Denial of Service Attack

In 2006, 100,000 servers were broken down just within 10 minutes . Those were the victims of some Denial-of-Service attacks. This news and knowing that some of those victims were so well-known companies like Hotmail and Amazon, indicate the significance of this kind of threats and attacks. "In a DoS attack, a malicious client (called the attacker) performs operations designed to partially or completely prevent legitimate clients from gaining service form a server (called the victim)" . DoS attacks can be categorized in two main classes: logic attacks and flooding attacks. In flooding attacks, which are discussed in this paper, the resources of the victim server are consumed by sending a big number of requests to it in order to make it unable to provide appropriate services to legitimate clients.

The emergence of Voice over IP (VoIP) has offered numerous advantages for end users and providers alike, but simultaneously has introduced security threats, vulnerabilities and attacks not previously encountered in networks with a closed architecture like the Public Switch Telephone Network (PSTN). In this paper we propose a two layer architecture to prevent Denial of Service attacks on VoIP systems based on the Session Initiation Protocol (SIP). The architecture is designed to handle different types of attacks, including request flooding, malformed message sending, and attacks on the underlying DNS system. The effectiveness of the prevention mechanisms have been tested both in the laboratory and on a real live VoIP provider network.

Distributed Denial of Service (DDoS) attacks are a threat to the security of red. In recent years, these attacks have been directed especially towards the application layer. This phenomenon is mainly due to the large number of existing tools for the generation of this type of attack. The highest detection rate achieved by a method in the application capacity is 98.5 percent. Therefore, the problem of detecting DDoS attacks persists. In this work an alternative of detection based on the dynamism of the web user is proposed. To do this, evaluate the user's characteristics, mouse functions and right click. For the evaluation, a data set of 11055 requests was used, from which the characteristics were extracted and entered into a classification algorithm. To that end, it can be applied once in Java for the classification of real users and DDoS attacks. The results showed that the evaluated characteristics achieved an efficiency of 100 percent. Therefore, it is concluded that these ch...

A denial-of-service (DoS) attack is an attempt by a single person or a group of people to disrupt an online service. In a bandwidth attack, attackers clog links or routers by generating a traffic overload. This can have serious consequences to companies that rely on their online availability to do business. The ubiquity of tools to organize DoS attacks and the determination of some people to wreak havoc make for potential future problems. This thesis proposes a MUlti-Level Tree for Online Packet Statistics (MULTOPS): an attackresistant data structure enabling routers to detect ongoing bandwidth attacks by searching for significant asymmetries between packet rates to and from different subnets. Statistics are kept in a tree that dynamically adapts its shape to (1) reflect changes in packet rates, and (2) avoid (maliciously intended) memory exhaustion. A MULTOPS is suitable to detect the type of bandwidth attack that occurred on a large scale in February 2000. To remain undetected, the attacker has to launch the attack from a large number of distinct sites which makes mounting the attack more difficult. This will hopefully discourage many attackers.

Despite a plethora of research in the area, none of the mechanisms proposed so far for Denial-of-Service (DoS) mitigation has been widely deployed. We argue in this paper that these deployment difficulties are primarily due to economic inefficiency, rather than to technical shortcomings of the proposed DoS-resilient technologies. We identify economic phenomena, negative externality---the benefit derived from adopting a technology depends on the action of others---and economic incentive misalignment---the party who suffers from an economic loss is different from the party who is in the best position to prevent that loss---as the main stumbling blocks of adoption. Our main contribution is a novel DoS mitigation architecture, Burrows, with an economic incentive realignment property. Burrows is obtained by re-factoring existing key DoS mitigation technologies, and can increase the "social welfare," i.e., economic benefit, of the entire Internet community---both infrastructure ...

Distributed Denial of Service (DDoS) attacks are dangerous attacks that can cause disruption to server, system or application layer. It will flood the target server with the amount of Internet traffic that the server could not afford at one time. Therefore, it is possible that the server will not work if it is affected by this DDoS attack. Due to this attack, the network security environment becomes insecure with the possibility of this attack. In recent years, the cases related to DDoS attacks have increased. Although previously there has been a lot of research on DDoS attacks, cases of DDoS attacks still exist. Therefore, the research on feature selection approach has been done in effort to detect the DDoS attacks by using machine learning techniques. In this paper, to detect DDoS attacks, features have been selected from the UNSW-NB 15 dataset by using Information Gain and Data Reduction method. To classify the selected features, ANN, Naïve Bayes, and Decision Table algorithms we...

