Filters








8,637 Hits in 9.8 sec

Scalable Network-Layer Defense Against Internet Bandwidth-Flooding Attacks

K. Argyraki, D.R. Cheriton
2009 IEEE/ACM Transactions on Networking  
We present Active Internet Traffic Filtering (AITF), a mechanism that protects public-access sites from highly distributed attacks by causing undesired traffic to be blocked as close as possible to its  ...  A distributed denial-of-service (DDoS) attack can flood a victim site with malicious traffic, causing service disruption or even complete failure.  ...  RELATED WORK Bandwidth flooding belongs to the wider topic of denial of service (DoS), which covers source-address spoofing, attack detection, undesired-traffic identification, and application-level attacks  ... 
doi:10.1109/tnet.2008.2007431 fatcat:6qhiibb5zffgtbfgut42wqzlbq

Hop-count filtering

Cheng Jin, Haining Wang, Kang G. Shin
2003 Proceedings of the 10th ACM conference on Computer and communication security - CCS '03  
IP spoofing has often been exploited by Distributed Denial of Service (DDoS) attacks to (1) conceal flooding sources and localities in flooding traffic, and (2) coax legitimate hosts into becoming reflectors  ...  On the other hand, an Internet server can easily infer the hop-count information from the Time-to-Live (TTL) field of the IP header.  ...  IP spoofing is usually associated with malicious network behaviors, such as Distributed Denial of Service (DDoS) attacks.  ... 
doi:10.1145/948109.948116 dblp:conf/ccs/JinWS03 fatcat:r5kq2hwrlje63dtvq4ity6zgrq

Hop-count filtering

Cheng Jin, Haining Wang, Kang G. Shin
2003 Proceedings of the 10th ACM conference on Computer and communication security - CCS '03  
IP spoofing has often been exploited by Distributed Denial of Service (DDoS) attacks to (1) conceal flooding sources and localities in flooding traffic, and (2) coax legitimate hosts into becoming reflectors  ...  On the other hand, an Internet server can easily infer the hop-count information from the Time-to-Live (TTL) field of the IP header.  ...  IP spoofing is usually associated with malicious network behaviors, such as Distributed Denial of Service (DDoS) attacks.  ... 
doi:10.1145/948112.948116 fatcat:jgerpjxjazbsradr5ghjytr2oa

Stateful DDoS attacks and targeted filtering

Shigang Chen, Yong Tang, Wenliang Du
2007 Journal of Network and Computer Applications  
The goal of a DDoS (distributed denial of service) attack is to completely tie up certain resources so that legitimate users are not able to access a service.  ...  We prove the correctness of the proposed defense mechanism, evaluate its efficiency by analysis and simulations, and establish its worst-case performance bounds in response to stateful DDoS attacks.  ...  DDoS (Distributed Denial of Service) is among the most-threatening Internet security problems. There are a variety of DDoS attacks [1] .  ... 
doi:10.1016/j.jnca.2005.07.007 fatcat:qnxvt2knxrgrxdbm3hf5lwfku4

Filtering of shrew DDoS attacks in frequency domain

Yu Chen, Kai Hwang, Yu-Kwong Kwok
2005 The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l  
Index Terms-Network security, distributed denial of service (DDoS), reduction of quality (RoQ), digital signal processing (DSP), Internet traffic analysis  ...  The shrew Distributed Denial of Service (DDoS) attacks are periodic, bursty, and stealthy in nature. They are also known as Reduction of Quality (RoQ) attacks.  ...  INTRODUCTION ISTRIBUTED Denial of Service (DDoS) attacks have become one of the major threats to Internet services and electronic transactions [5] , [22] , [26] .  ... 
doi:10.1109/lcn.2005.70 dblp:conf/lcn/ChenHK05 fatcat:6tkxzyvxbzgqpgnmjcqarjrt5y

Whitelists Based Multiple Filtering Techniques in SCADA Sensor Networks

DongHo Kang, ByoungKoo Kim, JungChan Na, KyoungSon Jhang
2014 Journal of Applied Mathematics  
Our proposed system detects the traffic of network and application protocol attacks with a set of whitelists collected from normal traffic.  ...  Internet of Things (IoT) consists of several tiny devices connected together to form a collaborative computing environment.  ...  And this work was supported by the IT R&D program of MSIP/KEIT [010041560, a development of anomaly detection and multilayered response technology to protect an intranet of a control system for the availability  ... 
doi:10.1155/2014/597697 fatcat:v2fbjb5wgfa6foeh7qnrandgda

A Comparative Study on Capability v/s. Filtering based Defense Mechanisms

Shubha Mishra, R. K. Pateriya
2014 International Journal of Computer Applications  
Denial-of-Service and Distributed Denial-of-Service attacks have been the attack forms with maximum impact on their victims since their origin.  ...  Keywords DoS, DDoS, filtering and capability-based mechanisms, attack traffic and legitimate traffic.  ...  Denial of service took a more dangerous turn with the origin of Distributed Denial-of-Service attack.  ... 
doi:10.5120/16261-5922 fatcat:wexrv2cxd5av3ks42xbb2l2yuy

