scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

Efficient SYN Spoofing Detection and Mitigation Scheme for DDoS Attack

TL;DR: The work presented in this paper is experimented with Efficient Spoofed Mitigation Scheme (ESMS) which uses the TCP probing method along with the bloom filter trust model and provides accurate and robust information for the detection and controlling of the spoofed packets, during the DDoS attacks.
Abstract: Protection of critical server from cyber attacks is vital, especially in the case of active attacks like Distributed Denial of Service (DDoS). Seamless services are provided by the constant availability of the server which plays an important factor in providing the customer good Quality of Service (QoS). Monitoring and rate limiting the flow of packets will protect the victim systems by allowing only trusted users during the DDoS attack. The job of the security professionals becomes complex, when the attacks are launched from trusted IP addresses, using Synchronization (SYN) spoofing. The work presented in this paper is experimented with Efficient Spoofed Mitigation Scheme (ESMS) which uses the TCP probing method along with the bloom filter trust model. The proposed scheme provides accurate and robust information for the detection and controlling of the spoofed packets, during the DDoS attacks.
Citations
More filters
Journal ArticleDOI
TL;DR: A survey on DDoS defending technique using Bloom Filter is presented in this article, which is a probabilistic data structure for membership query that returns either true or false, and Bloom Filter uses tiny memory to store information of large data.
Abstract: Distributed Denial-of-Service (DDoS) is a menace for service provider and prominent issue in network security. Defeating or defending the DDoS is a prime challenge. DDoS make a service unavailable for a certain time. This phenomenon harms the service providers, and hence, loss of business revenue. Therefore, DDoS is a grand challenge to defeat. There are numerous mechanism to defend DDoS, however, this paper surveys the deployment of Bloom Filter in defending a DDoS attack. The Bloom Filter is a probabilistic data structure for membership query that returns either true or false. Bloom Filter uses tiny memory to store information of large data. Therefore, packet information is stored in Bloom Filter to defend and defeat DDoS. This paper presents a survey on DDoS defending technique using Bloom Filter.

21 citations

Posted Content
TL;DR: In this article, the authors present the key concepts of the main areas in computer security and how it has evolved in the last years, focusing on cryptography, user authentication, denial of service attacks, intrusion detection and firewalls.
Abstract: The new generation of security threats has been promoted by digital currencies and real-time applications, where all users develop new ways to communicate on the Internet. Security has evolved in the need of privacy and anonymity for all users and his portable devices. New technologies in every field prove that users need security features integrated into their communication applications, parallel systems for mobile devices, internet, and identity management. This review presents the key concepts of the main areas in computer security and how it has evolved in the last years. This work focuses on cryptography, user authentication, denial of service attacks, intrusion detection and firewalls.

5 citations

11 Dec 2017
TL;DR: A new technique to mitigate the impacts of attacks which is called Enhanced DDoS-Mitigation System (Enhanced DDoS -MS) that helps in overcoming the determined security gap is introduced.
Abstract: Cyber security is one of the most attention seeking issues with the increasing advancement of technology specifically when the network availability is threaten by attacks such as Denial of Service attacks (DoS), Distributed DoS attacks (DDoS), and Economic Denial of Sustainability (EDoS). The loss of the availability and accessibility of cloud services have greater impacts than those in the traditional enterprises networks. This paper introduces a new technique to mitigate the impacts of attacks which is called Enhanced DDoS-Mitigation System (Enhanced DDoS-MS) that helps in overcoming the determined security gap. The proposed technique is evaluated experimentally and the result shows that the proposed method adds lower delays as a result of the enhanced security. The paper also suggests some future directions to improve the proposed framework.

5 citations


Cites background from "Efficient SYN Spoofing Detection an..."

  • ...requests so the legitimate users become incapable of accessing the network even they are eligible for legitimate access to the network resources [5]....

    [...]

02 Jul 2019
TL;DR: This review presents the key concepts of the main areas in computer security and how it has evolved in the last years, focusing on cryptography, user authentication, denial of service attacks, intrusion detection and firewalls.
Abstract: The new generation of security threats has been promoted by digital currencies and real-time applications, where all users develop new ways to communicate on the Internet. Security has evolved in the need of privacy and anonymity for all users and his portable devices. New technologies in every field prove that users need security features integrated into their communication applications, parallel systems for mobile devices, internet, and identity management. This review presents the key concepts of the main areas in computer security and how it has evolved in the last years. This work focuses on cryptography, user authentication, denial of service attacks, intrusion detection and firewalls.

3 citations


Cites background from "Efficient SYN Spoofing Detection an..."

  • ...Kavinsankar et al.[42] proposed an Efficient SYN Spoofing Detection and Mitigation (ESDMS) Schema....

    [...]

