On Distributed Denial of Service Current Defense Schemes

Kotey, Seth Djanie; Tchao, Eric Tutu; Gadze, James Dzisi

doi:10.3390/technologies7010019

Cited by 31 publications

(19 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1, right). While in 2018 a DDoS attack was peaking 1.7 TBit/s in traffic volume on GitHub servers, the frequency of DDoS attacks also increased more than 29.7% times between 2015 and 2016 [8]. However, the 52% reduction in the number of large-scale attacks from…”

Section: Botnetsmentioning

confidence: 99%

See 1 more Smart Citation

Blockchain Signaling System (BloSS): Cooperative Signaling of Distributed Denial-of-Service Attacks

et al. 2020

View full text Add to dashboard Cite

Distributed Denial-of-Service (DDoS) attacks are one of the major causes of concerns for communication service providers. When an attack is highly sophisticated and no countermeasures are available directly, sharing hardware and defense capabilities become a compelling alternative. Future network and service management can base its operations on equally distributed systems to neutralize highly distributed DDoS attacks. A cooperative defense allows for the combination of detection and mitigation capabilities, the reduction of overhead at a single point, and the blockage of malicious traffic near its source. Main challenges impairing the widespread deployment of existing cooperative defense are: (a) high complexity of operation and coordination, (b) need for trusted and secure communications, (c) lack of incentives for service providers to cooperate, and (d) determination on how operations of these systems are affected by different legislation, regions, and countries. The cooperative Blockchain Signaling System (BloSS) defines an effective and alternative solution for security management, especially cooperative defenses, by exploiting Blockchains (BC) and Software-Defined Networks (SDN) for sharing attack information, an exchange of incentives, and tracking of reputation in a fully distributed and automated fashion. Therefore, BloSS was prototyped and evaluated through a global experiment, without the burden to maintain, design, and develop special registries and gossip protocols.

show abstract

Section: Botnetsmentioning

confidence: 99%

“…Akamai reported that the majority of attacks ranged between 250 Mbit/s and 1.25 Gbit/s in traffic volume. However, in 2018 there was an alarming increase in the number of large-scale attacks by 67.1% due to different Mirai variations and reflection attacks based on Memcached [8].…”

mentioning

confidence: 99%

Blockchain Signaling System (BloSS): Cooperative Signaling of Distributed Denial-of-Service Attacks

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Recently, various proposed solutions based on machine learning (ML) to detect DoS and DDoS have been proposed in the literature, such as the unsupervised clustering model, the Linear Vector Quantization (LVQ) model of Artificial Neural Network (ANN), and the Back-Propagation (BP) model of ANN. A pertinent classifier based on Support Vector Machine (SVM) to detect and prevent DDoS TCP flooding attacks upgrades the K-nearest, naive Bayes, and multilayer perceptron in terms of performance [51]. Finally, one effective solution against the MQTT exploit is to secure the MQTT protocol by implementing the attribute-based encryption through the elliptic curve [52].…”

Section: Security Threats and Solutionsmentioning

confidence: 99%

A Survey of IoT Security Based on a Layered Architecture of Sensing and Data Analysis

Mrabet

Belguith

Alhomoud

et al. 2020

Sensors

209

View full text Add to dashboard Cite

The Internet of Things (IoT) is leading today’s digital transformation. Relying on a combination of technologies, protocols, and devices such as wireless sensors and newly developed wearable and implanted sensors, IoT is changing every aspect of daily life, especially recent applications in digital healthcare. IoT incorporates various kinds of hardware, communication protocols, and services. This IoT diversity can be viewed as a double-edged sword that provides comfort to users but can lead also to a large number of security threats and attacks. In this survey paper, a new compacted and optimized architecture for IoT is proposed based on five layers. Likewise, we propose a new classification of security threats and attacks based on new IoT architecture. The IoT architecture involves a physical perception layer, a network and protocol layer, a transport layer, an application layer, and a data and cloud services layer. First, the physical sensing layer incorporates the basic hardware used by IoT. Second, we highlight the various network and protocol technologies employed by IoT, and review the security threats and solutions. Transport protocols are exhibited and the security threats against them are discussed while providing common solutions. Then, the application layer involves application protocols and lightweight encryption algorithms for IoT. Finally, in the data and cloud services layer, the main important security features of IoT cloud platforms are addressed, involving confidentiality, integrity, authorization, authentication, and encryption protocols. The paper is concluded by presenting the open research issues and future directions towards securing IoT, including the lack of standardized lightweight encryption algorithms, the use of machine-learning algorithms to enhance security and the related challenges, the use of Blockchain to address security challenges in IoT, and the implications of IoT deployment in 5G and beyond.

show abstract

“…However, there is very little literature focusing on characterizing and proposing defense mechanisms targeting these tools. Most studies also focus on tools no longer in use [13]. Very few discussed current DoS attack tools.…”

Section: Related Workmentioning

confidence: 99%

“…Though such tools have been available for years, there has been no defense mechanism proposed specifically targeting these tools. Most defense mechanisms in literature are designed to defend attacks captured in datasets like the KDD Cup 99 dataset from 20 years ago and from tools no longer in use in modern attacks [13]. Knowledge of traffic features of current DoS attack tools is also not available.…”

Section: Introductionmentioning

confidence: 99%

A Proposed DoS Detection Scheme for Mitigating DoS Attack Using Data Mining Techniques

2019

View full text Add to dashboard Cite

A denial of service (DoS) attack in a computer network is an attack on the availability of computer resources to prevent users from having access to those resources over the network. Denial of service attacks can be costly, capable of reaching $100,000 per hour. Development of easily-accessible, simple DoS tools has increased the frequency and reduced the level of expertise needed to launch an attack. Though these attack tools have been available for years, there has been no proposed defense mechanism targeted specifically at them. Most defense mechanisms in literature are designed to defend attacks captured in datasets like the KDD Cup 99 dataset from 20 years ago and from tools no longer in use in modern attacks. In this paper, we capture and analyze traffic generated by some of these DoS attack tools using Wireshark Network Analyzer and propose a signature-based DoS detection mechanism based on SVM classifier to defend against attacks launched by these attack tools. Our proposed detection mechanism was tested with Snort IDS and compared with some already existing defense mechanisms in literature and had a high detection accuracy, low positive rate and fast detection time.

show abstract

On Distributed Denial of Service Current Defense Schemes

Cited by 31 publications

References 45 publications

Blockchain Signaling System (BloSS): Cooperative Signaling of Distributed Denial-of-Service Attacks

Blockchain Signaling System (BloSS): Cooperative Signaling of Distributed Denial-of-Service Attacks

A Survey of IoT Security Based on a Layered Architecture of Sensing and Data Analysis

A Proposed DoS Detection Scheme for Mitigating DoS Attack Using Data Mining Techniques

Contact Info

Product

Resources

About