Internet was designed for network services without any intention for secure communication. Exponential growth of internet and its users have developed an era of global competition and rivalry. Denial of service attack by multiple nodes is capable of disturbing the services of rival servers. The attack can be for multiple reasons e. g. extortion or to beat the rivals. Peer

This paper investigates the effect of common network attacks on the performance, and security of several biometric readers. Experiments are conducted using Denial of Service attacks (DoSs) and the ARP cache poisoning attack. The experiments show that the tested biometric readers are vulnerable to DoS attacks, and their recognition performance is significantly affected after launching the attacks. However, the experiments show that the tested biometric readers are secure from the ARP cache poisoning attack. This work demonstrates that biometric readers are easy targets for malicious network users, lack basic security mechanisms, and are vulnerable to common attacks. The confidentiality, and integrity of the log files in the biometric readers, could be compromised with such attacks. It then becomes important to study these attacks in order to find flags that could aid in a network forensic investigation of a biometric device.

The prevention of any type of cyber attack is indispensable because a single attack may break the security of computer and network systems. The hindrance of such attacks is entirely dependent on their detection. The detection is a major part of any security tool such as Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Adaptive Security Alliance (ASA), check points and firewalls. Consequently, in this paper, we are contemplating the feasibility of an approach to probing attacks that are the basis of others attacks in computer network systems. Our approach adopts a supervised neural network phenomenon that is majorly used for detecting security attacks. The proposed system takes into account Multiple Layered Perceptron (MLP) architecture and resilient backpropagation for its training and testing. The system uses sampled data from Kddcup99 dataset, an attack database that is a standard for evaluating the security detection mechanisms. The developed system is applied to different probing attacks. Furthermore, its performance is compared to other neural networks' approaches and the results indicate that our approach is more precise and accurate in case of false positive, false negative and detection rate.

This article describes how cloud computing has become a significant IT infrastructure in business, government, education, research, and service industry domains. Security of cloud-based applications, especially for those applications with constant inbound and outbound user traffic is important. It becomes of the utmost importance to secure the data flowing between the cloud application and user systems against cyber criminals who launch Denial of Service (DoS) attacks. Existing research related to cloud security focuses on securing the flow of information on servers or between networks but there is a lack of research to mitigate Distributed Denial of Service attacks on cloud environments as presented by Buyya et al. and Fachkha, et al. In this article, the authors propose an algorithm and a Hybrid Cloud-based Secure Architecture to mitigate DDoS attacks. By proposing a three-tier cloud infrastructure with a two-tier defense system for separate Network and Application layers, the aut...

Security MAC Jamming Interference IEEE 802.11 access points deployed in shopping malls, university campuses, crowded streets, airports, and many other locations provide ubiquitous Internet access to millions of stations. However, these hot spots are vulnerable to Denial-of-Service (DoS) attacks due to the broadcast nature of wireless communication. It does not require specialized hardware or particularly high level of experience to render 802.11 networks inoperable through DoS attacks. Standard off-the-shelf equipment is sufficient for a malicious station to disrupt the service between access points and stations. In this paper we present a systematic survey of DoS attacks, which exploits MAC and physical layer vulnerabilities of 802.11 networks. Available countermeasures against DoS attacks are discussed and compared. Future research directions and open issues are also discussed.

The main challenge in network security is keeping up with all threat types that arise every day. Traditional security mechanisms such as firewalls and Intrusion Detection System (IDS) do not provide detection for new attacks or helping in learning new attackers’ techniques. This paper presents a hybrid honeypot scheme that combines low and high interaction honeypots to mitigate the shortcomings of both types. The low interaction honeypots are used to emulate operating systems and services, and for any outbound connection, they act as a proxy to forward the packets to real systems in high interaction honeypot. The scheme is tested by applying Distributed Denial of Service attack (DDOS) against the system, and a significant enhancement to the system security is achieved. The results show that the performance of the IDS has been improved comparing with traditional IDS. Furthermore, the false positive rate is reduced, and the true positive rate is enhanced.

