devices and access environment. A novel security architecture is being developed which improves the security of a large VoIP network with many inexperienced users, such as non-IT office workers or telecommunication service customers. The new architecture establishes interaction between the VoIP backend and the end users, thus providing information about ongoing and unknown attacks to all users. An evaluation of the effectiveness and performance of different implementations of this architecture is done using virtual machines and network simulation software to emulate vulnerable clients and servers through providing apparent attack vectors. Voice over IP (VoIP) Session Initiation Protocol (SIP) Denial of Service (DoS) malware Intrusion Detection System (IDS) event correlation security architecture
64	Um Sistema de Detecção de Intrusão para Detecção de Ataques de Negação de Serviço na Internet das Coisas. / An Intrusion Detection System for Detection of Attacks Service Denial on the Internet of Things. SOUSA, Breno Fabrício Lira Melo 21 December 2016 (has links) Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-01T15:17:20Z No. of bitstreams: 1 Breno Fabricio.pdf: 3022898 bytes, checksum: d3e376b3280034170ef737c756a8bb30 (MD5) / Made available in DSpace on 2017-08-01T15:17:20Z (GMT). No. of bitstreams: 1 Breno Fabricio.pdf: 3022898 bytes, checksum: d3e376b3280034170ef737c756a8bb30 (MD5) Previous issue date: 2016-12-21 / The paradigm of the Internet of Things (in english, Internet of Things - IoT) came to allow intercommunication between different objects via Internet, and thereby facilitate the form of how the end user will interact with a wide variety of devices that surround him in everyday life. The availability of features that these devices have is a factor that deserves great attention because the use of such resources inappropriately can cause serious damage. Therefore, since such devices are connected to the internet, they are vulnerable to various threats, such as, denial-of-service attack (DoS). In order to tackle DoS type threats in IoT, an Intrusion Detection System (IDS) is proposed for IoT, aiming at detecting some types of DoS attacks. / O paradigma da Internet das Coisas (em inglês, Internet of Things - IoT) surgiu para possibilitar a intercomunicação entre os diferentes objetos através da Internet, e, com isso, facilitar a forma de como o usuário final interagirá com a grande variedade de dispositivos que o cerca no dia a dia. A disponibilidade de recursos que estes dispositivos possuem é um fator que merece uma grande atenção, pois o uso de tais recursos de forma não apropriada pode gerar graves danos. Para tanto, uma vez que tais dispositivos estão conectados à Internet, estes estão vulneráveis a diversas ameaças, como, por exemplo, ataque de negação de serviço (DoS). A fim de enfrentar ameaças do tipo DoS em IoT, propõe-se um IDS (Intrusion Detection System) para IoT, objetivando a detecção de alguns ataques do tipo DoS. Arquitetura de Sistemas de Computação
65	Prilog razvoju metode za detekciju napada ometanjem usluge na Internetu / A contribution to the method for detection of denial of service attacks inInternet Petković Miodrag 24 September 2018 (has links) <p>U ovoj doktorskoj disertaciji predložen je i analiziran metod koji kombinuje primenu entropije odabranih obeležja mrežnog saobraćaja i Takagi-Sugeno-Kang (TSK) neuro-fazi modela u detekciji DoS napada. Entropija je primenjena jer omogućava detekciju širokog spektra statističkih anomalija uzrokovanih DoS napadima dok TSK neuro-fazi model daje dodatni kvalitet u konačnom određivanju tačaka početka i kraja napada povećavajući odnos ispravno i pogrešno detektovanih napada.</p> / <p>In this thesis a new method for DoS attack detection is proposed. This method<br />combines the use of entropy of some characteristic parameters of network traffic<br />and Takagi-Sugeno-Kang (TSK) neuro-fuzzy model. Entropy has been used because<br />it enables detection of wide spectar of network anomalies caused by DoS attacks,<br />while TSK adds new value to final detection of the start and the end of an attack<br />increasing ratio between true and false detections.</p>
66	Robust and secure monitoring and attribution of malicious behaviors Srivastava, Abhinav 08 July 2011 (has links) Worldwide computer systems continue to execute malicious software that degrades the systemsâ performance and consumes network capacity by generating high volumes of unwanted traffic. Network-based detectors can effectively identify machines participating in the ongoing attacks by monitoring the traffic to and from the systems. But, network detection alone is not enough; it does not improve the operation of the Internet or the health of other machines connected to the network. We must identify malicious code running on infected systems, participating in global attack networks. This dissertation describes a robust and secure approach that identifies malware present on infected systems based on its undesirable use of network. Our approach, using virtualization, attributes malicious traffic to host-level processes responsible for the traffic. The