Member Login

E-mail:    Password:  




 TitleDate AddedCompany
whitepaper DDoS: Survey of Traceback Methods2009-05-01 Academy Publisher
  The problem of identifying Distributed Denial of Service (DDoS) is one of the hardest threats in the internet security. It is important to protect the resource and trace from the Denial of Service (DoS) attack, but it is difficult to distinguish normal traffic and DoS attack traffic because the DoS generally hide their identities/origins. Especially the attackers often use incorrect or spoofed source IP address, so tracing the source of the denial of service is hardest in internet. Lot of techniques and methodologies are used to trace the DDoS attacks. This paper presents some of the mostly used predicting traceback techniques to solve the problem. The main goal of this paper is appraise the different traceback techniques of the DDoS.

Tags: Security Administration, Intrusion - Tampering		   
whitepaper Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities2009-04-24 University of Texas
  As networked systems grow in complexity, they are increasingly vulnerable to Denial-of-Service (DoS) attacks involving resource exhaustion. A single malicious input of coma can trigger high-complexity behavior such as deep recursion in a carelessly implemented server, exhausting CPU time or stack space and making the server unavailable to legitimate clients. These DoS attacks exploit the semantics of the target application, are rarely associated with network traffic anomalies, and are thus extremely difficult to detect using conventional methods.   
whitepaper Denial of Service Attacks in Networks With Tiny Buffers2009-04-08 University of Toronto
  Recently, several papers have studied the possibility of shrinking buffer sizes in Internet core routers to just a few dozen packets under certain constraints. If proven right, these results can open doors to building all-optical routers, since a major bottleneck in building such routers is the lack of large optical memories. However, reducing buffer sizes might pose new security risks: it is much easier to fill up tiny buffers, and thus organizing Denial of Service (DoS) attacks seems easier in a network with tiny buffers. To the best of the knowledge, such risks have not been studied before; all the focus has been on performance issues such as throughput, drop rate, and flow completion times.   
whitepaper Dynamic and Auto Responsive Solution for Distributed Denial-of-Service Attacks Detection in ISP Network2009-04-01
  Denial of Service (DoS) attacks and more particularly the distributed ones (DDoS) are one of the latest threat and pose a grave danger to users, organizations and infrastructures of the Internet. Several schemes have been proposed on how to detect some of these attacks, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. This paper reports the design principles and evaluation results of proposed framework that autonomously detects and accurately characterizes a wide range of flooding DDoS attacks in ISP network. Attacks are detected by the constant monitoring of propagation of abrupt traffic changes inside ISP network.

Tags: Intrusion - Tampering		   
whitepaper A Link Signature Based DDoS Attacker Tracing Algorithm Under IPv62009-04-01 Ningbo Dahongying University
  The ipv6 security architecture, IPSec, plays a positive role in the protection of IPv6 networks. To some special attacks, especially DDoS attacks, IPSec appears relatively weak, because IPSec can only defend against DDoS attacks that spoof their source addresses. In cases where attackers launch DDoS attacks with their real identity, IPSec is helpless. This paper proposes a link signature based DDoS attacker tracing algorithm. It can immediately reconstruct the entire attack path after suffering a DDoS attack whether or not the source addresses are spoofed. To verify the validity of their algorithm, they implemented it under a simulated IPv6 environment with the OMNeT++ IPv6Suite.

Tags: Software Development Tools, Intrusion - Tampering		   
whitepaper Intelligent Layer 7 DoS and Brute Force Protection for Web Applications2009-04-01 F5 Networks
  Both Denial of Service (DoS) and Brute Force Attacks have existed for many years, and many network devices tout the ability to withstand them. However, most of today's DoS attacks target layer 7 (L7) by overwhelming applications with seemingly valid requests and Brute Force programs can send more than one million attempts per second. This paper will discuss how to intelligently mitigate these types of attacks.

Tags: Security Administration, Intrusion - Tampering		   
whitepaper Measuring Global Denial of Service Attacks2009-03-31 CCD COE
  Cyberattacks as a tool for information warfare are not new and have been popular for well over a decade. Their growing prevalence, however, is a disturbing trend that requires study. Distributed Denial of Service (DDoS) attacks are one of the most widely crippling elements of many cyberwarfare campaigns. Designed to overwhelm a victim's infrastructure with junk traffic, their impact has been a significant element in some cyber warfare campaigns. As seen in Georgia, Estonia, and against dissident groups, these attacks can affect much more than just the specific targets. Furthermore, with the growing sophistication of attackers, people see that they can strike key infrastructure elements.

Tags: Homeland Security		   
whitepaper Cisco Security Troubleshooting: Part I - Connectivity Through ASA or PIX Firewalls2009-02-17 Global Knowledge
  This is the first in a three-part series that examines the challenge of implementing network security on equipment from Cisco Systems® while maintaining the connectivity requirements of the business or enterprise. The focus here is primarily on the most effective use of both GUI-based and CLI-based troubleshooting tools. A key concept is to "target" the troubleshooting as much as possible to minimize the extraneous output. An added bonus is minimizing the impact on the CPU of the appliance that would be understandably burdened by a more generalized "debug any" approach and could negatively impact throughput.

Tags: LAN - WAN, Intrusion - Tampering, Security Administration, LAN - WAN		   
whitepaper Robust Control Tools for Traffic Monitoring in TCP/AQM Networks2009-02-02 University of Toulouse-Le Mirail
  Several studies have considered control theory tools for traffic control in communication networks, as for example the congestion control issue in IP (Internet Protocol) routers. This paper proposes to design a linear observer for time-delay systems to address the traffic monitoring issue in TCP/AQM (Transmission Control Protocol/Active Queue Management) networks. Due to several propagation delays and the queueing delay, the set TCP/AQM is modeled as a multiple delayed system of a particular form. Hence, appropriate robust control tools as quadratic separation are adopted to construct a delay dependent observer for TCP flows estimation.

Tags: Network Technologies, Intrusion - Tampering		   
whitepaper Detecting a Denial of Service Using Artificial Intelligent Tools, Genetic Algorithm2009-02-01 Baghdad University
  This paper describes novel work in using Genetic Algorithm for detecting misuse of programs. A brief overview of Intrusion Detection System, genetic algorithm and related detection techniques is presented. Developing rules manually through incorporation of attack signatures results is meaningful but weak as it is difficult to define thresholds. In this paper the proposition of learning the Intrusion Detection, rules based on genetic algorithms is presented. The experimental results are demonstrated on the KDD cup 99 and UoP intrusion detection data set (in the DARPA evaluations) in the experiments the characters of an attack such as Smurf and Apache2 (Denial of Service Attacks) are summarized through the KDD 99 data set and the effectiveness and robustness of the approach are discussed.

Tags: Intrusion - Tampering, Intrusion - Tampering