Journal ArticleDOI
TL;DR: In this paper , a multilayer perceptron (MLP) is used to evaluate the effectiveness of metrics-based attack detection, and the proposed MLP classification algorithm has an efficiency of 98.99% in detecting DDoS attacks.
Abstract: Distributed denial of service (DDoS) attacks pose an increasing threat to businesses and government agencies. They harm internet businesses, limit access to information and services, and damage corporate brands. Attackers use application layer DDoS attacks that are not easily detectable because of impersonating authentic users. In this study, we address novel application layer DDoS attacks by analyzing the characteristics of incoming packets, including the size of HTTP frame packets, the number of Internet Protocol (IP) addresses sent, constant mappings of ports, and the number of IP addresses using proxy IP. We analyzed client behavior in public attacks using standard datasets, the CTU-13 dataset, real weblogs (dataset) from our organization, and experimentally created datasets from DDoS attack tools: Slow Lairs, Hulk, Golden Eyes, and Xerex. A multilayer perceptron (MLP), a deep learning algorithm, is used to evaluate the effectiveness of metrics-based attack detection. Simulation results show that the proposed MLP classification algorithm has an efficiency of 98.99% in detecting DDoS attacks. The performance of our proposed technique provided the lowest value of false positives of 2.11% compared to conventional classifiers, i.e., Naïve Bayes, Decision Stump, Logistic Model Tree, Naïve Bayes Updateable, Naïve Bayes Multinomial Text, AdaBoostM1, Attribute Selected Classifier, Iterative Classifier, and OneR.

1 citations

References
More filters
Journal ArticleDOI
01 Apr 2004
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Abstract: Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.

1,866 citations


"Efficient SYN Spoofing Detection an..." refers background in this paper

  • ...One of the active cyber attacks, discussed by [4] the DDoS (Distributed Denial of Service), highly affects the available bandwidth and causes depletion to the system resources, thereby rendering poor QoS to the clients....

    [...]

Journal ArticleDOI
TL;DR: A novel filtering technique, called Hop-Count Filtering (HCF), is presented-which builds an accurate IP-to-hop-count (IP2HC) mapping table-to detect and discard spoofed IP packets.
Abstract: IP spoofing has often been exploited by Distributed Denial of Service (DDoS) attacks to: 1) conceal flooding sources and dilute localities in flooding traffic, and 2) coax legitimate hosts into becoming reflectors, redirecting and amplifying flooding traffic. Thus, the ability to filter spoofed IP packets near victim servers is essential to their own protection and prevention of becoming involuntary DoS reflectors. Although an attacker can forge any field in the IP header, he cannot falsify the number of hops an IP packet takes to reach its destination. More importantly, since the hop-count values are diverse, an attacker cannot randomly spoof IP addresses while maintaining consistent hop-counts. On the other hand, an Internet server can easily infer the hop-count information from the Time-to-Live (TTL) field of the IP header. Using a mapping between IP addresses and their hop-counts, the server can distinguish spoofed IP packets from legitimate ones. Based on this observation, we present a novel filtering technique, called Hop-Count Filtering (HCF)--which builds an accurate IP-to-hop-count (IP2HC) mapping table--to detect and discard spoofed IP packets. HCF is easy to deploy, as it does not require any support from the underlying network. Through analysis using network measurement data, we show that HCF can identify close to 90% of spoofed IP packets, and then discard them with little collateral damage. We implement and evaluate HCF in the Linux kernel, demonstrating its effectiveness with experimental measurements.

350 citations

01 Aug 2007
TL;DR: This document describes TCP SYN flooding attacks, which have been well-known to the community for several years, and various countermeasures against these attacks, and the trade-offs of each.
Abstract: This document describes TCP SYN flooding attacks, which have been well-known to the community for several years. Various countermeasures against these attacks, and the trade-offs of each, are described. This document archives explanations of the attack and common defense techniques for the benefit of TCP implementers and administrators of TCP servers or networks, but does not make any standards-level recommendations. This memo provides information for the Internet community.

306 citations

11 Feb 2002
TL;DR: This paper discusses several approaches for dealing with the exhaustion problem, including SYN caches and SYN cookies, and the implementation of the specific solution used in FreeBSD is analyzed.
Abstract: Machines that provide TCP services are often susceptible to various types of Denial of Service attacks from external hosts on the network. One particular type of attack is known as a SYN flood, where external hosts attempt to overwhelm the server machine by sending a constant stream of TCP connection requests, forcing the server to allocate resources for each new connection until all resources are exhausted. This paper discusses several approaches for dealing with the exhaustion problem, including SYN caches and SYN cookies. The advantages and drawbacks of each approach are presented, and the implementation of the specific solution used in FreeBSD is analyzed.

241 citations


"Efficient SYN Spoofing Detection an..." refers background in this paper

  • ...This section discusses the performance comparison between the proposed ESDMS for mitigating the SYN spoofed packets with the existing SYN cookies [3], HOP count [1], [10], [13], [18], IP puzzle [8] and without defense schemes....

    [...]

Journal ArticleDOI
TL;DR: The current state of IP spoofing is looked into, the various defense mechanisms available today are described, and what obstacles stand in the way of deploying modern solutions and what areas require further research are analyzed.
Abstract: IP source address spoofing has plagued the Internet for many years. Attackers spoof source addresses to mount attacks and redirect blame. Researchers have proposed many mechanisms to defend against spoofing, with varying levels of success. With the defense mechanisms available today, where do we standq How do the various defense mechanisms compareq This article first looks into the current state of IP spoofing, then thoroughly surveys the current state of IP spoofing defense. It evaluates data from the Spoofer Project, and describes and analyzes host-based defense methods, router-based defense methods, and their combinations. It further analyzes what obstacles stand in the way of deploying those modern solutions and what areas require further research.

88 citations


"Efficient SYN Spoofing Detection an..." refers background in this paper

  • ...If DDoS attackers use the spoofed packets to hide their identity, the rate of spoofed attacks has increases, which can be inferred from the results of the spoofed project given [14]....

    [...]