1,621 Hits in 4.2 sec

Practical Verifiable In-network Filtering for DDoS defense [article]

Deli Gong, Muoi Tran, Shweta Shinde, Hao Jin, Vyas Sekar, Prateek Saxena, Min Suk Kang
2019 arXiv   pre-print
To make in-network filtering a more robust defense primitive, in this paper, we propose a verifiable in-network filtering, called VIF, that exploits emerging hardware-based trusted execution environments  ...  In light of ever-increasing scale and sophistication of modern DDoS attacks, it is time to revisit in-network filtering or the idea of empowering DDoS victims to install in-network traffic filters in the  ...  for DDoS defense.  ... 
arXiv:1901.00955v2 fatcat:wcwxamf3nnejpeogjvw5hihc74

A Survey of Network-Based Detection and Defense Mechanisms Countering the IP Spoofing Problems

Dr. N. Arumugam
2018 International Journal of Trend in Scientific Research and Development  
As a result, Internet hosts are vulnerable to network attacks like Denial (DoS) and Distributed-Denial-of-Service (DDoS) attacks, whose economic and social impact has grown to considerable proportions.  ...  This paper review recent progress of IP spoofing detection and defenses by various researchers.  ...  StackPi-New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense Earlier discussed path identification (Pi) DDoS defence scheme is a deterministic packet marking scheme that allows  ... 
doi:10.31142/ijtsrd15921 fatcat:7r6elqbwgbcwjcko3to64scnru

Distributed Denial of Service Prevention Techniques

B. B. Gupta, R. C. Joshi, Manoj Misra
2010 International Journal of Computer and Electrical Engineering  
In this paper, we present a classification of available mechanisms that are proposed in literature on preventing Internet services from possible DDoS attacks and discuss the strengths and weaknesses of  ...  This provides better understanding of the problem and enables a security administrator to effectively equip his arsenal with proper prevention mechanisms for fighting against DDoS threat.  ...  ACKNOWLEDGMENT The authors gratefully acknowledge the financial support of the Ministry of Human Resource Development (MHRD), Government of India for partial work reported in the paper.  ... 
doi:10.7763/ijcee.2010.v2.148 fatcat:ofuv4xcc6rdlrhurkx4se2isbu

On the deployability of inter-AS spoofing defenses

Bingyang Liu, Jun Bi
2015 IEEE Network  
As the best current practices (BCPs) for spoofing defense, ingress/egress filtering (IEF) [1] and variants of unicast reverse path forwarding (uRPF) [2] are widely implemented in routers.  ...  An inter-AS spoofing defense is deployed on AS border routers to filter spoofing traffic by enforcing AS-granularity D 82 IEEE Network • Abstract IP spoofing makes network attacks more destructive and  ...  SAVE is assessed as medium since it provides low benefit for d-DDoS but high benefit for s-DDoS.  ... 
doi:10.1109/mnet.2015.7113230 fatcat:vzdngvvoc5hudlrt7ppuis5bcu

A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks

Saman Taghavi Zargar, James Joshi, David Tipper
2013 IEEE Communications Surveys and Tutorials  
Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach.  ...  Index Terms-Distributed Denial of Service (DDoS) flooding attack, intrusion detection systems, intrusion prevention systems, distributed DDoS defense, collaborative DDoS defense.  ...  ACKNOWLEDGMENT The authors would like to thank anonymous reviewers for their constructive comments and valuable suggestions.  ... 
doi:10.1109/surv.2013.031413.00127 fatcat:tjnielpldfdazdnxtvxvy4so2e

Defense mechanisms against Distributed Denial of Service attacks: Comparative Review

Fahad Alatawi
2021 Journal of Information Security and Cybercrimes Research  
Developing an effective defensive mechanism against existing and potential DDoS attacks remains a strong desire in the cybersecurity research community.  ...  Distributed Denial of Service (DDoS) remains a big concern in Cybersecurity. DDoS attacks are implemented to prevent legitimate users from getting access to services.  ...  Therefore, the general objective of this paper is to identify the best practices for defense against DDoS attacks.  ... 
doi:10.26735/lqez4186 fatcat:hmxg6r4zcfgihnafvs6467lcwi

Bandwidth Distributed Denial of Service: Attacks and Defenses

Moti Geva, Amir Herzberg, Yehoshua Gev
2014 IEEE Security and Privacy  
In this paper we survey BW-DDoS attacks and defenses.  ...  Attackers may disrupt connectivity to servers, networks, autonomous systems, or whole countries or regions; such attacks were already launched in several conflicts.  ...  Some of these defense techniques are widely deployed defenses in practice, and other defenses were only proposed academically.  ... 
doi:10.1109/msp.2013.55 fatcat:hhzyivjgyjaqpgicxqrszx2kzm

PFS: Probabilistic filter scheduling against distributed denial-of-service attacks

Dongwon Seo, Heejo Lee, Adrian Perrig
2011 2011 IEEE 36th Conference on Local Computer Networks  
Index Terms-Network security; DDoS attack defense; routerbased filtering; filter scheduling.  ...  However, existing filter-based approaches do not address necessary properties for viable DDoS solutions: how to practically identify attack paths, how to propagate filters to the best locations (filter  ...  CONCLUSION We presented the Probabilistic Filter Scheduling (PFS) architecture to defeat DDoS attacks. We utilized Probabilistic Packet Marking (PPM) and a filter scheduling policy.  ... 
doi:10.1109/lcn.2011.6114645 dblp:conf/lcn/SeoLP11 fatcat:5pbbq2sgvzer7fobqg75lj4g7a

