Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks

@article{BenPorat2013VulnerabilityON,
  title={Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks},
  author={Udi Ben-Porat and A. Bremler-Barr and H. Levy},
  journal={IEEE Transactions on Computers},
  year={2013},
  volume={62},
  pages={1031-1043}
}
In recent years, we have experienced a wave of DDoS attacks threatening the welfare of the internet. These are launched by malicious users whose only incentive is to degrade the performance of other, innocent, users. The traditional systems turn out to be quite vulnerable to these attacks. The objective of this work is to take a first step to close this fundamental gap, aiming at laying a foundation that can be used in future computer/network designs taking into account the malicious users. Our… Expand
Vulnerability Analysis of Hash Tables to Sophisticated DDoS Attacks
In recent years, everybody experienced a flow of DDoS attacks threatening the welfare of the internet. These are launched by unauthorized users whose only motivation is to degrade the performance ofExpand
On a Mathematical Model for Low-Rate Shrew DDoS
TLDR
A mathematical model for estimating attack effect of this stealthy type of DDoS, originally capturing the adjustment behaviors of victim TCPs congestion window, which reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment. Expand
An Optimistic Approach to Interpret the DDoS Attacks By Wielding Deterministic Packet Marking
  • S. Suresh, N. Ram, M. Mohan
  • Computer Science
  • 2019 International Conference on Smart Structures and Systems (ICSSS)
  • 2019
TLDR
The Deterministic Packet Marketing (DPM) is capable to provide a better result compared to the other approaches in controlling the network attacks and providing the user network security. Expand
Analyzing the effect of Denial of Service attack on Network Performance
TLDR
The effect on network performance due to Denial of Service attack is evaluated by measuring the throughput, number of packet received and the number of packets lost and then comparing it with a network which is not under attack. Expand
An Adaptive Approach to Mitigate Ddos Attacks in Cloud
TLDR
This research work focuses on reviewing DDOS detection techniques and developing a numeric stable theoretical framework used for detecting various DDOS attacks in cloud, which intends to capture the current context value of the parameters that determine the reliability of the detection algorithm and helps to maintain the variability of those collected values. Expand
IP Address-Based Mitigation Against Denial-of-Service Flooding Attacks
TLDR
This paper proposes a lightweight detection and mitigation approach based on IP address that mitigates the attack impact for different patterns of attacks of denial-of-service attacks. Expand
A REVIEW TOWARDS DDOS PREVENTION AND DETECTION METHODOLOGY
Denial of Service (DoS) or Distributed-Denial of Service (DDoS) is major threat to network security. Network is collection of nodes that interconnect with each other for exchange the Information.Expand
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
Denial of Service (DoS) or Distributed-Denial of Service (DDoS) is major threat to network security. Network is collection of nodes that interconnect with each other for exchange the Information.Expand
Computer and network performance: Graduating from the "Age of Innocence"
TLDR
The objective of this work is to understand how system performance is affected by malicious behavior and how performance evaluation should account for it by considering an array of “classical” systems taken from the literature and examining their degree of vulnerability. Expand
SUBJECT CLASSIFICATION (Example: RNOMICS)
DDoS is one of the challenging network attacks which exploit the network resources [1]. In DDoS attacks, most of the websites were made virtually unreachable to the internet users, hence results inExpand
...
1
2
3
4
...

References

SHOWING 1-10 OF 27 REFERENCES
Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks
TLDR
This work proposes a metric that evaluates the vulnerability of a system, and shows that a Closed Hash is much more vulnerable than an Open Hash to DDoS attacks, even though the two systems are considered to be equivalent via traditional performance evaluation. Expand
Remote Algorithmic Complexity Attacks against Randomized Hash Tables
TLDR
This work demonstrates how the attacker can defeat this protection of per-connection state in a hash table, and demonstrates how to discover this secret value, and to do so remotely, using network traffic. Expand
Exploiting the transients of adaptation for RoQ attacks on Internet resources
TLDR
It is shown that a well orchestrated attack could introduce significant inefficiencies that could potentially deprive a network element from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that element's hijacked capacity. Expand
Denial of Service via Algorithmic Complexity Attacks
TLDR
A new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures, and it is shown how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks. Expand
Backtracking Algorithmic Complexity Attacks against a NIDS
TLDR
This paper presents a highly effective attack against the Snort NIDS, and provides a practical algorithmic solution that successfully thwarts the attack. Expand
802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions
TLDR
This paper provides an experimental analysis of 802.11-specific attacks - their practicality, their efficacy and potential low-overhead implementation changes to mitigate the underlying vulnerabilities. Expand
Reduction of quality (RoQ) attacks on Internet end-systems
TLDR
It is shown that a well orchestrated RoQ attack on an end- system admission control policy could introduce significant inefficiencies that could potentially deprive an Internet end-system from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that system's hijacked capacity. Expand
Reduction of Quality (RoQ) Attacks on Dynamic Load Balancers: Vulnerability Assessment and Design Tradeoffs
TLDR
This work discovers and studies new instances of Reduction of Quality (RoQ) attacks that target the dynamic operation of load balancers, and identifies the key factors that expose the trade-offs between resilience and susceptibility to RoQ attacks. Expand
On the vulnerability of the proportional fairness scheduler to retransmission attacks
TLDR
This work shows that the common straight forward adaptation of PFS to frame losses exposes the system to a malicious attack that can drastically degrade the performance of innocent users and proposes a modification of P FS designed for the frame loss model which is resilient to such malicious attack while maintaining the fairness properties of original PFS. Expand
Fast Content-Based Packet Handling for Intrusion Detection
TLDR
The problem of intrusion detection is restructured to allow the use of more efficient string matching algorithms that operate on sets of patterns in parallel and a new string matching algorithm is introduced that has average-case performance that is better than the best theoretical algorithm and muchbetter than the currently deployed algorithm. Expand
...
1
2
3
...