Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks
@article{BenPorat2013VulnerabilityON, title={Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks}, author={Udi Ben-Porat and Anat Bremler-Barr and Hanoch Levy}, journal={IEEE Transactions on Computers}, year={2013}, volume={62}, pages={1031-1043} }
In recent years, we have experienced a wave of DDoS attacks threatening the welfare of the internet. These are launched by malicious users whose only incentive is to degrade the performance of other, innocent, users. The traditional systems turn out to be quite vulnerable to these attacks. The objective of this work is to take a first step to close this fundamental gap, aiming at laying a foundation that can be used in future computer/network designs taking into account the malicious users. Our…
39 Citations
Vulnerability Analysis of Hash Tables to Sophisticated DDoS Attacks
- Computer Science
- 2014
This work is presenting a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common application data structures and showing that Closed Hash is much more vulnerable to DDoS attacks than Open Hash.
On a Mathematical Model for Low-Rate Shrew DDoS
- Computer ScienceIEEE Transactions on Information Forensics and Security
- 2014
A mathematical model for estimating attack effect of this stealthy type of DDoS, originally capturing the adjustment behaviors of victim TCPs congestion window, which reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment.
An Optimistic Approach to Interpret the DDoS Attacks By Wielding Deterministic Packet Marking
- Computer Science2019 International Conference on Smart Structures and Systems (ICSSS)
- 2019
The Deterministic Packet Marketing (DPM) is capable to provide a better result compared to the other approaches in controlling the network attacks and providing the user network security.
Analyzing the effect of Denial of Service attack on Network Performance
- Computer Science
- 2016
The effect on network performance due to Denial of Service attack is evaluated by measuring the throughput, number of packet received and the number of packets lost and then comparing it with a network which is not under attack.
An Adaptive Approach to Mitigate Ddos Attacks in Cloud
- Computer Science
- 2015
This research work focuses on reviewing DDOS detection techniques and developing a numeric stable theoretical framework used for detecting various DDOS attacks in cloud, which intends to capture the current context value of the parameters that determine the reliability of the detection algorithm and helps to maintain the variability of those collected values.
IP Address-Based Mitigation Against Denial-of-Service Flooding Attacks
- Computer ScienceInformation and Communication Technology for Intelligent Systems
- 2018
This paper proposes a lightweight detection and mitigation approach based on IP address that mitigates the attack impact for different patterns of attacks of denial-of-service attacks.
A Vulnerability of Dynamic Network Address Translation to Denial-of-Service Attacks
- Computer ScienceDSIT
- 2021
The problem asking if this network traffic congestion can be brought about not only spontaneously but also intentionally for preventing malicious cyber attackers from using this phenomenon intentionally is discussed.
A REVIEW TOWARDS DDOS PREVENTION AND DETECTION METHODOLOGY
- Computer Science
- 2015
The main idea of this paper is present basis of DDoS attack, and various schemes are developed defense against to this attack.
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
- Computer Science
- 2015
The main idea of this paper is present basis of DDoS attack, and various schemes are developed defense against to this attack.
Computer and network performance: Graduating from the "Age of Innocence"
- Computer ScienceComput. Networks
- 2014
References
SHOWING 1-10 OF 26 REFERENCES
Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks
- Computer ScienceIEEE INFOCOM 2008 - The 27th Conference on Computer Communications
- 2008
This work proposes a metric that evaluates the vulnerability of a system, and shows that a Closed Hash is much more vulnerable than an Open Hash to DDoS attacks, even though the two systems are considered to be equivalent via traditional performance evaluation.
Remote Algorithmic Complexity Attacks against Randomized Hash Tables
- Computer Science, MathematicsSECRYPT
- 2007
This work demonstrates how the attacker can defeat this protection of per-connection state in a hash table, and demonstrates how to discover this secret value, and to do so remotely, using network traffic.
Exploiting the transients of adaptation for RoQ attacks on Internet resources
- Computer ScienceProceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004.
- 2004
It is shown that a well orchestrated attack could introduce significant inefficiencies that could potentially deprive a network element from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that element's hijacked capacity.
Denial of Service via Algorithmic Complexity Attacks
- Computer ScienceUSENIX Security Symposium
- 2003
A new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures, and it is shown how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks.
Backtracking Algorithmic Complexity Attacks against a NIDS
- Computer Science2006 22nd Annual Computer Security Applications Conference (ACSAC'06)
- 2006
This paper presents a highly effective attack against the Snort NIDS, and provides a practical algorithmic solution that successfully thwarts the attack.
802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions
- Computer ScienceUSENIX Security Symposium
- 2003
This paper provides an experimental analysis of 802.11-specific attacks - their practicality, their efficacy and potential low-overhead implementation changes to mitigate the underlying vulnerabilities.
Reduction of quality (RoQ) attacks on Internet end-systems
- Computer ScienceProceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.
- 2005
It is shown that a well orchestrated RoQ attack on an end- system admission control policy could introduce significant inefficiencies that could potentially deprive an Internet end-system from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that system's hijacked capacity.
Reduction of Quality (RoQ) Attacks on Dynamic Load Balancers: Vulnerability Assessment and Design Tradeoffs
- Computer ScienceIEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications
- 2007
This work discovers and studies new instances of Reduction of Quality (RoQ) attacks that target the dynamic operation of load balancers, and identifies the key factors that expose the trade-offs between resilience and susceptibility to RoQ attacks.
On the vulnerability of the proportional fairness scheduler to retransmission attacks
- Computer Science2011 Proceedings IEEE INFOCOM
- 2011
This work shows that the common straight forward adaptation of PFS to frame losses exposes the system to a malicious attack that can drastically degrade the performance of innocent users and proposes a modification of P FS designed for the frame loss model which is resilient to such malicious attack while maintaining the fairness properties of original PFS.
Fast Content-Based Packet Handling for Intrusion Detection
- Computer Science
- 2001
The problem of intrusion detection is restructured to allow the use of more efficient string matching algorithms that operate on sets of patterns in parallel and a new string matching algorithm is introduced that has average-case performance that is better than the best theoretical algorithm and muchbetter than the currently deployed algorithm.