Threshold Based Kernel Level HTTP Filter (TBHF) for DDoS Mitigation

Ak, Mohamed Ibrahim; George, Lijo; Govind, Kritika; Selvakumar, S.

doi:10.5815/ijcnis.2012.12.03

Cited by 5 publications

(1 citation statement)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gouda and Liu [8,15] introduced techniques based on Firewall Decision Diagrams, in the field of rule set optimization by redundancy removal Focus on distributed Firewalls [9] and analysis of single packet filters [10] was by Al-Shaer. Their work has two main limitations: It considers only the packet filter scenario and they detect only anomalies in rule.…”

Section: Background and Related Workmentioning

confidence: 99%

HTTP Packet Inspection Policy for Improvising Internal Network Security

Kuldeep¹,

Tyagi²

2014

IJCNIS

View full text Add to dashboard Cite

Abstract-Past few years the use of Internet and its applications has increased to a great extent. There is also an enormous growth in the establishment of computer networks by large, medium and small organizations, for data transfer and information exchange. Due to this huge growth, incidents of cyber-attacks and security breaches have also increased. Data on a network is transferred using protocols such as Hyper Text Transfer Protocol, which is very vulnerable. Many types of malicious contents are hidden in packets that are transferred over a network or system, which may can to get it slow, crash or buffer overflow etc. Thus it is very important to secure networks from such types of attacks. There are lots of mechanisms available but still they are not good enough because of dynamic environment. Such kind of attacks can be countered by applying appropriate policies on network edge devices like Adaptive Security Appliance, firewalls, web servers, router etc. Also the packets which are transferred between networks, they should deeply inspect for malicious or any insecure contents. In this paper firstly we would study Network security issues and available mechanism to counter them our focus would be on inspecting the HTTP packets deeply by applying policies on ASA. Finally we would use Graphical Network Simulator (GNS3) to test such a policy.

show abstract