Search results for "Denial-of-service attack"

showing 6 items of 16 documents

Algorithmic Complexity Vulnerability Analysis of a Stateful Firewall

2016

Algorithmic complexity vulnerabilities are an opportunity for an ad-versary to conduct a sophisticated kind of attack i.e. on network infrastructure services. Such attacks take advantage of worst case time or space complexity of algorithms implemented on devices in their software. In this paper we address potential risks introduced by such algorithmic behavior in computer networks in particular on a stateful firewall. First we introduce the idea and theoretical background for the attack. We then describe in full detail a successfully con-ducted attack which takes advantage of the worst case computational complexi-ty of O(n2) of a hash table data structure used to store active sessions. The …

RouterComputer sciencenetwork vulnerabilitiesDenial-of-service attack02 engineering and technologyNetwork topologyComputer securitycomputer.software_genreFirewall (construction)Stateful firewall0202 electrical engineering electronic engineering information engineeringDenial of Servicecomplexity attackcomputational complexitybusiness.industryComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS020206 networking & telecommunicationsHash tablese-curitycomputer networksDoSbusinessSegmentation faultcomputerRebootComputer network
researchProduct

Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol

2015

Denial of Service attacks remain one of the most serious threats to the Internet nowadays. In this study, we propose an algorithm for detection of Denial of Service attacks that utilize SSL/TLS protocol. These protocols encrypt the data of network connections on the application layer which makes it impossible to detect attackers activity based on the analysis of packet payload. For this reason, we concentrate on statistics that can be extracted from packet headers. Based on these statistics, we build a model of normal user behavior by using several data mining algorithms. Once the model has been built, it is used to detect DoS attacks. The proposed framework is tested on the data obtained w…

Transport Layer SecurityNetwork securitybusiness.industryNetwork packetComputer scienceComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSDenial-of-service attackIntrusion detection systemcomputer.software_genreApplication layerAnomaly detectionThe InternetData miningbusinesscomputerComputer network
researchProduct

Data Stream Clustering for Application-Layer DDoS Detection in Encrypted Traffic

2018

Application-layer distributed denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed using legitimate requests from legitimately connected network machines that make these attacks undetectable by signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer, making it even harder to detect an attacker’s activity without decrypting users’ network traffic, and therefore violating their privacy. In this paper, we present a method that allows us to detect various application-l…

Web serverbusiness.industryComputer scienceNetwork packetDenial-of-service attackIntrusion detection systemEncryptioncomputer.software_genreApplication layerData stream clusteringbusinesscomputerVirtual networkComputer network
researchProduct

Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks

2017

With the emergence of cloud computing, many attacks, including Distributed Denial-of-Service (DDoS) attacks, have changed their direction towards cloud environment. In particular, DDoS attacks have changed in scale, methods, and targets and become more complex by using advantages provided by cloud computing. Modern cloud computing environments can benefit from moving towards Software-Defined Networking (SDN) technology, which allows network engineers and administrators to respond quickly to the changing business requirements. In this paper, we propose an approach for detecting application-layer DDoS attacks in cloud environment with SDN. The algorithm is applied to statistics extracted from…

business.industryComputer scienceProbabilistic logic020206 networking & telecommunicationsDenial-of-service attackCloud computing02 engineering and technologyEncryptionApplication layeranomaly detectionDDoS attackSDNprobabilistic model0202 electrical engineering electronic engineering information engineeringbehavior pattern020201 artificial intelligence & image processingAnomaly detectionCluster analysisbusinessSoftware-defined networkingComputer networkclustering
researchProduct

New client puzzle approach for DoS resistance in ad hoc Networks

2010

In this paper we propose a new client puzzle approach to prevent Denial of Service (DoS) attacks in ad hoc networks. Each node in the network first solves a computational problem and with the solution has to create and solve a client puzzle. By combining computational problems with puzzles, we improve the efficiency and latency of the communicating nodes and resistance in DoS attacks. Experimental results show the effectiveness of our approach.

business.industryWireless ad hoc networkComputer scienceServerMathematicsofComputing_GENERALCryptographyDenial-of-service attackComputational problemLatency (engineering)businessQA76Computer network2010 IEEE International Conference on Information Theory and Information Security
researchProduct

Palvelunestohyökkäysten havainnointi ja torjuminen tilastollisilla menetelmillä

2015

Palvelunestohyökkäykset ovat ajankohtaisena ongelmana tärkeä tutkimuksen kohde. Palvelunestohyökkäysten torjumiseen tarvitaan menetelmiä, joilla palvelua kuormittava hyökkäysliikenne voidaan erottaa tavallisesta verkkoliikenteestä. Tämän tutkimuksen tavoitteena on perehtyä palvelunestohyökkäysten toimintaan ja selvittää, mitä tilastollisia torjumismenetelmiä hyökkäysten torjumiseen käytetään. Tutkimuksessa selvitettiin palvelunestohyökkäysten yleiset pääpiirteet ja luokiteltiin hyökkäykset kahteen pääluokkaan. Lisäksi tutkimuksessa tunnistettiin neljä eri tilastollista torjumismenetelmää. Palvelunestohyökkäysten torjuminen on haasteellista, eikä yleiskäyttöistä torjumismenetelmää ole kehite…

tilastollinenpalvelunestohyökkäysdenial-of-service attackstatistical
researchProduct