Filters








411 Hits in 5.1 sec

The Closed Resolver Project: Measuring the Deployment of Source Address Validation of Inbound Traffic [article]

Maciej Korczyński, Yevheniya Nosyk, Qasim Lone, Marcin Skwarek, Baptiste Jonglez, Andrzej Duda
2020 arXiv   pre-print
Overall, we discover 13.9 K IPv6 open resolvers that can be exploited for amplification DDoS attacks - 13 times more than previous work.  ...  The absence of SAV for outgoing traffic has been known as a root cause of Distributed Denial-of-Service (DDoS) attacks and received widespread attention.  ...  One of the most-recently discovered attacks, namely the NXNSAttack, can exploit open recursive resolvers in DDoS attacks to reach an amplification factor of up to 1620.  ... 
arXiv:2006.05277v1 fatcat:c5tgxuywozdqpl7atvwmjxrjae

Labelled Dataset on Distributed Denial-of-Service (DDoS) Attacks Based on Internet Control Message Protocol Version 6 (ICMPv6)

Selvakumar Manickam, Adnan Hasan Bdair AIghuraibawi, Rosni Abdullah, Zaid Abdi Alkareem Alyasseri, Karrar Hameed Abdulkareem, Mazin Abed Mohammed, Ayman Alani, Nawab Muhammad Faseeh Qureshi
2022 Wireless Communications and Mobile Computing  
The most dangerous attack against IPv6 networks today is a distributed denial-of-service (DDoS) attack using Internet Control Message Protocol version 6 (ICMPv6) messages.  ...  The goal of this work is to create a comprehensive ICMPv6-DDoS attack dataset that can be used for tuning, benchmarking, and evaluating any detection systems designed to detect ICMPv6-DDoS attacks.  ...  The variety of potential ICMPv6-DDoS attacks ensures the dependability of a detection model. Table 3 shows the different DDoS attack scenarios that were carried out.  ... 
doi:10.1155/2022/8060333 fatcat:dcv5uzlhhnadfm27dxnyeowcda

ICMPv6-based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A REVIEW

Mohammad Tayyab, Bahari Belaton, Mohammed Anbar
2020 IEEE Access  
OPEN CHALLENGES This review gives an overall picture of the existing ML-based IDS models for the detection of ICMPv6-based DoS and DDoS attacks.  ...  The potential of an ensemble framework using a parallel/distributed environment can be highly effective in the detection of DDoS attacks based on ICMPv6 messages, hence this area of research also needs  ... 
doi:10.1109/access.2020.3022963 fatcat:4ceado2idrh5zb7sxlw3q7denu

Adaptive response system for distributed denial-of-service attacks

Vrizlynn L. L. Thing, Morris Sloman, Naranker Dulay
2009 2009 IFIP/IEEE International Symposium on Integrated Network Management  
of DDoS attacks.  ...  Experiments on DARE show that the attack detection and mitigation were successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate  ...  We also looked into the protection of next generation IPv6 networks from DDoS attacks.  ... 
doi:10.1109/inm.2009.5188887 dblp:conf/im/ThingSD09 fatcat:snsnw7mrangqrhlvbniorqorkq

DNSSEC and its potential for DDoS attacks

Roland van Rijswijk-Deij, Anna Sperotto, Aiko Pras
2014 Proceedings of the 2014 Conference on Internet Measurement Conference - IMC '14  
However, a common argument against the deployment of DNSSEC is its potential for abuse in Distributed Denial of Service (DDoS) attacks, in particular reflection and amplification attacks.  ...  The potential for abuse in DNSSEC-signed domains has, however, never been assessed on a large scale. In this paper we establish ground truth around this open question.  ...  Additionally, we thank VeriSign for sharing data on .com and .net and the Public Interest Registry (PIR) for sharing data on .org.  ... 
doi:10.1145/2663716.2663731 dblp:conf/imc/Rijswijk-DeijSP14 fatcat:6f7qs7u6sbczpethybg2sbgrse

Moving Target Defense for Securing SCADA Communications

Vahid Heydari
2018 IEEE Access  
Another contribution is preventing black hole attacks and bandwidth depletion DDoS attacks through the use of extra paths between the peer hosts.  ...  Improving privacy and anonymity for communicating hosts by removing permanent IP addresses from all packets is also one of the major contributions of this paper.  ...  depletion Distributed Denial-of-Service (DDoS) attacks (that only need the subnet ID instead of the exact IPv6 address of a target).  ... 
doi:10.1109/access.2018.2844542 fatcat:kmgz5jbb4bdytkjw6u4yytzetq

Analyzing Enterprise DNS Traffic to Classify Assets and Track Cyber-Health [article]

Minzhao Lyu, Hassan Habibi Gharakheili, Craig Russell, Vijay Sivaraman
2022 arXiv   pre-print
Third, our method continuously tracks various health metrics across the organizational DNS assets and identifies several instances of improper configuration, data exfiltration, DDoS, and reflection attacks  ...  for various asset types such as recursive resolvers, authoritative name servers, and mixed DNS servers.  ...  We identified several instances of improper configurations, data exfiltration, DDoS, and reflection attacks.  ... 
arXiv:2201.07352v1 fatcat:jh2jf7wvzzgnjju7wbp7yoefni

Mirage: Towards Deployable DDoS Defense for Web Applications [article]