attribution identifies on-host processes, but malware instances often exhibit parasitic behaviors to subvert the execution of benign processes. We then augment the attribution software with a host-level monitor that detects parasitic behaviors occurring at the user- and kernel-level. User-level parasitic attack detection happens via the system-call interface because it is a non-bypassable interface for user-level processes. Due to the unavailability of one such interface inside the kernel for drivers, we create a new driver monitoring interface inside the kernel to detect parasitic attacks occurring through this interface. Our attribution software relies on a guest kernelâ s data to identify on-host processes. To allow secure attribution, we prevent illegal modifications of critical kernel data from kernel-level malware. Together, our contributions produce a unified research outcome --an improved malicious code identification system for user- and kernel-level malware. Systems security Virtualization Malware detection Security architecture Malware (Computer software) Denial of service attacks Cyberterrorism Computer viruses Kernel functions
67	Estratégias para tratamento de ataques de negação de serviço na camada de aplicação em redes IP Dantas, Yuri Gil 14 July 2015 (has links) Submitted by Viviane Lima da Cunha (viviane@biblioteca.ufpb.br) on 2016-02-15T12:15:56Z No. of bitstreams: 1 arquivototal.pdf: 3158533 bytes, checksum: 99b0075b0671ec0e3c4fdda3a82a360f (MD5) / Made available in DSpace on 2016-02-15T12:15:56Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 3158533 bytes, checksum: 99b0075b0671ec0e3c4fdda3a82a360f (MD5) Previous issue date: 2015-07-14 / Distributed Denial of Service (DDoS) attacks remain among the most dangerous and noticeable attacks on the Internet. Differently from previous attacks, many recent DDoS attacks have not been carried out over the Transport Layer, but over the Application Layer. The main difference is that in the latter, an attacker can target a particular application of the server, while leaving the others applications still available, thus generating less traffic and being harder to detected. Such attacks are possible by exploiting application layer protocols used by the target application. This work proposes a novel defense, called SeVen, for Application Layer DDoS attacks (ADDoS) based on the Adaptive Selective Verification (ASV) defense used for Transport Layer DDoS attacks. We used two approches to validate the SeVen: 1) Simulation: The entire defense mechanism was formalized in Maude tool and simulated using the statistical model checker (PVeStA). 2) Real scenario experiments: Analysis of efficiency SeVen, implemented in C++, in a real experiment on the network. We investigate the resilience for mitigating three attacks using the HTTP protocol: HTTPPOST, Slowloris, and HTTP-GET. The defence is effective, with high levels of availability, for all three types of attacks, despite having different attack profiles, and even for a relatively large number of attackers. / Ataques de Negação de Serviço Distribuídos (Distributed Denial of Service - DDoS) estão entre os ataques mais perigosos na Internet. As abordagens desses ataques vêm mudando nos últimos anos, ou seja, os ataques DDoS mais recentes não têm sido realizados na camada de transporte e sim na camada de aplicação. A principal diferença é que, nesse último, um atacante pode direcionar o ataque para uma aplicação específica do servidor, gerando menos tráfego na rede e tornando-se mais difícil de detectar. Tais ataques exploram algumas peculiaridades nos protocolos utilizados na camada de aplicação. Este trabalho propõe SeVen, um mecanismo de defesa probabilístico para mitigar ataques DDoS na camada de aplicação, baseada em Adaptive Selective Verification (ASV), um mecanismo de defesa para ataques DDoS na camada de transporte. Foram utilizadas duas abordagens para validar o SeVen: 1) Simulação: Todo o mecanismo de defesa foi formalizado na ferramenta computacional, baseada em lógica de reescrita, chamada Maude e simulado usando um modelo estatístico (PVeStA). 2) Experimentos na rede: Análise da eficiência do SeVen, implementado em C++, em um experimento real na rede. Em particular, foram investigados três ataques direcionados ao Protocolo HTTP: GET FLOOD, Slowloris e o POST. Nesses ataques, apesar de terem perfis diferentes, o SeVen obteve um elevado índice de disponibilidade. Ataques de negação de serviço Camada de aplicação Mecanismo de defesa Application layer Defense mechanism Denial of Service
68	Aplikace pro penetrační testování webových zranitelností typu Denial of Service / Penetration Testing Application for DoS Based Web Vulnerabilities Vrána, Jaroslav January 2011 (has links) This work deals with a issue of a DoS vulnerability in web applications. At first, there are described principles of a computer security, general principles of the DoS and a penetration testing. Further text describes a OWASP Testing Guide v3 for the DoS in web applications. There is a design of own application on basis own experiences. This application is implemented and tested by the web applications.