DISCS: A DIStributed Collaboration System for Inter-AS Spoofing Defense

Bingyang Liu, Jun Bi
2015 2015 44th International Conference on Parallel Processing  
IP spoofing is prevalently used in DDoS attacks for anonymity and amplification, making them harder to prevent.  ...  In this paper, we propose a DIStributed Collaboration System (DISCS) for inter-AS spoofing defense, which allows ASes to flexibly collaborate in spoofing defense in a distributed manner.  ...  However, in SPM and Passport, the defense is mainly designed for d-DDoS, i.e., an outbound packet is filtered only when its destination belongs to a peer AS.  ... 
doi:10.1109/icpp.2015.25 dblp:conf/icpp/LiuB15 fatcat:2jhrjkkc5ffdnn5do3ovp5262y

Denial of Service Attacks [chapter]

Qijun Gu, Peng Liu
2012 Handbook of Computer Networks  
Overlay network also provides an infrastructure to deploy distributed DDoS defense system.  ...  Nevertheless, the design of interface in the overlay network for different defense systems to cooperate is still open.  ... 
doi:10.1002/9781118256107.ch29 fatcat:6ibocdusfzeujj6w6rkwhxnix4

Mitigating distributed denial of service attack: Blockchain and s oftware‐defined networking based approach, network model with future research challenges

Shivansh Kumar, Ruhul Amin
2021 Security and Privacy  
This paper proposes three different network architectures for the protection of DDOS attack by enabling Blockchain technology with SDN concept.  ...  Cutting-edge technology like Blockchain and software-defined networking (SDN) are very helpful in developing a mitigating architecture with their collaborative approach, where SDN can authenticate the  ...  ACKNOWLEDGMENT The authors of this work wish to acknowledge DR SPM International Institute of Information Technology, Naya Raipur for supporting to carry out this research work.  ... 
doi:10.1002/spy2.163 fatcat:h5hnggegnjhptfsn2pjbm4idum

APFS: Adaptive Probabilistic Filter Scheduling against distributed denial-of-service attacks

Dongwon Seo, Heejo Lee, Adrian Perrig
2013 Computers & security  
In this paper, we define three necessary properties for a viable DDoS solution: how to practically propagate filters, how to place filters to effective filter routers, and how to manage filters to maximize  ...  Keywords: DDoS attack defense Filter-based defense Filter scheduling Filter propagation Adaptive packet marking a b s t r a c t Distributed denial-of-service (DDoS) attacks are considered to be among the  ...  The preliminary version of this paper was presented in the 36th IEEE Local Computer Networks (LCN 2011) (Seo et al., 2011).  ... 
doi:10.1016/j.cose.2013.09.002 fatcat:5ykwx3zbw5dqtoiv72lkdegoka

Implementation of an SDN-based Security Defense Mechanism Against DDoS Attacks

Hsiao-Chung LIN, Ping WANG
2016 DEStech Transactions on Economics Business and Management  
Accordingly, this paper implements an SDN-based information security defense mechanism (ISDM) incorporating three OpenFlow management tools with sFlow standard for network intrusion detection system (NIDS  ...  Although mobile devices and IoT devices with an SDN (Software Defined Networking) architecture for cloud appliances have improved the convenience of our daily lives, they also pose a threat to network  ...  Step 4: Migration of DDoS Attacks Because of rate-limiting available, traffic filtering is the basis for most defensive approaches.  ... 
doi:10.12783/dtem/iceme-ebm2016/4183 fatcat:pce7qgazcvacnmp7t4rgeq7ox4

A Blockchain-Based Architecture for Collaborative DDoS Mitigation with Smart Contracts [chapter]

Bruno Rodrigues, Thomas Bocek, Andri Lareida, David Hausheer, Sina Rafati, Burkhard Stiller
2017 Lecture Notes in Computer Science  
In this paper, the design of a novel architecture is proposed by combining these technologies introducing new opportunities for flexible and efficient DDoS mitigation solutions across multiple domains.  ...  Emerging technologies such as blockchain and smart contracts allows for the sharing of attack information in a fully distributed and automated fashion.  ...  A collaborative defense approach using VNF (Virtual Network Functions) is presented in [15] .  ... 
doi:10.1007/978-3-319-60774-0_2 fatcat:bcn7tdgm7fgqxl7ovr7q3lqf4y

Distributed SIP DDoS Defense with P4

Aldo Febro, Hannan Xiao, Joseph Spring
2019 2019 IEEE Wireless Communications and Networking Conference (WCNC)  
This paper experiments with data plane programming (P4) and control plane programming of Ethernet switches to provide first-hop detection and mitigation capability for SIP INVITE DDoS attack at every switchport  ...  , economical, and scalable against SIP DDoS attack of the future.  ...  This approach requires SIP DDoS defense capability to be present at the network edge to form a distributed approach towards SIP DDoS defense.  ... 
doi:10.1109/wcnc.2019.8885926 dblp:conf/wcnc/FebroXS19 fatcat:l4lbaiy2jrg6xmvlrfhtbisily
« Previous Showing results 1 — 15 out of 1,621 results