Modern surveillance devices are increasingly being taken off private networks and placed onto networks connected via gateway to the Internet or into Wi-Fi based local area wireless networks (LAWN). The devices are also increasingly using IPv4 and IPv6 network stacks and some form of embedded processing or compute built in. Additionally, some specialist devices are using assistive technologies such as GPS or A-GPS. This paper explored the issues with use of the technologies in a networked environment, both wireless and internetworked. Analysis of these systems shows that the use of IP based CCTV systems carries greater risk than traditional CCTV systems, primarily due to the exposure to IP based vulnerabilities. Furthermore, Wi-Fi based IP CCTV systems are additionally susceptible to remote, physical denial of service attacks due to the broadcast nature of wireless communication systems. Interception of traffic is possible with IP based systems, and again, Wi-Fi IP based CCTV systems...

Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional end-to-end congestion control, the problem must be handled by the routers. Functionality is added to each router to detect and preferentially drop packets that probably belong to an attack. Upstream routers are also notified to drop such packets in order that the router's resources be used to route legitimate traffic hence term pushback. Client puzzles have been advocated as a promising countermeasure to DoS attacks in the recent years. In order to identify the attackers, the victim server issues a puzzle to the client that sent the traffic. When the client is able to solve the puzzle, it is assumed to be authentic and the traffic from it is allowed into the server. If the victim suspects that the puzzles are solved by most of the clients, it increases the complexity of the puzzles. This puzzle solving technique allows the traversal of the attack traffic throughout the intermediate routers before reaching the destination. In order to attain the advantages of both pushback and puzzle solving techniques, a hybrid scheme called Router based Pushback technique, which involves both the techniques to solve the problem of DDoS attacks is proposed. In this proposal, the puzzle solving mechanism is pushed back to the core routers rather than having at the victim. The router based client puzzle mechanism checks the host system whether it is legitimate or not by providing a puzzle to be solved by the suspected host.

Schwartau (1994) defined information warfare as the application of information and communication technologies to compromise or access an adversary’s technological infrastructure.  The purpose is to control, disrupt, disable or access it to obtain relevant details and information on the target’s resources, proprietary information, or military plans.  Taddeo (2016) identified some of the most notable examples such as the distributed denial of service attacks (DDoS) initiated during the 2010 Burma elections, the Stuxnet virus that affected the Iranian nuclear facilities, and the Wanna Cry ransomware cryptoattack of 2017 that affected computers running Microsoft-which is an awful lot of computers. Keep in mind, these are the ones that we are aware of because of the wide press coverage received.
Taddeo (2016) declared that in 2010, information warfare was officially listed among the several different domains whereby war could be waged.  It ranks fifth behind the traditional military constructs of land, sea, air, and space.  Why would it be that important would you ask? Well, if you pay attention to current events, you will see that the cyber domain is getting more airtime than any other battle.  The powers that be have figured out that having the capability to manipulate, disrupt, destroy or otherwise control the enemy’s (e.g. civilian or military) technological infrastructure is huge.  It has become a weapon that is  just as if not more decisive that conducting a land campaign and may have even more influence on conflict resolution.

... like attacks like Smurf and TCP-SYN uses Rahul Chowdary Bobba(B.Tech), Raghunath. ... San Diego, Jan 2004. [9] HR Nagesh, Chandra Sekaran K. Department of Computer Engineering, PA College of Engineering, Mangalore, Karnataka, INDIA Department of Computer ...

Distributed Denial of Service attack is a coordinated attack, generally performed on a massive scale on the availability of services of a target system or network resources. Due to the continuous evolution of new attacks and ever-increasing number of vulnerable hosts on the Internet, many DDoS attack detection or prevention mechanisms have been proposed.

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'.

This paper describes an approach to detecting distributed denial of service (DDoS) attacks that is based on fundamentals of Information Theory, specifically Kolmogorov Complexity. A theorem derived using principles of Kolmogorov Complexity states that the joint complexity measure of random strings is lower than the sum of the complexities of the individual strings when the strings exhibit some correlation. Furthermore, the joint complexity measure varies inversely with the amount of correlation. We propose a distributed active network-based algorithm that exploits this property to correlate arbitrary traffic flows in the network to detect possible denial-of-service attacks. One of the strengths of this algorithm is that it does not require special filtering rules and hence it can be used to detect any type of DDoS attack. We implement and investigate the performance of the algorithm in an active network. Our results show that DDoS attacks can be detected in a manner that is not sensitive to legitimate background traffic.

