Mitigation of DoS and Port Scan Attacks Using Snort

Gupta, Alka; Sharma, Lalit Sen

doi:10.26438/ijcse/v7i4.248258

Cited by 7 publications

(10 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…"The Ping of Death sends fragmented ICMP Echo Requests that, once reassembled, are larger than the maximum size of an IP packet more than the specified IP limit (65536 bytes) are sent to the victim machine hence making it to hang, reboot or crash" [12].…”

Section: Ping Of Deathmentioning

confidence: 99%

The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks

Kabanda,

Byera,

Emeka

et al. 2023

JIS

View full text Add to dashboard Cite

Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim's network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.

show abstract

Section: Ping Of Deathmentioning

confidence: 99%

The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks

Kabanda,

Byera,

Emeka

et al. 2023

JIS

View full text Add to dashboard Cite

show abstract

“…Rules and ird Party Rules. At last, we evaluated the performance of our newly generated rules compared with other rules for detecting Dos/DDos attacks in [69,70]. In Reference [69], because the rules for detecting Dos attacks mainly used the existing keywords which belong to the type of Nonpayload Detection Rule Options in Snort, we called them the "Nonpayload Option Rules," denoted as NP.…”

Section: Performance Comparison Between Our Newly Generatedmentioning

confidence: 99%

“…In Reference [69], because the rules for detecting Dos attacks mainly used the existing keywords which belong to the type of Nonpayload Detection Rule Options in Snort, we called them the "Nonpayload Option Rules," denoted as NP. In Reference [70], the rules mainly used the existing keyword, detection_filter, which belongs to the type of Post-Detection Rule Options in Snort, to describe the high frequency characteristics of Dos/DDos attacks. erefore, we called them the "Post-Detection Option Rules," denoted as PD.…”

Section: Performance Comparison Between Our Newly Generatedmentioning

confidence: 99%

“…Finally, we also evaluated the performance of our "Aggregated Flow Level Rules" and "Post-Detection Option Rules" in Reference [70]. Compared to the "Nonpayload Option Rules" in Reference [69], the "Post-Detection Option Rules" used the aggregated keyword, detection_filter, to describe the high frequency characteristics of Dos/DDos attacks, which led to the decrease of FPR.…”

Section: Performance Comparison Between Our Newly Generatedmentioning

confidence: 99%

See 1 more Smart Citation

Bridging the Last-Mile Gap in Network Security via Generating Intrusion-Specific Detection Patterns through Machine Learning

Sun

Zhang

Qin

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

With successful machine learning applications in many fields, researchers tried to introduce machine learning into intrusion detection systems for building classification models. Although experimental results showed that these classification models could produce higher accuracy in predicting network attacks on the offline datasets, compared with the operational intrusion detection systems, machine learning is rarely deployed in the real intrusion detection environment. This is what we call the last mile problem with the machine learning approach to network intrusion detection, the discrepancy between the strength and requirements of machine learning and network operational semantics. In this paper, we aim to bridge the aforementioned gap. In particular, an LCC-RF-RFEX feature selection approach is proposed to select optimal features of the specific type of attacks from dataset, and then, an intrusion-specific approach is introduced to convert them into detection patterns that can be used by the nonmachine-learning detector for the corresponding specific attack detection in the real-world network environment. To substantiate our approach, we take Snort, KDDCup’99 dataset, and Dos attacks as the experimental subjects to demonstrate how to close the last-mile gap. For the specific type of Dos attacks in the KDDCup’99 dataset, we use the LCC-RF-RFEX method to select optimal feature subset and utilize our intrusion-specific approach to generate new rules in Snort by using them. Comparing performance differences between the existing Snort rule set and our augmented Snort rule set with regard to Dos attacks, the experimental results showed that our approach expanded Snort’s detection capability of Dos attacks, on average, reduced up to 25.28% false-positive alerts for Teardrop attacks and Synflood attacks, and decreased up to 98.87% excessive alerts for Mail bomb attacks.

show abstract

“…For all experiments we verify that the threats correctly traverse the safeguards. We validate the threats we produced using Snort [17], [46], [29]. Snort is a powerful open source network intrusion detection system, capable of performing real time traffic analysis and packet logging on IP networks.…”

Section: Validationmentioning

confidence: 99%

Blocking Without Breaking: Identification and Mitigation of Non-Essential IoT Traffic

Mandalari

Dubois

Kolcun

et al. 2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Despite the prevalence of Internet of Things (IoT) devices, there is little information about the purpose and risks of the Internet traffic these devices generate, and consumers have limited options for controlling those risks. A key open question is whether one can mitigate these risks by automatically blocking some of the Internet connections from IoT devices, without rendering the devices inoperable. In this paper, we address this question by developing a rigorous methodology that relies on automated IoT-device experimentation to reveal which network connections (and the information they expose) are essential, and which are not. We further develop strategies to automatically classify network traffic destinations as either required (i.e., their traffic is essential for devices to work properly) or not, hence allowing firewall rules to block traffic sent to non-required destinations without breaking the functionality of the device. We find that indeed 16 among the 31 devices we tested have at least one blockable non-required destination, with the maximum number of blockable destinations for a device being 11. We further analyze the destination of network traffic and find that all third parties observed in our experiments are blockable, while first and support parties are neither uniformly required or non-required. Finally, we demonstrate the limitations of existing blocklists on IoT traffic, propose a set of guidelines for automatically limiting non-essential IoT traffic, and we develop a prototype system that implements these guidelines.

show abstract

Mitigation of DoS and Port Scan Attacks Using Snort

Cited by 7 publications

References 10 publications

The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks

The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks

Bridging the Last-Mile Gap in Network Security via Generating Intrusion-Specific Detection Patterns through Machine Learning

Blocking Without Breaking: Identification and Mitigation of Non-Essential IoT Traffic

Contact Info

Product

Resources

About