Defending network system against IP spoofing based distributed DoS attacks using DPHCF-RTT packet filtering technique

Maheshwari, Ritu; Krishna, C. Rama; Brahma, Mohamed

doi:10.1109/icicict.2014.6781280

Cited by 12 publications

(6 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In full-duplex mode, the system stably achieves twice the throughput of halfduplex mode and up to 19.738 Gbps, except test case of 64-Byte packets. than results claimed in [14] and [20]. We do partial reconfiguration (PR) experiments with two reconfigurable logic regions for the PIEF and HCF modules.…”

Section: Resultsmentioning

confidence: 91%

See 1 more Smart Citation

FPGA-Based Multiple DDoS Countermeasure Mechanisms System Using Partial Dynamic Reconfiguration

Thinh

Pham‐Quoc

Nguyen-Hoang

et al. 2016

REV-JEC

View full text Add to dashboard Cite

Abstract-In this paper, we propose a novel FPGA-based high-speed DDoS countermeasure system that can flexibly adapt to DDoS attacks while still maintaining system performance. The system includes a packet decoder module and multiple DDoS countermeasure mechanisms. We apply dynamic partial reconfiguration technique in this system so that the countermeasure mechanisms can be flexibly changed or updated on-the-fly. The proposed system architecture separates DDoS protection modules (which implement DDoS countermeasure techniques) from the packet decoder module. By using this approach, one DDoS protection module can be reconfigured without interfering with other modules. The proposed system is implemented on a NetFPGA 10G board. The synthesis results show that the system can work at up to 116.782 MHz while utilizing up to 39.9% Registers and 49.85% BlockRAM of the Xilinx Virtex xcv5tx240t FPGA device on the NetFPGA 10G board. The system achieves the detection rate of 100% with the false negative rate at 0% and false positive rate closed to 0.16%. The prototype system achieves packet decoding throughput at 9.869 Gbps in half-duplex mode and 19.738 Gbps in full-duplex mode.

show abstract

Section: Resultsmentioning

confidence: 91%

“…Maheshwari et al [20] combined probabilistic and round trip time in Distributed Probabilistic HCF-Round trip time (DPHCF-RTT). Packets are checked once by intermediate DPHCF-RTT routers (nodes) and then they are forwarded to destinations.…”

Section: Related Workmentioning

confidence: 99%

FPGA-Based Multiple DDoS Countermeasure Mechanisms System Using Partial Dynamic Reconfiguration

Thinh

Pham‐Quoc

Nguyen-Hoang

et al. 2016

REV-JEC

View full text Add to dashboard Cite

show abstract

“…Selain berasal dari dalam negeri atau cyber threats juga datang dari luar negeri. Namun, ancaman ini jarang mencapai taraf yang membutuhkan respon militer karena apapun yang dilakukan pemerintah dalam menanggapi ancaman cyber ini akan memiliki implikasi domestik dan internasional [1]. Pesatnya perkembangan teknologi informasi dan komunikasi ini merupakan tempat diletakkannya rahasiarahasia penting negara.…”

Section: Pendahuluanunclassified

Implementasi Firewall Untuk Manajemen Hak Akses Web Server Berbasis Application Gateway Pada Website TNI

et al. 2020

View full text Add to dashboard Cite

Selaras dengan perkembangan teknologi, keamanan menjadi isu yang sangat penting, khususnya di bidang jaringan yang terhubung dengan internet. Permasalahan yang ada saat ini adalah masih adanya website negara yang dikerjakan oleh pihak luar dalam hal sistem keamanan jaringan, dan yang paling banyak menjadi sasaran kejahatan adalah web server. Daripada mempercayakan sistem keamanan web server pada pihak lain, penulis mengaplikasikan penggunaan application gateway pada firewall. Berdasarkan hasil pengujian secara keseluruhan, application gateway memiliki kinerja yang lebih baik daripada jenis firewall lain di situs web lain, memiliki kemampuan yang lebih baik dalam menangani serangan DoS, karena firewall ini bekerja tidak hanya berdasarkan pada keamanan, tujuan dan atribut paket, tetapi dapat mencapai isi paket. Hal ini menyimpulkan bahwa aplikasi gateway sesuai dan aman digunakan pada web server TNI AD.

show abstract

“…PHCF technique [5] does not assure whether the unchecked packets are legitimate only. DPHCF-RTT technique [1] After reviewing the literature, it is found that CHCF, PHCF, DPHCF-RTT techniques, which are used to filter the spoofed packets from the total packets, possess certain limitations pertaining to low detection rate of spoofed packets. Hence, there exists lot of scope to maximize the detection rate of spoofed packets.…”

Section: Literature Reviewmentioning

confidence: 99%

Prevention Mechanism on DDOS Attacks by using Multilevel Filtering of Distributed Firewalls

Sagar¹

2015

IJRITCC

View full text Add to dashboard Cite

Abstract-In the past decade, it has been found that DDoS has proved to be the most dangerous attack. IP spoofing is one of the kinds of DDoS attack which is emerging as a big threat in today's world of technology. The Proposed Framework is a unique technique composed of distributed firewalls and hop count based filtering, it can be used to prevent such kind of DDoS attack. At The primary level, distributed firewalls filters the IP addresses which can be either Internet or Intranet. Along with this it also provide various other advantages such as reducing the dependency of network topology. At secondary level, hop count and TTL based filtering provides more secure level of filtration. In this paper, we have proposed a new framework which reduces the limitations of previous conventional techniques.

show abstract

Defending network system against IP spoofing based distributed DoS attacks using DPHCF-RTT packet filtering technique

Cited by 12 publications

References 4 publications

FPGA-Based Multiple DDoS Countermeasure Mechanisms System Using Partial Dynamic Reconfiguration

FPGA-Based Multiple DDoS Countermeasure Mechanisms System Using Partial Dynamic Reconfiguration

Implementasi Firewall Untuk Manajemen Hak Akses Web Server Berbasis Application Gateway Pada Website TNI

Prevention Mechanism on DDOS Attacks by using Multilevel Filtering of Distributed Firewalls

Contact Info

Product

Resources

About