Cognitive radio technologies have emerged as a platform to solve the problem of spectrum scarcity for wireless applications since cognitive radios have the potential to utilize the idle licensed spectrum bands in an intelligent way without interfering with other licensed devices. However, most of the proposed protocols for opportunistic usage of the licensed spectrum bands assume that the participants involved in the protocols are honest and that there are no malicious adversaries that will attack the network. Using two examples, we demonstrate that in the presence of a malicious adversary the systems designed making these assumptions will fail to fulfill their goals of minimal disruption of the primary users and efficient utilization of the unused spectrum. We also briefly discuss some security design goals of the future cognitive DSA networks.

Summary Wireless Local Area Networks (WLANs) are cost effective and desirable gateways to mobile computing. They allow computers to be mobile, cable less and communicate with speeds close to the speeds of wired LANs. These features came with expensive price to ...

Summary Wireless Local Area Networks (WLANs) are cost effective and desirable gateways to mobile computing. They allow computers to be mobile, cable less and communicate with speeds close to the speeds of wired LANs. These features came with expensive price to ...

Systems using capabilities to provide preferential service to selected flows have been proposed as a defense against large-scale network denial-of-service attacks. While these systems offer strong protection for established network flows, the Denial-of-Capability (DoC) attack, which prevents new capability-setup packets from reaching the destination, limits the value of these systems. Portcullis mitigates DoC attacks by allocating scarce link bandwidth for connection establishment packets based on per-computation fairness. We prove that a legitimate sender can establish a capability with high probability regardless of an attacker’s resources or strategy and that no system can improve on our guarantee. We simulate full and partial deployments of Portcullis on an Internetscale topology to confirm our theoretical results and demonstrate the substantial benefits of using per-computation fairness.

Most of the recent work on Web security focuses on preventing attacks that directly harm the browser's host machine and user. In this paper we attempt to quantify the threat of browsers being indirectly misused for attack- ing third parties. Specifically, we look at how the existing Web infrastructure (e.g., the languages, protocols, and se- curity policies) can be exploited

The prevention of any type of cyber attack is indispensable because a single attack may break the security of computer and network systems. The hindrance of such attacks is entirely dependent on their detection. The detection is a major part of any security tool such as Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Adaptive Security Alliance (ASA), check points and firewalls. Consequently, in this paper, we are contemplating the feasibility of an approach to probing attacks that are the basis of others attacks in computer network systems. Our approach adopts a supervised neural network phenomenon that is majorly used for detecting security attacks. The proposed system takes into account Multiple Layered Perceptron (MLP) architecture and resilient backpropagation for its training and testing. The system uses sampled data from Kddcup99 dataset, an attack database that is a standard for evaluating the security detection mechanisms. The developed system is applied to different probing attacks. Furthermore, its performance is compared to other neural networks' approaches and the results indicate that our approach is more precise and accurate in case of false positive, false negative and detection rate.

oice over IP (VoIP) technology is gaining popularity as an alternative to traditional telephony in homes and enterprises. Deployment in homes is fueled by lower-cost services provided by home broadband Internet service providers, VoIP providers , and peer-topeer networks , collectively boasting up to 17.4 million users . Similarly, enterprises are converting their internal private branch exchange (PBX) systems and contact centers to VoIP. The key motivation for this transition is not just the reduced cost, but the ease of integration of voice services with other network-based applications, particularly in the enterprise environment.

We discuss distributed denial of service attacks in the Internet. We were motivated by the widely known February 2000 distributed attacks on Yahoo!, Amazon.com, CNN.com, and other major Web sites. A denial of service is characterized by an explicit attempt by an attacker to prevent legitimate users from using resources. An attacker may attempt to: "flood" a network and thus reduce a legitimate user's bandwidth, prevent access to a service, or disrupt service to a specific system or a user. We describe methods and techniques used in denial of service attacks, and we list possible defenses. In our study, we simulate a distributed denial of service attack using ns-2 network simulator. We examine how various queuing algorithms implemented in a network router perform during an attack, and whether legitimate users can obtain desired bandwidth. We find that under persistent denial of service attacks, class based queuing algorithms can guarantee bandwidth for certain classes ...

Summary Wireless Local Area Networks (WLANs) are cost effective and desirable gateways to mobile computing. They allow computers to be mobile, cable less and communicate with speeds close to the speeds of wired LANs. These features came with expensive price to ...