Prateek Mittal, Dongho Kim, Yih-Chun Hu, Matthew Caesar
2012 arXiv   pre-print
Distributed Denial of Service (DDoS) attacks form a serious threat to the security of Internet services.  ...  Our approach is that end hosts can thwart the attackers by employing the principle of a moving target: end hosts in our architecture periodically change IP addresses to keep the attackers guessing.  ...  ACKNOWLEDGMENTS We are grateful to Prateek Saxena and Devdatta Akhawe for discussions about our JavaScript mechanism.  ... 
arXiv:1110.1060v2 fatcat:ibjqxzgazrbhxmx3xiys6u5vlu

Security Threats in Software Defined Mobile Clouds (SDMC)

R. Mythili, N. Revathi Venkataraman
2016 Journal of Communications Software and Systems  
Despite of increased smartphone usage, exploiting its full potential becomes very difficult owing to its typical issues such as resource scarcity, mobility and more prominently the security.  ...  In the recent years, the rapid growth of smartphone business is highly evidenced due to its versatile usage irrespective of location, personality or context.  ...  SDMC could utilize the following list of Open source tools for deployment of applications, services[ Table . II].  ... 
doi:10.24138/jcomss.v12i2.81 fatcat:s74xa42ogjdwhg5jwvfw6jxel4

A Novel DDoS Floods Detection and Testing Approaches for Network Traffic based on Linux Techniques

Muhammad Tahir, Mingchu Li, Naeem Ayoub, Usman Shehzaib, Atif Wagan
2018 International Journal of Advanced Computer Science and Applications  
Aggregation of data traffic flow will be considered from a point of impact on filtering productivity.  This research work, is divided into following four parts:  Firstly, the overview of the DDoS attack  ...  flow of DDoS attacks.  ...  On the side of the attacker, the DDoS attacks must be detected before it is launched by identifying precursors based on MIB.  ... 
doi:10.14569/ijacsa.2018.090248 fatcat:v6xtvojvabdutp2bq7chpg2n3a

Denial of service mitigation approach for IPv6-enabled smart object networks

Luís M. L. Oliveira, Joel J. P. C. Rodrigues, Amaro F. de Sousa, Jaime Lloret
2012 Concurrency and Computation  
The aim of this paper is to provide a solution based on 6LowPAN neighbor discovery protocol to be supported only on edge routers to mitigate DoS and DDoS attack initiated from the Internet.  ...  Denial of service mitigation approach for IPv6-enabled smart object networks. Concurrency and Computation: Practice and Experience. 25(1):129-142. Abstract.  ...  para a Ciência e Tecnologia through the Pest-OE/EEI/LA0008/2011.  ... 
doi:10.1002/cpe.2850 fatcat:p44x6tctojdhfjv2dzu4j33spi

Carrier-Grade Anomaly Detection Using Time-to-Live Header Information [article]

Quirin Scheitle, Oliver Gasser, Paul Emmerich, Georg Carle
2016 arXiv   pre-print
A majority (69% IPv4; 81% IPv6) of passively observed multi-packet hosts exhibit one stable TTL value.  ...  Active measurements on unstable hosts yield a stable anchor TTL value for more than 85% of responsive hosts.  ...  Spoofed IP addresses are frequently used in so-called Distributed Denial of Service (DDoS) attacks.  ... 
arXiv:1606.07613v1 fatcat:fmdkknr7snaq7mj6wuetx72syi

Characterizing Optimal DNS Amplification Attacks and Effective Mitigation [chapter]

Douglas C. MacFarland, Craig A. Shue, Andrew J. Kalafut
2015 Lecture Notes in Computer Science  
While practitioners have focused on reducing the number of open DNS resolvers, these efforts do not address the threat posed by authoritative DNS servers.  ...  Attackers have used DNS amplification in over 34% of highvolume DDoS attacks, with some floods exceeding 300Gbps.  ...  Introduction In 2013 and early 2014, attackers used DNS amplification in 34.9% of high volume DDoS attacks (those creating at least 20Gbps of attack traffic) and in 18.6% of all network DDoS attacks [  ... 
doi:10.1007/978-3-319-15509-8_2 fatcat:vbu6ofqckbhbrlamw23tqzj2qa

The Impact on Security due to the Vulnerabilities Existing in the network a Strategic Approach towards Security

Dr. Swapnesh Taterh
2017 International Journal of Advanced engineering Management and Science  
This study is focused on the drawbacks of the existing technology and a fine grained introduction to Software Defined Networking.  ...  Due to an exponential growth in the number of user and the amount of information over wires, there arises a great risk with the existing IP Network architecture.  ...  On addressing the issues related to security, DDoS attacks will be in the limelight.  ... 
doi:10.24001/ijaems.3.5.18 fatcat:sanvr52wfzdarmx5msub7xezia

Mitigation against DDoS Attacks on an IoT-Based Production Line Using Machine Learning

Ladislav Huraj, Tibor Horak, Peter Strelec, Pavol Tanuska
2021 Applied Sciences  
On the other hand, IoT integration opens the way for network cyberattacks. One possible cyberattack is the increasingly widely used distributed denial-of-service attack.  ...  The emphasis was mainly on the integration of IoT devices, which could potentially be misused to run DDoS.  ...  Future work will focus on analyzing the potential of such IPv6 networks during DDoS attacks on the production line. Informed Consent Statement: Not applicable.  ... 
doi:10.3390/app11041847 fatcat:pr3la22us5bgjlyccmyropjzse
« Previous Showing results 1 — 15 out of 411 results