Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks

@article{BenPorat2013VulnerabilityON,
  title={Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks},
  author={Udi Ben-Porat and Anat Bremler-Barr and Hanoch Levy},
  journal={IEEE Transactions on Computers},
  year={2013},
  volume={62},
  pages={1031-1043}
}
In recent years, we have experienced a wave of DDoS attacks threatening the welfare of the internet. These are launched by malicious users whose only incentive is to degrade the performance of other, innocent, users. The traditional systems turn out to be quite vulnerable to these attacks. The objective of this work is to take a first step to close this fundamental gap, aiming at laying a foundation that can be used in future computer/network designs taking into account the malicious users. Our… 

Figures from this paper

Vulnerability Analysis of Hash Tables to Sophisticated DDoS Attacks
TLDR
This work is presenting a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common application data structures and showing that Closed Hash is much more vulnerable to DDoS attacks than Open Hash.
On a Mathematical Model for Low-Rate Shrew DDoS
TLDR
A mathematical model for estimating attack effect of this stealthy type of DDoS, originally capturing the adjustment behaviors of victim TCPs congestion window, which reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment.
An Optimistic Approach to Interpret the DDoS Attacks By Wielding Deterministic Packet Marking
  • S. Suresh, N. Ram, M. Mohan
  • Computer Science
    2019 International Conference on Smart Structures and Systems (ICSSS)
  • 2019
TLDR
The Deterministic Packet Marketing (DPM) is capable to provide a better result compared to the other approaches in controlling the network attacks and providing the user network security.
Analyzing the effect of Denial of Service attack on Network Performance
TLDR
The effect on network performance due to Denial of Service attack is evaluated by measuring the throughput, number of packet received and the number of packets lost and then comparing it with a network which is not under attack.
An Adaptive Approach to Mitigate Ddos Attacks in Cloud
TLDR
This research work focuses on reviewing DDOS detection techniques and developing a numeric stable theoretical framework used for detecting various DDOS attacks in cloud, which intends to capture the current context value of the parameters that determine the reliability of the detection algorithm and helps to maintain the variability of those collected values.
IP Address-Based Mitigation Against Denial-of-Service Flooding Attacks
TLDR
This paper proposes a lightweight detection and mitigation approach based on IP address that mitigates the attack impact for different patterns of attacks of denial-of-service attacks.
A Vulnerability of Dynamic Network Address Translation to Denial-of-Service Attacks
TLDR
The problem asking if this network traffic congestion can be brought about not only spontaneously but also intentionally for preventing malicious cyber attackers from using this phenomenon intentionally is discussed.
A REVIEW TOWARDS DDOS PREVENTION AND DETECTION METHODOLOGY
TLDR
The main idea of this paper is present basis of DDoS attack, and various schemes are developed defense against to this attack.
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
TLDR
The main idea of this paper is present basis of DDoS attack, and various schemes are developed defense against to this attack.
...
...

References

SHOWING 1-10 OF 26 REFERENCES
Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks
TLDR
This work proposes a metric that evaluates the vulnerability of a system, and shows that a Closed Hash is much more vulnerable than an Open Hash to DDoS attacks, even though the two systems are considered to be equivalent via traditional performance evaluation.
Remote Algorithmic Complexity Attacks against Randomized Hash Tables
TLDR
This work demonstrates how the attacker can defeat this protection of per-connection state in a hash table, and demonstrates how to discover this secret value, and to do so remotely, using network traffic.
Exploiting the transients of adaptation for RoQ attacks on Internet resources
TLDR
It is shown that a well orchestrated attack could introduce significant inefficiencies that could potentially deprive a network element from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that element's hijacked capacity.
Denial of Service via Algorithmic Complexity Attacks
TLDR
A new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures, and it is shown how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks.
Backtracking Algorithmic Complexity Attacks against a NIDS
TLDR
This paper presents a highly effective attack against the Snort NIDS, and provides a practical algorithmic solution that successfully thwarts the attack.
802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions
TLDR
This paper provides an experimental analysis of 802.11-specific attacks - their practicality, their efficacy and potential low-overhead implementation changes to mitigate the underlying vulnerabilities.
Reduction of quality (RoQ) attacks on Internet end-systems
TLDR
It is shown that a well orchestrated RoQ attack on an end- system admission control policy could introduce significant inefficiencies that could potentially deprive an Internet end-system from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that system's hijacked capacity.
Reduction of Quality (RoQ) Attacks on Dynamic Load Balancers: Vulnerability Assessment and Design Tradeoffs
TLDR
This work discovers and studies new instances of Reduction of Quality (RoQ) attacks that target the dynamic operation of load balancers, and identifies the key factors that expose the trade-offs between resilience and susceptibility to RoQ attacks.
On the vulnerability of the proportional fairness scheduler to retransmission attacks
TLDR
This work shows that the common straight forward adaptation of PFS to frame losses exposes the system to a malicious attack that can drastically degrade the performance of innocent users and proposes a modification of P FS designed for the frame loss model which is resilient to such malicious attack while maintaining the fairness properties of original PFS.
Fast Content-Based Packet Handling for Intrusion Detection
TLDR
The problem of intrusion detection is restructured to allow the use of more efficient string matching algorithms that operate on sets of patterns in parallel and a new string matching algorithm is introduced that has average-case performance that is better than the best theoretical algorithm and muchbetter than the currently deployed algorithm.
...
...