Denial of Service attacks constitute one of the greatest problem in network security. Monitoring traffic is one of the main techniques used in order to find out the existence of possible outliers in the traffic patterns. In this paper, we propose an approach that detects Denial of Service attacks using Emergent Self-Organizing Maps. The approach is based on classifying "normal" traffic against "abnormal" traffic in the sense of Denial of Service attacks. The approach permits the automatic classification of events that are contained in logs and visualization of network traffic. Extensive simulations show the effectiveness of this approach compared to previously proposed approaches regarding false alarms and detection probabilities.

Cyberwarfare has been waged for well over a decade, utilizing methods such as website defacement, data leakage, and distributed denial of service attacks (DDoS). This paper focuses on the latter, attacks that are easily carried out and designed to overwhelm a victim's network with wasted traffic. The goal of a DDoS attack is to make the use of the network impossible for internal or external users. Through a brief examination of the history of these attacks, we find they previously were designed to inflict punitive damage on the victim but have since grown into sophisticated censorship tools. Our approach measure such attacks by looking at Internet backbone traffic, botnet activities, BGP routing changes, and community chatter about such attacks to provide a robust picture of politically targeted DDoS attacks. Our analysis indicates that most of the attackers are non-state actors but are able to fluidly utilize a growing botnet population to launch massive denial of service attacks. This finding has broad ramifications for the future of these attacks.

In 2003, Lin et al. proposed an enhanced protocol of optimal strong-password authentication protocol (OSPA). Recently, Chang and Chang showed that Lin et al.'s protocol is vulnerable to a server spoofing attack and a denial-of-service attack and then described an improved protocol. In this paper, we show that Chang-Chang's protocol is still vulnerable to a stolen-verifier attack. In addition, we also propose an improved protocol with better security.

The Address Resolution Protocol (ARP) is used by computers to map network addresses (IP) to physical addresses [MAC] and we can't imagine a communications between networks without the support of ARP protocol. However, ARP had been misused by many malicious hosts for illegitimate penetration; ARP Spoofing is one example for such illegal access. ARP Spoofing can enable malicious hosts to perform Man-in-the-Middle attacks [MiM] as well as a Denial of Service attacks [DoS]. Unfortunately, ARP Spoofing has not been focused by security experts or solutions, e.g, Intrusion Detection Systems or Intrusion Protection Systems [IDS/IPS]. In this research we evaluate the most famous & expensive detection and prevention [IDS/IPS] systems for detecting all types of ARP spoofing attacks and introduce an algorithm which can be implemented in IDS/IPS systems to enhance it's security.

The pervasive and ubiquitous nature of the Internet coupled with growing concerns for cyber terrorism demand for immediate solutions for securing the Internet infrastructure. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself. Given the prevailing threat situation, there is a compelling need to develop architectures, algorithms, and protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. This paper attempts to fulfill this important step by providing a taxonomy of security attacks which are classified into four main categories: DNS "hacking", routing table "poisoning," packet "mistreating," and denial-of-service attacks. The paper also discusses the existing solutions for each of these categories, and also outlines a methodology for developing secure protocols.

A great variety of well-known attacks exist for the IEEE 802.11 protocol. The lack of mechanisms for management frame authentication and the complexity of the protocol itself have derived into a considerable number of denial of service and identity spoofing attacks. As most denial of service attacks are based on spoofing of MAC addresses, spoofed frame detection schemes have gained attentions. Currently the most efficient techniques to detect this kind of attacks are based on the creation of profiles for the wireless nodes and behavior based protocol anomaly detection. However, these techniques tend to generate too many of false positives. This is caused by the unstable nature of the wireless medium and also because of the difficulty to model the behaviour of the diverse implementations from different manufacturers. One way to reduce false positives is to combine different techniques to carry out the analysis. We propose a novel method that identifies the impersonation of certain management frames, which helps to reduce the number of false positives within other existing MAC spoofing detection techniques.

We describe Just Fast Keying (JFK), a new key-exchange protocol, primarily designed for use in the IP security architecture. It is simple, efficient, and secure; we sketch a proof of the latter property. JFK also has a number of novel engineering parameters that permit a variety of tradeoffs, most notably the ability to balance the need for perfect forward secrecy against susceptibility to denial-of-service attacks.

