Robustness of RED in Mitigating LDoS Attack

Zhang, Jing; Hu, Huaping; Liu, Bo

doi:10.3837/tiis.2011.05.012

Cited by 7 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also, denial‐of‐service attack and replay attack resistances are important security requirements of WSN. Because the latter security requirements can be achieved by analyzing security model with Unified Modeling Language , using Random Early Detection algorithm with adjusted parameters , and applying secure protocol, we are focusing on the formal security requirements to find security techniques based on cryptographic techniques. The confidentiality and integrity of the communicating message can be achieved by symmetric algorithms, such as Data Encryption Standard and Advanced Encryption Standard .…”

Section: Introductionmentioning

confidence: 99%

Performance enhancement of TinyECC based on multiplication optimizations

Seo

Shim

Kim

2012

Security Comm Networks

View full text Add to dashboard Cite

Because wireless sensor network (WSN), which is composed of a large number of low-cost and resource-constrained devices, communicates on the basis of wireless protocols such as IEEE 802.15.4, ZigBee, and DASH-7, it is easily vulnerable to eavesdropping, illegal modification, privacy infringement and denial-of-service attacks. These attacks destroy the data integrity, confidentiality, and authentication of the basic WSN security requirements and then the reliability and security of the WSN-based applications are deteriorated. There have been many research efforts to make secure WSN environments. Among these efforts, TinyECC is one of outstanding works. It provides several security protocols such as Elliptic Curve Diffie-Hellman, Elliptic Curve Digital Signature Algorithm, and Elliptic Curve Integrated Encryption Scheme, based on the Elliptic Curve Cryptography (ECC). TinyECC is basically a well-written TinyOS-based code and is optimized to resource-constrained environments. The Barrett reduction, hybrid multiplication, and several optimization techniques are also used for high performance even with low-energy consumption. However, the hybrid multiplication technique used in TinyECC is known to be not suitable for 16-bit processor, MSP430, which is a familiar processor for sensor node. This is due to the fact that the MSP 430 processor does not provide enough number of registers for hybrid multiplication techniques. Because the multiplication operation over the finite field is a major operation of the ECC, it causes a high latency of multiplication operations and eventually degrades the performance of the ECC operation. In this paper, we propose a novel multiplication operation based on the cached operands and reordered partial products. The proposed method shows that the latency of the polynomial multiplication, which is the core operation of the ECC, is 6% smaller than previously known results. Copyright

show abstract

Section: Introductionmentioning

confidence: 99%

Performance enhancement of TinyECC based on multiplication optimizations

Seo

Shim

Kim

2012

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…This paper intends to suggest that BDMs should undergo an evasion evaluation as suggested in Gu et al . For example, a proactive evasion analysis is presented in Zhang et al on an existing technique for mitigating low‐rate denial‐of‐service (LDoS) attacks using random early detection (RED). The authors analyzed the current algorithm and looked at ways it could be subverted.…”

Section: Related Work and Backgroundmentioning

confidence: 99%

Bot detection evasion: a case study on local‐host alert correlation bot detection methods

Shirley

Babu

Mano

2012

Security Comm Networks

View full text Add to dashboard Cite

Botnets have continuously evolved since their inception as a malicious entity. Attackers come up with new botnet designs that exploit the weaknesses in existing defense mechanisms and continue to evade detection. It is necessary to analyze the weaknesses of existing defense mechanisms to find out the lacunae in them. This research exposes a weakness found in an existing bot detection method (BDM) by implementing a specialized P2P botnet model and carrying out experiments on it. Weaknesses that are found and validated can be used to predict the development path of botnets, and as a result, detection and mitigation measures can be implemented in a proactive fashion. The main contribution of this work is to demonstrate the exploitation pattern of an inherent weakness in local-host alert correlation (LHAC) based methods and to assert that current LHAC implementations could allow pockets of cooperative bots to hide in an enterprise size network. This work suggests that additional monitoring capabilities must be added to current LHAC-based methods in order for them to remain a viable bot detection mechanism. This paper takes a forward-looking approach and presents a specific botnet development path based on a weakness evident in a successful BDM. This BDM will be defined as a local-host alert correlation (LHAC) based method. Further, this paper elaborates on the design and implementation of a different model for P2P botnet communication and describes the experiments conducted. The experiments demonstrate that the proposed botnet model can effectively hide from an LHAC-based BDM without having to rely on additional communication hiding tactics.It is often necessary to create a "proof-of-concept" that validates that a given vulnerability is exploitable. Therefore, this botnet model is tested against BotHunter [7]. BotHunter is a successful LHAC-based BDM. BotHunter is able to map a host's behavior to a malware infection life-cycle in order to flag compromised hosts as malware. The covert-botnet model tested in this work is able to circumvent BotHunter, and is implemented with this specific intent. The concept behind this model is extensible. Slight modifications to the covert-botnet framework would enable it to hide from any LHAC-based BDM that does not have the ability to account for all of a local host's network activity. Any botnet that is able to, somehow, circumvent the monitoring points employed by a BDM would be able to avoid detection in a similar manner.

show abstract

“…Mitigating botnets is an urgent task, because they are threatening the Internet seriously, through spam mails [12], denial of service attacks [13] [14], and so on. Finding the C&C server of botnets and taking them down is an effective method to mitigate IRC botnets and HTTP botnets.…”

Section: Related Workmentioning

confidence: 99%

Further Analyzing the Sybil Attack in Mitigating Peer-to-Peer Botnets

Wang¹

2012

KSII TIIS

View full text Add to dashboard Cite

Sybil attack has been proved effective in mitigating the P2P botnet, but the impacts of some important parameters were not studied, and no model to estimate the effectiveness was proposed. In this paper, taking Kademlia-based botnets as the example, the model which has the upper and lower bound to estimate the mitigating performance of the Sybil attack is proposed. Through simulation, how three important factors affect the performance of the Sybil attack is analyzed, which is proved consistent with the model. The simulation results not only confirm that for P2P botnets in large scale, the Sybil attack is an effective countermeasure, but also imply that the model can give suggestions for the deployment of Sybil nodes to get the ideal performance in mitigating the P2P botnet.

show abstract

Robustness of RED in Mitigating LDoS Attack

Cited by 7 publications

References 10 publications

Performance enhancement of TinyECC based on multiplication optimizations

Performance enhancement of TinyECC based on multiplication optimizations

Bot detection evasion: a case study on local‐host alert correlation bot detection methods

Further Analyzing the Sybil Attack in Mitigating Peer-to-Peer Botnets

Contact Info

Product

Resources

About