Tamilarasi Angamuthu

Bio: Tamilarasi Angamuthu is an academic researcher. The author has contributed to research in topics: Dynamic network analysis & Spoofing attack. The author has an hindex of 1, co-authored 1 publications receiving 10 citations.

An Autonomous Framework for Early Detection of Spoofed Flooding Attacks

Abstract: One of the challenging tasks on the Internet is differentiating the attack traffic from legitimate traffic. Tackling this challenge would aid in the detection of Denial of Service/Distributed DoS (DoS/DDoS) attacks. In this paper, we propose a flow profiling scheme that adopts itself to detect these flooding attacks by monitoring the trends in the current traffic. Moreover, our scheme filters most of the traffic, which are found to be suspicious, at the source end, thus avoiding flooding at the target. The scheme distinguishes itself from other source end defenses in the manner in which it gathers and profiles the statistics. Information entropy, a measure to find correlation among traffic flows, is used. We made this attempt to infer the current state of the dynamic network. The result of correlation is then used to support the evidences which justify the necessity of filtering the packets. We use Theory of evidence to improve the decision making with regard to filtering. We implemented and tested our scheme using network traffic traces and found the results to be appreciable.

EDoS-Shield - A Two-Steps Mitigation Technique against EDoS Attacks in Cloud Computing

Abstract: Cloud computing is currently one of the most hyped information technology fields and it has become one of the fastest growing segments of IT. Cloud computing allows us to scale our servers in magnitude and availability in order to provide services to a greater number of end users. Moreover, adopters of the cloud service model are charged based on a pay-per-use basis of the cloud's server and network resources, aka utility computing. With this model, a conventional DDoS attack on server and network resources is transformed in a cloud environment to a new breed of attack that targets the cloud adopter's economic resource, namely Economic Denial of Sustainability attack (EDoS). In this paper, we advocate a novel solution, named EDoS-Shield, to mitigate the Economic Denial of Sustainability (EDoS) attack in the cloud computing systems. We design a discrete simulation experiment to evaluate its performance and the results show that it is a promising solution to mitigate the EDoS.

Enhanced EDoS-Shield for Mitigating EDoS Attacks Originating from Spoofed IP Addresses

Abstract: Cloud computing has become one of the fastest growing segments in IT industry. A cloud introduces resource-rich computing platforms, where adopters are charged based on the usage of the cloud's resources, known as "pay-as-you-use" or utility computing. With this model, a conventional DDoS attack targeting servers and network resources is transformed in a cloud environment to a new attack that targets the cloud adopter's economic resource, namely Economic Denial of Sustainability (EDoS) attack. In this paper, we advocate a novel solution as an enhancement to prior work, namely EDoS-Shield, to mitigate the EDoS attacks originating from spoofed IP addresses. We design a discrete event simulation experiment to evaluate its performance and the results show that it is a promising solution to mitigate the EDoS attacks originating from spoofed IP addresses. The enhanced EDoS-Shield technique also outperforms the original EDoS-Shield in terms of performance and cost metrics.

A novel approach to detecting DDoS attacks at an early stage

Abstract: Distributed Denial-of-Service (DDoS) attacks pose a serious threat to Internet security. Most current research focuses on detection and prevention methods on the victim server or source side. To date, there has been no work on defenses using valuable information from the innocent client whose IP has been used in attacking packets. In this paper, we propose a novel cooperative system for producing warning of a DDoS attack. The system consists of a client detector and a server detector. The client detector is placed on the innocent client side and uses a Bloom filter-based detection scheme to generate accurate detection results yet consumes minimal storage and computational resources. The server detector can actively assist the warning process by sending requests to innocent hosts. Simulation results show that the cooperative technique presented in this paper can yield accurate DDoS alarms at an early stage. We theoretically show the false alarm probability of the detection scheme, which is insensitive to false alarms when using specially designed evaluation functions.

An Entropy Based Approach to Detect and Distinguish DDoS Attacks from Flash Crowds in VoIP Networks

Abstract: Voice over IP (VoIP) is a facility of providing voice services in accordance with IP (Internet Protocol) which provides better QoS (Quality of Service) than Public Switched Telephone Network (PSTN) at comparatively less cost.. Since Internet sufiers from various threats, VoIP, which uses IP for servicing the Clients also results in stepping down QoS. One of the major QoS threats is Server Availability. Attackers defeat the server processing capability and gain control over the server by ∞ooding lot of messages or requests and make server resources unavailable to the genuine user, resulting in DDoS (Distributed Denial of Service). But the server must predict the legitimate ∞ood namely Flash crowd and malicious attack ∞ooding usually DDoS. Both DDoS and Flash crowd creates abnormal tra‐c condition, but in order to improve Goodput, the server must be deployed with the mechanism that should classify legitimate and malicious call requests. This paper observes the tra‐c condition and the purpose of dealings varies which helps in outwitting the attackers. We also use the entropy packet analysis to minimize the tra‐c reaching the server. NS2 (Network Simulator 2) with SIP (Session Initiation Protocol) is ued to experiment and analyze the proposed work.

A Survey of Digital Evidences Forensic and Cybercrime Investigation Procedure.

Abstract: Due to the development of networks, cybercrime has many crime types, including network attack, mail fraud, intimidation, copyright infringement, and so on. For network attacks, many approaches have been proposed and used to detect and defense. However, after the network attack is confirmed or other crime exists, it still need to execute the investigation procedure by the investigators, collect the evidences related to the crime, find the perpetrators, and prosecute them. Therefore, in this paper, we collect the researches of investigation procedure of cybercrime in the recent years. By introducing the research investigation procedure of these papers, we will discover the features of every procedure. Then we compare these investigation procedures via the traditional investigative procedures compatibility, cybercrime behavior analysis, evidence forensic procedures, case analysis and verification, the methods of evidence collection and analysis, and the area of judicial jurisdiction. Finally, we will propose the viewpoints of cybercrime investigation and forensic procedures, and we wish this paper will help the research of investigation and forensic procedures.