Wireless networks provide an easier way of communication to its users. Network without infrastructure are more flexible in deployment. Ad hoc networks are such networks that do not require a planned infrastructure during its establishment. Network with many advantages also have shortcomings. Ad hoc networks have resource constraints like limited bandwidth, battery power, short communication range, less computation power, open channel, short life time. These characteristics of ad hoc networks make them vulnerable for attacks. A malicious node, either from outside or from inside of network, may tries to disturb the network operations and try to consume network resources. Such attacks are called Denial of Services (DoS) attacks. These are more dangerous attacks among the others. They are not easily identifiable. A Denial of Service (DoS) attacker tries to vanish the resources of genuine users of network to make them unavailable for the network.
The focus of this paper is to outline various types of DoS attacks. It also includes the effect of attack on node and network services. Later it gives the defense mechanism suggested by researchers for DoS attack and the other security measures that can be incorporates to avoid such attacks.

Delay tolerant networks (DTNs) are characterized by delay and intermittent connectivity. Satisfactory network functioning in a DTN relies heavily on coordination among participating nodes. However, in practice, such coordination cannot be taken for granted due to possible misbehaviour by relay nodes. Routing in a DTN is, therefore, vulnerable to various attacks, which adversely affect network performance. Several strategies have been proposed in the literature to alleviate such vulnerabilitiesthey vary widely in terms of throughput, detection time, overhead etc. One key challenge is to arrive at a tradeoff between detection time and overhead. We observe that the existing table-based reactive strategies to combat Denialof-service (DoS) attacks in DTN suffer from two major drawbacks: high overhead and slow detection. In this paper, we propose three secure, lightweight and time-efficient routing algorithms for detecting DoS attacks (Blackhole and Grey-hole attacks) in the Spray & Focus routing protocol. The proposed algorithms are based on use of a small fraction of privileged (trusted) nodes. The first strategy, called TN, outperforms the existing table-based strategy with 20-30 % lesser detection time, 20-25 % higher malicious node detection and negligible overhead. The other two strategies, CTN_MI and CTN_RF explore the novel idea that trusted nodes are able to utilize each others' information/experience using their long range connectivity as and when available. Simulations performed using an enhanced ONE simulator reveals that investing in enabling connectivity among trusted nodes (as in CTN_RF) can have significant performance benefits.

In this paper, we propose a novel autonomic service delivery platform for service-oriented network environments. The platform enables a self-optimizing infrastructure that balances the goals of maximizing the business value derived from processing service requests and the optimal utilization of IT resources. We believe that our proposal is the first of its kind to integrate several well-established theoretical and practical techniques from networking, microeconomics, and service-oriented computing to form a fully-distributed service delivery platform. The principal component of the platform is a utility-based cooperative service routing protocol that disseminates congestion-based prices amongst intermediaries to enable the dynamic routing of service requests from consumers to providers. We provide the motivation for such a platform and formally present our proposed architecture. We discuss the underlying analytical framework for the service routing protocol, as well as key methodologies which together provide a robust framework for our service delivery platform that is applicable to the next-generation of middleware and telecommunications architectures.

There is a continuous struggle for control of resources at every organization that is connected to the Internet. The local organization wishes to use its resources to achieve strategic goals. Some external entities seek direct control of these resources, to use for purposes such as spamming or launching denial-of-service attacks. Other external entities seek indirect control of assets (e.g., users, finances), but provide services in exchange for them.

The cognitive radio enabled IEEE 802.22 wireless regional area network (WRAN) is designed to opportunistically utilize the unused or under-utilized TV bands. However, due to the open paradigm of cognitive radio networks and lack of proactive security protocols, the IEEE 802.22 networks are vulnerable to various denial-of-service (DoS) threats. In this paper, we study the coordinated DoS attacks on IEEE 802.22 networks from the malicious users' perspective. We formulate this problem from both a one-stage and a multi-stage scenario. In the one-stage scenario, we formulate a cooperative game among the malicious nodes and derive the optimal decision strategy for the them. In the multi-stage case, we propose a discretetime Markov chain model for the dynamic behavior of both malicious nodes and the 802.22 secondary networks. Simulation and numerical results demonstrate that in the one-stage case, the coordinated attack achieves 10-15% improvement compared to the non-cooperative attack from the perspective of malicious nodes, and, in the multi-stage case, there exists an optimal number of malicious nodes participating in the attack for the steady system to maximize the net payoff.

