Denial of Service: Types, Techniques, Defence Mechanisms and Safe Guards

Vishnu, N.S.; Batth, Ranbir Singh; Singh, Gursharan

doi:10.1109/iccike47802.2019.9004388

Cited by 10 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Slowloris keeps a series of incomplete connections on the Web server [44]. Therefore, keeping connections open will consequently deplete the Web server's resources.…”

Section: Analyzing Slowloris Behaviormentioning

confidence: 99%

SDToW: A Slowloris Detecting Tool for WMNs

et al. 2020

View full text Add to dashboard Cite

Denial of service (DoS) attacks play a significant role in contemporary cyberspace scenarios. A variety of different DoS attacks pollute networks by exploring various vulnerabilities. A group of DoS called application DoS attacks explore application vulnerabilities. This work presents a tool that detects and blocks an application DoS called Slowloris on wireless mesh networks (WMNs). Our tool, called SDToW, is designed to effectively use the structure of the WMNs to block the Slowloris attack. SDToW uses three different modules to detect and block the attack. Each module has its specific tasks and thus optimizes the overall detection and block efficiency. Our solution blocks the attacker on its first WMN hop, reducing the malicious traffic on the network and avoiding further attacks from the blocked user. The comparison results show that SDToW performs with 66.7% less processing consumption and 89.1% less memory consumption than Snort. Our solution does not limit the number of parallel connections per user. Hence, by avoiding this limitation, SDToW has a lower incidence of false positive errors than Snort.

show abstract

“…Slowloris keeps a series of incomplete connections on the Web server [44]. Therefore, keeping connections open will consequently deplete the Web server's resources.…”

Section: Analyzing Slowloris Behaviormentioning

confidence: 99%

SDToW: A Slowloris Detecting Tool for WMNs

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Traditionally, a DoS cyber-attack is explored according to the vulnerability to be exploited: flooding attacks, application attacks, protocol exploitation and malformed packet attacks [ 48 ]. The first sends large volumes of traffic to the target system to congest bandwidth, saturating the response on the victim’s side; the second exploits the IP protocol addressing function in network devices to amplify and reflect a payload and send messages to all stored addresses, considerably reducing bandwidth; the third is based on the exploitation of specific features within a protocol to consume excessive amounts in its messaging process, exhausting its resources; and the last one reconstructs random high-length messages in the IP protocol, specifically in the address and packet headers, to collapse the target’s information reading process, degrading its resources [ 49 ].…”

Section: Proposed Methodologymentioning

confidence: 99%

ReinforSec: An Automatic Generator of Synthetic Malware Samples and Denial-of-Service Attacks through Reinforcement Learning

Hernandez-Suarez

Sánchez-Pérez

Olivares-Mercado

et al. 2023

Sensors

View full text Add to dashboard Cite

In recent years, cybersecurity has been strengthened through the adoption of processes, mechanisms and rapid sources of indicators of compromise in critical areas. Among the most latent challenges are the detection, classification and eradication of malware and Denial of Service Cyber-Attacks (DoS). The literature has presented different ways to obtain and evaluate malware- and DoS-cyber-attack-related instances, either from a technical point of view or by offering ready-to-use datasets. However, acquiring fresh, up-to-date samples requires an arduous process of exploration, sandbox configuration and mass storage, which may ultimately result in an unbalanced or under-represented set. Synthetic sample generation has shown that the cost associated with setting up controlled environments and time spent on sample evaluation can be reduced. Nevertheless, the process is performed when the observations already belong to a characterized set, totally detached from a real environment. In order to solve the aforementioned, this work proposes a methodology for the generation of synthetic samples of malicious Portable Executable binaries and DoS cyber-attacks. The task is performed via a Reinforcement Learning engine, which learns from a baseline of different malware families and DoS cyber-attack network properties, resulting in new, mutated and highly functional samples. Experimental results demonstrate the high adaptability of the outputs as new input datasets for different Machine Learning algorithms.

show abstract

“…Figure 1. Typical DDoS architecture [7], [10] Application DDoS attacks are web-based activities, and when they occur, all application services are put on hold [10], [11]. As these attacks increase drastically with sophisticated tools [12], [13] web application layer needs more security attention.…”

Section: Introductionmentioning

confidence: 99%

Efficient model for detecting application layer distributed denial of service attacks

et al. 2023

View full text Add to dashboard Cite

The increasing advancement of technologies and communication infrastructures has been posing threats to the internet services. One of the most powerful attack weapons for disrupting web-based services is the distributed denial of service (DDoS) attack. The sophisticated nature of attack tools being created and used for launching attacks on target systems makes it difficult to distinguish between normal and attack traffic. Consequently, there is a need to detect application layer DDoS attacks from network traffic efficiently. This paper proposes a detection system coined eXtreme gradient boosting (XGB-DDoS) using a tree-based ensemble model known as XGBoost to detect application layer DDoS attacks. The Canadian institute for cybersecurity intrusion detection systems (CIC IDS) 2017 dataset consisting of both benign and malicious attacks was used in training and testing of the proposed model. The performance results of the proposed model indicate that the accuracy rate, recall, precision rate, and F1-score of XGB-DDoS are 0.999, 0.997, 0.995, and 0.996, respectively, as against those of k-nearest neighbor (KNN), support vector machine (SVM), principal component analysis (PCA) hybridized with XGBoost, and KNN with SVM. So, the XGB-DDoS detection model did better than the models that were chosen. This shows that it is good at finding application layer DDoS attacks.

show abstract

Denial of Service: Types, Techniques, Defence Mechanisms and Safe Guards

Cited by 10 publications

References 5 publications

SDToW: A Slowloris Detecting Tool for WMNs

SDToW: A Slowloris Detecting Tool for WMNs

ReinforSec: An Automatic Generator of Synthetic Malware Samples and Denial-of-Service Attacks through Reinforcement Learning

Efficient model for detecting application layer distributed denial of service attacks

Contact Info

Product

Resources

About