Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain

“…This becomes a bottleneck, especially for volume-oriented DDoS attacks that will be aggravated by the computational overhead of the detection scheme. Though schemes in [8,9,[12][13][14][15] use volume-based metrics and have been successful in isolating large traffic changes (such as bandwidth flooding attacks), but slow rate, isotropic attacks cannot be detected and characterized because these attacks do not cause detectable disruptions in traffic volume. These suffer from more collateral damage.…”

“…By contrast, an anomaly-based detection system observes the normal network behavior and watches for any divergence from the normal profile. Most of DoS detection systems are anomalybased [8][9][10][11][14][15][16]. However, their normal traffic models are mainly based on flow rates.…”

“…Tolerance factor a is a design parameter and d is absolute maximum deviation in Entropy HðXÞ from average value H n ðXÞ while profiling for network without attack. In [9], it was observed that ''a" is a function of client and attack load at extreme conditions (i.e., very high attack load and no client load or vice versa and ''a" is also regulated by detection rate (DR) and false positive rate (FPR) otherwise). a ¼ FðCL; ALÞ at extremes; a ¼ FðDR; FPRÞ otherwise: However, in dynamic network conditions, the design parameter also depends on system and client requirements.…”

“…Sardana et al [9] propose hypothesis to detect and characterize attacks that treats DDoS anomalies as events that disturb the distribution of entropy. Entropy captures the degree of dispersal or concentration of a distribution.…”

An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks

“…This becomes a bottleneck, especially for volume-oriented DDoS attacks that will be aggravated by the computational overhead of the detection scheme. Though schemes in [8,9,[12][13][14][15] use volume-based metrics and have been successful in isolating large traffic changes (such as bandwidth flooding attacks), but slow rate, isotropic attacks cannot be detected and characterized because these attacks do not cause detectable disruptions in traffic volume. These suffer from more collateral damage.…”

“…By contrast, an anomaly-based detection system observes the normal network behavior and watches for any divergence from the normal profile. Most of DoS detection systems are anomalybased [8][9][10][11][14][15][16]. However, their normal traffic models are mainly based on flow rates.…”

“…Tolerance factor a is a design parameter and d is absolute maximum deviation in Entropy HðXÞ from average value H n ðXÞ while profiling for network without attack. In [9], it was observed that ''a" is a function of client and attack load at extreme conditions (i.e., very high attack load and no client load or vice versa and ''a" is also regulated by detection rate (DR) and false positive rate (FPR) otherwise). a ¼ FðCL; ALÞ at extremes; a ¼ FðDR; FPRÞ otherwise: However, in dynamic network conditions, the design parameter also depends on system and client requirements.…”

“…Sardana et al [9] propose hypothesis to detect and characterize attacks that treats DDoS anomalies as events that disturb the distribution of entropy. Entropy captures the degree of dispersal or concentration of a distribution.…”

An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks

“…In wired networks, various approaches exist for these attacks. But they can't be adopted for IEEE 802.16e wireless network [5][6][7][8][9][10][11][12]. WiMAX is susceptible to the attacks such as replay, DoS and MITM (man in the middle) attacks.…”

Proxy Base Station based Authentication Protocol for Broadband Wireless Network

Fleeting Crime: The Raw Material for Crime Analysis and Reduction