Detection and prevention of DoS attacks in Software-Defined Cloud networks

Rengaraju, Perumalraja; Ramanan, V. Raja; Lung, Chung-Horng

doi:10.1109/desec.2017.8073810

Cited by 26 publications

(10 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Intrusion Prevention System is a defense mechanisms designed to detect malicious packets within network traffic and stop intrusions, blocking the aberrant traffic automatically before it does any [3] [21]. IPS is an improvement from IDS because it does not only have the ability to detect intrusion, but also can take action against intrusion or potential malicious network activity [22] [23].…”

Section: B Ids and Ipsmentioning

confidence: 99%

Internal Threat Defense using Network Access Control and Intrusion Prevention System

Putra¹,

Surantha²

2019

IJACSA

View full text Add to dashboard Cite

This study aims to create a network security system that can mitigate attacks carried out by internal users and to reduce attacks from internal networks. Further, a network security system is expected to be able to overcome the difficulty of mitigating attacks carried out by internal users and to improve network security. The method used is to integrate the ability of Network Access Control (NAC) and the Intrusion Prevention System (IPS) that have been designed and implemented in this study, then an analysis is performed to compare the results of tests that have been carried out using only the NAC with the results using integration of NAC capabilities and IPS. The results obtained from the tests that have been carried out, namely, the security system by using the integration of NAC and IPS capabilities is better than using only the NAC.

show abstract

Section: B Ids and Ipsmentioning

confidence: 99%

Internal Threat Defense using Network Access Control and Intrusion Prevention System

Putra¹,

Surantha²

2019

IJACSA

View full text Add to dashboard Cite

show abstract

“…Various commercial products prevail among personal firewalls, frequently combining various security features (like antivirus) into single software. Personal firewalls often gather data on detected threats that are subsequently processed in producer's private cloud [6] and recently even SDN concept is applied [7]. The users can usually decide either to allow or deny the firewall cloud extensions.…”

Section: Firewallsmentioning

confidence: 99%

Intrusion Detection System for Home Windows based Computers

2019

KSII TIIS

View full text Add to dashboard Cite

The paper is devoted to the detailed description of the distributed system for gathering data from Windows-based workstations and servers. The research presented in the beginning demonstrates that neither a solution for gathering data on attacks against Windows based PCs is available at present nor other security tools and supplementary programs can be combined in order to achieve the required attack data gathering from Windows computers. The design of the newly proposed system named Colander is presented, too. It is based on a client-server architecture while taking much inspiration from previous attempts for designing systems with similar purpose, as well as from IDS systems like Snort. Colander emphasizes its ease of use and minimum demand for system resources. Although the resource usage is usually low, it still requires further optimization, as is noted in the performance testing. Colander's ability to detect threats has been tested by real malware, and it has undergone a pilot field application. Future prospects and development are also proposed.

show abstract

“…Rengaraju et al 17 proposed a distributed firewall possessing an intrusion prevention system (IPS) intended for software‐defined clouds (SDCs). Considering different network scenarios, the investigations are conducted for two DoS attacks, an Internet control message protocol (ICMP), and SYN flooding attacks through this proposed distributed security mechanism.…”

Section: Literature Reviewmentioning

confidence: 99%

Improved cuckoo search load distribution (ICS‐LD) and attack detection in cloud environment

Anandaraj¹,

Indumathi²

2019

Concurrency and Computation

View full text Add to dashboard Cite

Summary For the purpose of obtaining an answer to a spoofing IP issue and related problems in the cloud computing (CC) environment, a novel path identifier is recommended, in which a new packet approach with a new identifier (ID) is produced to every user or client system. For the purpose of identification of the spoofing attack, any watermark image pattern is introduced. Following this, the hypervisor is employed to ascertain plausible trust relationships among the VMs by considering personal sources that can be trusted along with utilizing empirical Bayesian inference (EBI) for the purpose of combining the VMs. With a restricted budget of resources for the maximized detection of attacks, an optimal detection load distribution strategy by improved cuckoo search (ICS) over VMs can be used, which thus provides the intended solution to the hypervisor. The ICS algorithm directs a hypervisor so as to assert among the VMs the optimal load distribution, taking into consideration real time, which causes maximization of the DDoS attacks and detection of transmission control protocol (TCP) flood attacks. Lastly, a fuzzy extreme learning machine (FELM) classifier is proposed in order to detect the attacks.

show abstract

Detection and prevention of DoS attacks in Software-Defined Cloud networks

Cited by 26 publications

References 14 publications

Internal Threat Defense using Network Access Control and Intrusion Prevention System

Internal Threat Defense using Network Access Control and Intrusion Prevention System

Intrusion Detection System for Home Windows based Computers

Improved cuckoo search load distribution (ICS‐LD) and attack detection in cloud environment

Contact Info

Product

Resources

About