DESIGN A SECURITY FIREWALL POLICY TO FILTER INCOMING TRAFFIC IN PACKET SWITCHED NETWORKS USING CLASSIFICATION METHODS

Shirin Bateni, Ali Asghar Khavasi
2016 Ciência e Natura  
In this paper, we present a machine learning based algorithm that filter Denial of Service (DoS) attacks in networks.  ...  In addition, inserting or modifying a filtering rule requires to overcome and filter a range of special attacks or issues in network.  ...  Acknowledgment Many thanks to my mother and my father, who show me the initial path of life, and always they have been my companion and supporter.  ... 
doi:10.5902/2179460x21530 fatcat:wisqfruqyfbkxh6jwkdjoicgwy

Mitigating DDoS using Threshold-based Filtering in Collaboration with Capability Mechanisms

Shubha Mishra, R. K. Pateriya
2014 International Journal of Computer Applications  
However, they are vulnerable to a new type of attack called Denial-of-Capability attack. Also, bandwidth flooding is another serious issue.  ...  General Terms Threshold-based filtering, Regular and Request traffic, Packet analysis, Attacker, Colluder and legitimate traffic.  ...  INTRODUCTION Internet was originally developed with an aim to provide an open, effortless and timely communication and services to all.  ... 
doi:10.5120/16833-6597 fatcat:4ow2wdlt2jcc7eypjripdmdcse

Network fault detection with Wiener filter-based agent

Mouhammd Al-Kasassbeh, Mo Adda
2009 Journal of Network and Computer Applications  
Mobile agent combines with statistical methods based on the Wiener filter to collect and analyze the network data in order to detect anomalous behaviour in the network traffic.  ...  The algorithm was tested against four network attacks in both light and heavy traffic scenarios.  ...  This resulted in a degradation of performance and denial of service in some cases.  ... 
doi:10.1016/j.jnca.2009.02.001 fatcat:swxruhknhnggdnubmbzz33o5la

Utilizing bloom filters for detecting flooding attacks against SIP based services

Dimitris Geneiatakis, Nikos Vrakas, Costas Lambrinoudakis
2009 Computers & security  
Voice over IP (VoIP) Flooding attacks Denial of Service Bloom filter Security a b s t r a c t Any application or service utilizing the Internet is exposed to both general Internet attacks and other specific  ...  Consequently, the employment of critical services, like Voice over IP (VoIP) services, over the Internet is vulnerable to such attacks and, on top of that, they offer a field for new attacks or variations  ...  It is therefore reasonable for every critical real-time application to treat architectures like the Internet as hostile environments.  ... 
doi:10.1016/j.cose.2009.04.007 fatcat:d7gm2ijdkbbsrnpllqesqfjtzm

MULAN: Multi-Level Adaptive Network Filter [chapter]

Shimrit Tzur-David, Danny Dolev, Tal Anker
2009 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
The scope of this research focuses primarily on denial of service (DoS) attacks and distributed DoS (DDoS). Our goal is detection and prevention of attacks.  ...  When an attack is detected, a good security engine should screen away the offending packets and continue to forward all other traffic.  ...  A distributed denial of service (DDoS) attack launches a coordinated DoS attack toward the victim from geographically diverse Internet nodes.  ... 
doi:10.1007/978-3-642-05284-2_5 fatcat:rh4b2wdrfbb5tmbzihgtw3orr4

Intrusion Detection System based on the SDN Network, Bloom Filter and Machine Learning

Traore Issa, Kone Tiemoman
2019 International Journal of Advanced Computer Science and Applications  
Indeed, distributed denial of service attacks (DDoS) are difficult to detect in real time. In particular, it concerns the distinction between legitimate and illegitimate packages.  ...  This document deals with the detection, and correction of DDoS attacks based on real-time behavioral analysis of traffic.  ...  ACKNOWLEDGMENT The Publication of this research was supported by the Mathematics Research Institute.  ... 
doi:10.14569/ijacsa.2019.0100953 fatcat:mapuy2cysjdr7ehkou37s7rchu

Securing Data using Pre-filtering and Traceback Method

G Vaithiyanathan
2012 IOSR Journal of Computer Engineering  
In this paper, we propose RegEx-Filter(pre-filtering approach) and IP traceback method to trace an unauthorized access incidents in the Internet, The current control technologies cannot stop specific way  ...  The generation of RegEx is tricky as it needs to tradeoff between two conflicting goals: filtering effectiveness, which means to filter out as many unmatched items as possible, and matching speed, which  ...  The reason is that denial of service (DoS) attacks, which have recently increased in number, can easily trace their sources of IP addresses using traceback method [2] .  ... 
doi:10.9790/0661-0723540 fatcat:jbiyuoiimbdglj66cc3hafs5sy

Bloom filter-based IP Traceback on Netfilter open-source framework

Tabassom Shahsafi, Bahram Bahrambeigy, Mahmood Ahmadi
2015 2015 7th Conference on Information and Knowledge Technology (IKT)  
IP packet Traceback is one of the important defense mechanisms against Denial of Service (DoS) attacks because it traces packets from source to destination.  ...  Routing only based on destination IP address is one of the major potential threats of current Internet routers that enables attackers to attack victims from forged sources.  ...  CONCLUSION In this paper one of the important threats of the Internet i.e. Denial of Service (DoS) and proposed techniques to detect and prevent these types of attacks discussed.  ... 
doi:10.1109/ikt.2015.7288672 fatcat:f4o4tazrhrbqngoac7tb7w7yoe
« Previous Showing results 1 — 15 out of 8,637 results