The Denial of Service Testing Framework (dosTF) being developed as part of the joint India-Australia research project for 'Protecting Critical Infrastructure from Denial of Service Attacks' allows for the construction, monitoring and management of emulated Distributed Denial of Service attacks using modest hardware resources. The purpose of the testbed is to study the effectiveness of different DDoS mitigation strategies and to allow for the testing of defense appliances. Experiments are saved and edited in XML as abstract descriptions of an attack/defense strategy that is only mapped to real resources at run-time. It also provides a web-application portal interface that can start, stop and monitor an attack remotely. Rather than monitoring a service under attack indirectly, by observing traffic and general system parameters, monitoring of the target application is performed directly in real time via a customised SNMP agent.

Abstract. Countermeasures for node misbehavior and selfishness are mandatory requirements in MANET. Selfishness that causes lack of node activity cannot be solved by classical security means that aim at verifying the correctness and integrity of an operation. We suggest a generic mechanism based on reputation to enforce cooperation among the nodes of a MANET to prevent selfish behavior. Each network entity keeps track of other entities' collaboration using a technique called reputation. The reputation is calculated ...

Mobile ad hoc networking offers convenient infrastructure-free communication over the shared wireless channel. However, the nature of ad hoc networks makes them vulnerable to security attacks. Examples of such attacks include passive eavesdropping over the wireless channel, denial of service attacks by malicious nodes as well as attacks from compromised nodes or stolen devices. Unlike their wired counterpart, infrastructureless ad hoc networks do not have a clear line of defense, and every node must be prepared for encounters with an adversary. Therefore, a centralized or hierarchical network security solution does not work well.

This paper describes an approach to detecting distributed denial of service (DDoS) attacks that is based on fundamentals of information theory, specifically Kolmogorov complexity. The algorithm is based on a concept of Kolmogorov complexity that states that the joint complexity measure of random strings is lower than the sum of the complexities of the individual strings if the strings exhibit some correlation. Furthermore, the joint complexity measure varies inversely with the amount of correlation. The proposed algorithm exploits this feature to correlate traffic flows in the network and detect possible denial-of-service attacks. One of the strengths of this algorithm is that it does not require special filtering rules and hence it can be used to detect any type of DDoS attack. This algorithm is shown to perform better than simple packet-counting or load-measuring approaches.

Intrusion detection has, over the last few years, assumed paramount importance within the broad realm of network security, more so in the case of wireless ad hoc networks. These are networks that do not have an underlying infrastructure; the network topology is constantly changing. The inherently vulnerable characteristics of wireless ad hoc networks make them susceptible to attacks, and it may be too late before any counter action can take effect. Second, with so much advancement in hacking, if attackers try hard enough they will eventually succeed in infiltrating the system. This makes it important to constantly (or at least periodically) monitor what is taking place on a system and look for suspicious behavior. Intrusion detection systems (IDSs) do just that: monitor audit data, look for intrusions to the system, and initiate a proper response (e.g., email the systems administrator, start an automatic retaliation). As such, there is a need to complement traditional security mechanisms with efficient intrusion detection and response. In this article we present a survey on the work that has been done in the area of intrusion detection in mobile ad hoc networks.

Broadband wireless networks are providing internet and related services to end users. The three most important broadband wireless technologies are IEEE 802.11, IEEE 802.16, and Wireless Mesh Network (WMN). Security attacks and vulnerabilities vary amongst these broadband wireless networks because of differences in topologies, network operations and physical setups. Amongst the various security risks, Denial of Service (DoS) attack is the most severe security threat, as DoS can compromise the availability and integrity of broadband wireless network. In this paper, we present DoS attack issues in broadband wireless networks, along with possible defenses and future directions.

Wireless Local Area Networks (WLAN) provide connectivity along with flexibility at low cost. Appreciating the exponential growth in this area, Institute of Electrical and Electronics Engineers (IEEE) ratified IEEE standard 802.11 in 1999 which was widely accepted as the defacto industry standard for interconnection of portable devices. Due to the scarcity of battery power in portable devices operating in WLANs, 802.11 directly addresses the issue of Power Saving (PS) and defines a whole mechanism to allow stations (STA) to go into sleep mode without losing information, as access point (AP) keeps buffering the messages directed to the sleeping STA. Growing use of 802.11 lead to the identification of flaws in security specifications of the standard known as Wired Equivalent Privacy (WEP). These flaws were addressed by the introduction of amendments/enhancements. However, IEEE's security enhancements failed to achieve the desired objectives especially availability, which is the mai...