Saman Taghavi Zargar scite author profile

Abstract-Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks.In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.

show abstract

Semantic-based context-aware alert fusion for distributed Intrusion Detection Systems

Sadighian

Zargar

Fernandez

et al. 2013

View full text Add to dashboard Cite

ONTIDS: A Highly Flexible Context-Aware and Ontology-Based Alert Correlation Framework

Sadighian

Fernandez

Lemay

et al. 2014

View full text Add to dashboard Cite

A collaborative approach to facilitate intrusion detection and response against DDoS attacks.

Zargar

Joshi

2010

View full text Add to dashboard Cite

Intrusion detection and response systems (IPSs) for literature based on two intrusion prevention systems, motl protecting against distributed denial-of-service (DDoS) attacks host-based IPS (HIPS) and network-based IPS (NIPS) [1[2 will beneflit significantly if all the routers within each autonomous [3]. HIPSs are deployed on end-hosts, either source (Souce system (AS) are capable of detection and response in addition to side) or destination (Destination-side) of the attack. Sourcesd sampling. However, DDoS detection and response will incur high detection and response approaches such as ingress filtering[] storage and processing overhead if each router does redundant D-WARD [5], and MULTOPS [6] can take place at eithereg detection and response tasks. Many overlay communication routers of the local network or access routers of an ASta protocols have been introduced in the literature to achieve connect to the subscribers' edge routers [1]. Source-side'HP, coordination among the routers but they generally have high aim to detect and filter the attack traffic but they areno communication overheads. Furthermore, DDoS detection and prciaagns oStak.Theaetwraos response requires that all the flows intended to the same pracetica ageratinst Dof aittak.Terinues aretorasonst whic destination be analyzed together in order to efficiently capture mrciake ath goreneraion of s Fistern rule soagainst Dof not the correlation between them. In order to do that,, current pedsracicalute source-siden HIPs.airst thein souce oificattak can approaches centrally collect all the sampled data and analyze bfte dsturibued in diferent doaindrspn m akigicifcurtlt. foIec them, which also increases the communication overhead. In this coflthebourcties atoac detectio and responde accuroateyce, paper, we present a collaborative approach to distribute the claoaieatc eeto n epneapoce r sampling, detection, and response responsibilities among all the required to capture all the traffic from all the distriue routers within the AS in such a way that each router can detect sources to the victim. Second, it is difficult to differntit and respond to DDoS attacks. Our proposed approach achieves legitimate and DDoS attack traffic at the sources, sincth coordination among all the routers in the network to eliminate volume of the traffic is not big enough and traffic nl redundant sampling, detection, and response tasks without aggregates at the points close to destinations. Although D exploiting any specific communication protocol. We propose an WARD can generate filtering rules at the source, it consue optimal assignment of disjoint flows to each of the routers within more memory space and CPU cycles than some NIP!s[] the ASs in such a way that all the flows destined for the same host Hence, source-side HIPSs are not effective against Do will be sampled, analyzed, and properly responded at the same attacks. router. Each router can thus capture the correlation between flows destined for a specific destination. In the destination-side HIPSs, detection will be done...

show abstract

Towards privacy preserving threat intelligence

Dara

Zargar

Muralidhara

2018

Journal of Information Security and Applications

View full text Add to dashboard Cite

Fuzzy Proactive Queue Management Technique

Zargar

Yaghmaee

Fard

2006

View full text Add to dashboard Cite

DiCoTraM: A distributed and coordinated DDoS flooding attack tailored traffic monitoring

Zargar

Joshi

Tipper

2014

View full text Add to dashboard Cite

The success in detecting Distributed Denial of Service (DDoS) flooding attacks is highly dependent on the quality and quantity of the covered flows by the traffic monitoring mechanism that is employed in any DDoS defense mechanism. In this paper, we propose DiCoTraM, a DDoS flooding attack tailored distributed and coordinated traffic monitoring mechanism that centrally and periodically coordinates the monitoring responsibilities and distributes them among all the monitoring devices within each autonomous system (AS) while satisfying the monitoring devices' memory constraints. DiCoTraM monitors traffic flows in such a way that the flows intended for the same destination (possible network/transport level DDoS flooding attack flows) are analyzed together in the same monitoring device if there is enough memory to cover those flows on the monitoring device; hence, this can enable distributed detection mechanisms in place to analyze the monitored flows. The enabled distributed detection leads to reduced communication overhead that is a problem in centralized detection mechanisms as they need to collect centrally all the flows for analysis. Moreover, the centralized coordination structure of DiCoTraM eliminates the redundant flow monitoring among the routers. We simulate and compare DiCoTraM with other traffic monitoring mechanisms in terms of: the overall flow coverage, and the DDoS flooding attack flow coverage. The experimental results show that DiCoTraM, compared to other monitoring mechanisms, covers more DDoS flooding attack flows and it has reasonable overall flow coverage.

show abstract

Mobile Cloud Computing and Its Security and Privacy Challenges

Takabi

Zargar

Joshi

2014

View full text Add to dashboard Cite

Mobile cloud computing has grown out of two hot technology trends, mobility and cloud. The emergence of cloud computing and its extension into the mobile domain creates the potential for a global, interconnected mobile cloud computing environment that will allow the entire mobile ecosystem to enrich their services across multiple networks. We can utilize significant optimization and increased operating power offered by cloud computing to enable seamless and transparent use of cloud resources to extend the capability of resource constrained mobile devices. However, in order to realize mobile cloud computing, we need to develop mechanisms to achieve interoperability among heterogeneous and distributed devices. We need solutions to discover best available resources in the cloud servers based on the user demands and approaches to deliver desired resources and services efficiently and in a timely fashion to the mobile terminals. Furthermore, while mobile cloud computing has tremendous potential to enable the mobile terminals to have access to powerful and reliable computing resources anywhere and anytime, we must consider several issues including privacy and security, and reliability in realizing mobile cloud computing. In this chapter, the authors first explore the architectural components required to realize a mobile cloud computing infrastructure. They then discuss mobile cloud computing features with their unique privacy and security implications. They present unique issues of mobile cloud computing that exacerbate privacy and security challenges. They also discuss various approaches to address these challenges and explore the future work needed to provide a trustworthy mobile cloud computing environment.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.