A survey on DoS/DDoS attacks mathematical modelling for traditional, SDN and virtual networks

Balarezo, Juan Fernando; Wang, Song; Chavez, Karina Gomez; Al‐Hourani, Akram; Kandeepan, Sithamparanathan

doi:10.1016/j.jestch.2021.09.011

Cited by 38 publications

(12 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [39], the authors used an advanced support vector machine method to detect two flooding-based DDoS attacks. In [40], the authors classified existing DoS/DDoS models in SDN. They consider three layers, including the protocol, device resources, and the network, for their analysis of the damage caused by Dos/DDoS attacks in three layers.…”

Section: A Surveys On Sdn Security and Privacy Issuesmentioning

confidence: 99%

Privacy-Preserving and Security in SDN-Based IoT: A Survey

et al. 2023

View full text Add to dashboard Cite

In recent years, the use of Software Defined Networking (SDN) has increased due to various network management requirements. Using SDN in computer network applications has brought several benefits to users, including lower operational costs, better hardware management, flexibility, and centralized network deployment. On the other hand, the Internet of Things (IoT) is another rapidly growing technology. Distributed and dynamic infrastructures are two critical characteristics of IoT. These characteristics lead to some challenges while using SDN in IoT in terms of security and privacy. In this paper, we address security and privacy issues and solutions for SDN-based IoT systems. We analyze the techniques used for defense in previous works to achieve an acceptable level of security and privacy protection in SDN-based IoT systems. In the data plane, SDN-based IoT papers have considered hashing and encryption techniques, in the control plane, certificate authority and access control have been analyzed, and in the application plane, attack detection, and authentication have been discussed. We also provide a statistical analysis of the existing work. This analysis shows that researchers have focused on certain areas more than others in recent years. The final analysis also highlights issues that previous researchers have ignored.

show abstract

Section: A Surveys On Sdn Security and Privacy Issuesmentioning

confidence: 99%

Privacy-Preserving and Security in SDN-Based IoT: A Survey

et al. 2023

View full text Add to dashboard Cite

show abstract

“…The IDSs analyze network traffic to identify illegal access attempts to the network or the improper use of the involved resources, as some attacks do not have the main objective of illegitimately exploiting resources but, for instance, putting them out of service, as it happens with the Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks often reported by the media [24].…”

Section: Background and Related Workmentioning

confidence: 99%

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

Saia,

Carta,

Fenu

et al. 2023

JAIT

View full text Add to dashboard Cite

The ever-increasing use of services based on computer networks, even in crucial areas unthinkable until a few years ago, has made the security of these networks a crucial element for anyone, also in consideration of the increasingly sophisticated techniques and strategies available to attackers. In this context, Intrusion Detection Systems (IDSs) play a primary role since they are responsible for analyzing and classifying each network activity as legitimate or illegitimate, allowing us to take the necessary countermeasures at the appropriate time. However, these systems are not infallible due to several reasons, the most important of which are the constant evolution of the attacks (e.g., zero-day attacks) and the problem that many of the attacks have behavior similar to those of legitimate activities, and therefore they are very hard to identify. This work relies on the hypothesis that the subdivision of the training data used for the IDS classification model definition into a certain number of partitions, in terms of events and features, can improve the characterization of the network events, improving the system performance. The non-overlapping data partitions train independent classification models, classifying the event according to a majority-voting rule. A series of experiments conducted on a benchmark real-world dataset support the initial hypothesis, showing a performance improvement with respect to a canonical training approach.

show abstract

“…To address this challenge, we follow an estimation-based approach to determine the impact of the attacks sourced from the IDEs. While there is existing work on mathematical modeling of DDoS attacks to predict the probability of resource depletion and bandwidth, to estimate the impact of the attacks from the IDEs, we refer to the method proposed by Balarezo et al [23] for traffic-based models and specifically the Queuing Model. The Queuing Model uses a multidimensional approach that provides the probabilities for bandwidth, CPU, and memory exhaustion based on how networking elements process traffic.…”

Section: Estimation Performing Ddos Attacks Ethically Over Thementioning

confidence: 99%

A Bad IDEa: Weaponizing uncontrolled online-IDEs in availability attacks

Srinivasa

Georgoulias

Pedersen

et al. 2022

2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

Botnets are an ongoing threat to the cyber world and can be utilized to carry out DDoS attacks of high magnitude. From the botmaster's perspective, there is a constant need for deploying more effective botnets and discovering new ways to bolster their bot ranks. Integrated Development Environments (IDEs) have been essential for software developers to write and compile source code. The increasing need for remote work and collaborative workspaces have led to the IDE-as-a-service paradigm that offers online code editing and compilation with multiple language support. In this paper, we show that a multitude of online IDEs do not run control checks on the user code and can be therefore leveraged by a botnet. We examine the concept of uncontrolled execution environments and present a proof of concept to show how uncontrolled online-IDEs can be weaponized to perform large-scale attacks by a botnet. Overall, we detect a total of 719 online-IDEs with uncontrolled execution environments and limited sandboxing. Lastly, as ethical disclosure, we inform the IDE developers and service providers of the vulnerabilities and propose countermeasures.

show abstract

A survey on DoS/DDoS attacks mathematical modelling for traditional, SDN and virtual networks

Cited by 38 publications

References 60 publications

Privacy-Preserving and Security in SDN-Based IoT: A Survey

Privacy-Preserving and Security in SDN-Based IoT: A Survey

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

A Bad IDEa: Weaponizing uncontrolled online-IDEs in availability attacks

Contact Info

Product

Resources

About