Search results for "Denial-of-service attack"
showing 10 items of 16 documents
Deep in the Dark: A Novel Threat Detection System using Darknet Traffic
2019
This paper proposes a threat detection system based on Machine Learning classifiers that are trained using darknet traffic. Traffic destined to Darknet is either malicious or by misconfiguration. Darknet traffic contains traces of several threats such as DDoS attacks, botnets, spoofing, probes and scanning attacks. We analyse darknet traffic by extracting network traffic features from it that help in finding patterns of these advanced threats. We collected the darknet traffic from the network sensors deployed at SURFnet and extracted several network-based features. In this study, we proposed a framework that uses supervised machine learning and a concept drift detector. Our experimental res…
State of the Art Literature Review on Network Anomaly Detection
2018
As network attacks are evolving along with extreme growth in the amount of data that is present in networks, there is a significant need for faster and more effective anomaly detection methods. Even though current systems perform well when identifying known attacks, previously unknown attacks are still difficult to identify under occurrence. To emphasize, attacks that might have more than one ongoing attack vectors in one network at the same time, or also known as APT (Advanced Persistent Threat) attack, may be hardly notable since it masquerades itself as legitimate traffic. Furthermore, with the help of hiding functionality, this type of attack can even hide in a network for years. Additi…
Mitigating DDoS using weight‐based geographical clustering
2020
Distributed denial of service (DDoS) attacks have for the last two decades been among the greatest threats facing the internet infrastructure. Mitigating DDoS attacks is a particularly challenging task as an attacker tries to conceal a huge amount of traffic inside a legitimate traffic flow. This article proposes to use data mining approaches to find unique hidden data structures which are able to characterize the normal traffic flow. This will serve as a mean for filtering illegitimate traffic under DDoS attacks. In this endeavor, we devise three algorithms built on previously uncharted areas within mitigation techniques where clustering techniques are used to create geographical clusters …
Using Cloud Computing to Implement a Security Overlay Network
2012
This article proposes and analyzes a general cloud-based security overlay network that can be used as a transparent overlay network to provide services such as intrusion detection systems, antivirus and antispam software, and distributed denial-of-service prevention. The authors analyze each of these in-cloud security services in terms of resiliency, effectiveness, performance, flexibility, control, and cost.
Artificial Intelligence in Protecting Smart Building’s Cloud Service Infrastructure from Cyberattacks
2020
Gathering and utilizing stored data is gaining popularity and has become a crucial component of smart building infrastructure. The data collected can be stored, for example, into private, public, or hybrid cloud service infrastructure or distributed service by utilizing data platforms. The stored data can be used when implementing services, such as building automation (BAS). Cloud services, IoT sensors, and data platforms can face several kinds of cybersecurity attack vectors such as adversarial, AI-based, DoS/DDoS, insider attacks. If a perpetrator can penetrate the defenses of a data platform, she can cause significant harm to the system. For example, the perpetrator can disrupt a buildin…
A configurable rule based classful token bucket filter network request scheduler for the lustre file system
2017
HPC file systems today work in a best-effort manner where individual applications can flood the file system with requests, effectively leading to a denial of service for all other tasks. This paper presents a classful Token Bucket Filter (TBF) policy for the Lustre file system. The TBF enforces Remote Procedure Call (RPC) rate limitations based on (potentially complex) Quality of Service (QoS) rules. The QoS rules are enforced in Lustre's Object Storage Servers, where each request is assigned to an automatically created QoS class.The proposed QoS implementation for Lustre enables various features for each class including the support for high-priority and real-time requests even under heavy …
Firewall as a service in SDN OpenFlow network
2015
Protecting publicly available servers in internet today is a serious challenge, especially when encountering Distributed denial-of-service (DDoS) attacks. In traditional internet, there is narrow scope of choices one can take when ingress traffic overloads physical connection limits. This paper proposes Firewall as a service in internet service providers (ISP) networks allowing end users to request and install match-action rules in ISPs edge routers. In proposed scenario, ISP runs Software Defined Networking environment where control plane is separated from data plane utilizing OpenFlow protocol and ONOS controller. For interaction between end-users and SDN Controller author defines an Appl…
Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic
2016
Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by applying an anomaly-based approach to statistics extracted from network packets. The method involves construction of a model of normal user behavior with the help of weighted fuzzy clustering. The construction algorithm is self-adaptive and allows one to update the model every time when a new portion of network tr…
Smart Grid Security: A new Approach to Detect Intruders in a Smart Grid Neighborhood Area Network
2016
International audience; In this paper, we propose an efficient and lightweight attack detection mechanism for a smart grid Neighborhood Area Network (NAN) that combine between distributed and centralized intrusion detection. A NAN includes the customers' appliances, smart meters and collectors. The smart meters measure the power consumption of each appliance and the collectors aggregate the measures and forward them to the control center for analysis. Intrusion Detection System (IDS) agents, proposed in our framework, run in a distributed fashion at smart meters level and in a centralized fashion at collector and control center nodes. A combination between a rule-based detection and a learn…
Domain Generation Algorithm Detection Using Machine Learning Methods
2018
A botnet is a network of private computers infected with malicious software and controlled as a group without the knowledge of the owners. Botnets are used by cybercriminals for various malicious activities, such as stealing sensitive data, sending spam, launching Distributed Denial of Service (DDoS) attacks, etc. A Command and Control (C&C) server sends commands to the compromised hosts to execute those malicious activities. In order to avoid detection, recent botnets such as Conficker, Zeus, and Cryptolocker apply a technique called Domain-Fluxing or Domain Name Generation Algorithms (DGA), in which the infected bot periodically generates and tries to resolve a large number of pseudorando…