69	Impact of mobile botnet on long term evolution networks: a distributed denial of service attack perspective Kitana, Asem 31 March 2021 (has links) In recent years, the advent of Long Term Evolution (LTE) technology as a prominent component of 4G networks and future 5G networks, has paved the way for fast and new mobile web access and application services. With these advantages come some security concerns in terms of attacks that can be launched on such networks. This thesis focuses on the impact of the mobile botnet on LTE networks by implementing a mobile botnet architecture that initiates a Distributed Denial of Service (DDoS) attack. First, in the quest of understanding the mobile botnet behavior, a correlation between the mobile botnet impact and different mobile device mobility models, is established, leading to the study of the impact of the random patterns versus the uniform patterns of movements on the mobile botnet’s behavior under a DDoS attack. Second, the impact of two base transceiver station selection mechanisms on a mobile botnet behavior launching a DDoS attack on a LTE network is studied, the goal being to derive the effect of the attack severity of the mobile botnet. Third, an epidemic SMS-based cellular botnet that uses an epidemic command and control mechanism to initiate a short message services (SMS) phishing attack, is proposed and its threat impact is studied and simulated using three random graphs models. The simulation results obtained reveal that (1) in terms of users’ mobility patterns, the impact of the mobile botnet behavior under a DDoS attack on a victim web server is more pronounced when an asymmetric mobility model is considered compared to a symmetric mobility model; (2) in terms of base transceiver station selection mechanisms, the Distance-Based Model mechanism yields a higher threat impact on the victim server compared to the Signal Power Based Model mechanism; and (3) under the Erdos-and-Reyni Topology, the proposed epidemic SMS-based cellular botnet is shown to be resistant and resilient to random and selective cellular device failures. / Graduate Mobile Botnet LTE Long Term Evolution Network Distributed Denial of Service Attack DDoS Cellular Botnet Botnet Cybersecurity Cyber Security Cyber Attacks
70	On the assessment of Denial of Service vulnerabilities affecting smart home systems Andersson, Sebastian, Josefsson, Oliver January 2019 (has links) IoT is an abbreviation of the term Internet of Things. The term describes everydayitems such as light bulbs that are connected to the Internet. IoT is a field that isgrowing very quickly with some researchers and industry leaders predicting thatthere will be up to 200 billion connected IoT devices in the world by 2020. Many IoTdevices are developed by smaller companies looking to capitalize on a specific needin the market. Because of this, the companies may favor launching a product as fastas possible which could mean that the devices may have not been adequately testedfor different vulnerabilities.The IoT and Smart Home market is currently experiencing rapid growth and all signspoint towards that continuing in the future. This thesis focuses on testing forvulnerabilities to Denial of Service attacks in common-off-the-shelf IoT devices thatcan be found in a smart home environment. The purpose of this thesis is to createmore knowledge about the vulnerabilities that can be found in Internet connecteddevices that are used daily.This thesis includes experiments using OpenVAS, which is a vulnerability scannerdeveloped by Greenbone Security used to test for vulnerabilities to Denial of Serviceattacks in IoT devices. The devices that are tested are Sony PlayStation 4, IKEATrådfri Smart Lighting, Google Chromecast (First Generation), Apple TV (ThirdGeneration) and D-Link DCS-930LB Wi-Fi IP-Camera. The firmware/software of allthe devices are updated as of April of 2019.The results of the conducted experiments show that all the tested devices besidesChromecast and IKEA Trådfri had vulnerabilities to Denial of Service attacks.PlayStation 4 was the device with the highest amount of vulnerabilities (9) and thevulnerability with highest possible severity (10.0). The effects of a Denial of Serviceattack range from an annoyance, when a gaming console is unavailable, to a securityrisk when an IP camera can be temporarily disabled. Internet of Things (IoT) IoT IoT Vulnerability Vulnerability Testing OpenVAS Availability Denial of Service Smart Home Engineering and Technology Teknik och teknologier

Search results