DDoS Defense Using TCP_IP Header Analysis and Proactive Tests

Ye, Zhen; Shi, Weiwei; Ye, Dayong

doi:10.1109/itcs.2009.248

Cited by 4 publications

(2 citation statements)

References 19 publications

(2 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Smurf attacks entail the sending of an ICMP echo traffic request alongside the source address of a spoofed target victim to a specific broadcast IP address. ICMP echo requests are often received by most of the hosts that are present on an IP network [41], which then responds to the source address being the target victim in this situation. It is possible for hundreds of machines within a broadcast network to respond to each ICMP packet.…”

Section: B Exploited Vulnerability Of Ddos Attackmentioning

confidence: 99%

Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods

et al. 2019

View full text Add to dashboard Buy / Rent full text

Until now, an effective defense method against Distributed Denial of Service (DDoS) attacks is yet to be offered by security systems. Incidents of serious damage due to DDoS attacks have been increasing, thereby leading to an urgent need for new attack identification, mitigation, and prevention mechanisms. To prevent DDoS attacks, the basic features of the attacks need to be dynamically analyzed because their patterns, ports, and protocols or operation mechanisms are rapidly changed and manipulated. Most of the proposed DDoS defense methods have different types of drawbacks and limitations. Some of these methods have signature-based defense mechanisms that fail to identify new attacks and others have anomaly-based defense mechanisms that are limited to specific types of DDoS attacks and yet to be applied in open environments. Subsequently, extensive research on applying artificial intelligence and statistical techniques in the defense methods has been conducted in order to identify, mitigate, and prevent these attacks. However, the most appropriate and effective defense features, mechanisms, techniques, and methods for handling such attacks remain to be an open question. This review paper focuses on the most common defense methods against DDoS attacks that adopt artificial intelligence and statistical approaches. Additionally, the review classifies and illustrates the attack types, the testing properties, the evaluation methods and the testing datasets that are utilized in the methodology of the proposed defense methods. Finally, this review provides a guideline and possible points of encampments for developing improved solution models of defense methods against DDoS attacks. INDEX TERMS DDoS attack, DDoS defense, artificial intelligence technique, statistical technique.

show abstract

“…The attacker modifies the fragment offset such that when the firewall assembles it the malicious content gets hidden. However the packet becomes malicious when the victim reassembles it the [13], [25].…”

Section: Overlapping Fragmentsmentioning

confidence: 99%

Data reduction by identification and correlation of TCP/IP attack attributes for network forensics

Pilli

Joshi

Niyogi

2011

Proceedings of the International Conference &Amp; Workshop on Emerging Trends in Technology - ICWET '11

View full text Add to dashboard Buy / Rent full text

Network forensics is an alternate approach to security, which monitors network traffic, stores the traces, detects anomalies, identifies the nature of attack, and investigates the source of attack. The challenge is to store, handle and analyze large volumes of network traffic. Attackers are exploiting the vulnerabilities in TCP/IP protocol suite and manipulating various attributes to launch attacks. In this paper, the attacks on TCP/IP protocol suite at the transport and network layer are studied and the significant network features being misused are identified. The key fields of the protocols are correlated with the attacks and are extracted from the packet capture files. These values are stored in a database and statistical information for determining various attack thresholds is derived. This information helps in identifying suspicious addresses and marking evidence packets for forensic analysis. These packets comprise of the highest probable evidence and are converted to a new packet capture file. The reduced size of this preprocessed data enables efficient storage, effective processing and time bound investigation.

show abstract

DDoS Defense Using TCP_IP Header Analysis and Proactive Tests

Cited by 4 publications

References 19 publications

Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods

Data reduction by identification and correlation of TCP/IP attack attributes for network forensics

Contact Info

Product

Resources

About