Elimination of DoS UDP Reflection Amplification Bandwidth Attacks, Protecting TCP Services

Booth, Todd; Andersson, Karl

doi:10.1007/978-3-319-19210-9_1

Cited by 12 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Mitigating DRDoS Network Attacks via Consolidated Deny Filter Rules

Booth¹,

Andersson²

2020

ReBICTE

View full text Add to dashboard Cite

This article is concerning distributed reflection denial of service (DRDoS) attacks. These DRDoSattacks are more frequent and large scale, and are one of the biggest threats on the Internet. This paperdiscusses the best way to defend from these attacks using public cloud defenses, such as AmazonAWS, Google GCP, and Microsoft Azure, at a very low cost. Our mitigation strategy takes advantageof the fact that the attacker does not have full control to change the source IP port to anything theywant, when used in these reflective attacks. We propose to have the customer host their Web serversand other types of supporting servers in the public cloud. The cloud provider then reserves a /CIDRblock of IP addresses, which will be protected. The cloud providers customers who opt in, will beallocated an IP address from this block. This block will be used as the source IP address deny portionof the firewall rule-sets. Then the public cloud providers will use BGP4 Flow-Spec or some scriptingsolution, to have their IP service provider neighbors perform the actual filtering of the DRDoS attacktraffic concerning attacks against these servers.

show abstract

Section: Related Workmentioning

confidence: 99%

“…In [4], we present one solution to eliminate UDP DRDoS attacks, for TCP services. In [5], we show that it is not feasible to defend against large DRDoS attacks at the company's premises or at most ISPs. In [6], we introduce the ability to perform redirects, but only for authenticated clients, to mitigate DDoS attacks.…”

Section: Related Workmentioning

confidence: 99%

Mitigating DRDoS Network Attacks via Consolidated Deny Filter Rules

Booth¹,

Andersson²

2020

ReBICTE

View full text Add to dashboard Cite

show abstract

“…Web apps are vulnerable to cyber-attacks due to their widespread availability and high usage. By making a malicious request, attackers attempt to make the Web application inaccessible [4]. Attackers might corrupt a susceptible Web application, jeopardizing the organization's resources' confidentiality, integrity, and availability.…”

Section: Introductionmentioning

confidence: 99%

Untitled

2022

EJCSIT

View full text Add to dashboard Cite

Due to the growing rate of Internet usage, web apps have become the most popular Internet application. This has made web applications a significant objective for cyber-criminals; thereby, carrying various attacks on web applications like Cross-Site Scripting (XSS), Structured Query Language Injection and Shell attacks. Because of the high rate of web-based assault, this paper presents a robust framework for detecting and preventing multiple payload attacks on web applications. In this paper, an RNN model was trained on a dataset that contains different categories of assaults that are carried out on web applications. These attacks include: XSS, SQLi, and Shell. Random Over Sampling approach was used to resolve the problem of highly imbalanced dataset which prepared the dataset for preprocessing. After solving the imbalanced problem, preprocessing was then carried out on the dataset by performing data cleaning and tokenization. The tokenized data was transformed into an array which was used in feeding our RNN model as input. Our proposed model was trained on two (2) epochs, where each of the epochs shows the accuracy and loss values obtained by the model for both training and testing data. After training, our proposed RNN model gave us an accuracy of 99.96% for testing data and 99.91% for training data. We also deployed our RNN model to the web by making use of a python flask to build a robust system for detecting and preventing different payload attacks on web applications. This paper is limited to web-application attacks.

show abstract

“…Apart from several above-mentioned merits, the number of attacks is mushrooming overwhelmingly as the number of Web applications increase [10]. Attackers attempt to make a resource unavailable so that they might take advantage by sending an anomalous request to it [11]. A resource containing a vulnerability might be exploited by the attackers, consequently can jeopardize the confidentiality, integrity, and availability properties of the organization's crucial resources [12]- [14].…”

Section: Introductionmentioning

confidence: 99%

An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble

et al. 2020

View full text Add to dashboard Cite

A Web attack protection system is extremely essential in today's information age. Classifier ensembles have been considered for anomaly-based intrusion detection in Web traffic. However, they suffer from an unsatisfactory performance due to a poor ensemble design. This paper proposes a stacked ensemble for anomaly-based intrusion detection systems in a Web application. Unlike a conventional stacking, where some single weak learners are prevalently used, the proposed stacked ensemble is an ensemble architecture, yet its base learners are other ensembles learners, i.e. random forest, gradient boosting machine, and XGBoost. To prove the generalizability of the proposed model, two datasets that are specifically used for attack detection in a Web application, i.e. CSIC-2010v2 and CICIDS-2017 are used in the experiment. Furthermore, the proposed model significantly surpasses existing Web attack detection techniques concerning the accuracy and false positive rate metrics. Validation result on the CICIDS-2017, NSL-KDD, and UNSW-NB15 dataset also ameliorate the ones obtained by some recent techniques. Finally, the performance of all classification algorithms in terms of a two-step statistical significance test is further discussed, providing a value-added contribution to the current literature.

show abstract

Elimination of DoS UDP Reflection Amplification Bandwidth Attacks, Protecting TCP Services

Cited by 12 publications

References 10 publications

Mitigating DRDoS Network Attacks via Consolidated Deny Filter Rules

Mitigating DRDoS Network Attacks via Consolidated Deny Filter Rules

Untitled

An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble

Contact Info

Product

Resources

About