ZDNet / IT Library / Security / Intrusion - Tampering / Denial of Service /
Denial of Service
Latest whitepapers Sort by Popularity
Empirical Study of Tolerating Denial-of-Service Attacks With the Fosel Architecture
Filtering techniques are one of the main approaches to protect applications from Denial of Service Attacks (DoS). However filtering techniques suffer from two main challenges: the accuracy detection of DoS traffic and processing time. Fosel (Filtering with the help of an Overlay Security Layer) has been proposed to protect application sites from Denial-of-Service attacks. The Fosel architecture addresses how an efficient and well-suited filter can be designed to improve the filtering challenges. This paper explores the effectiveness of the Fosel architecture by implementing an experimental testbed. Experimental study shows that by employing the Fosel architecture, DoS attacks have a negligible chance to saturate the target by malicious packets.
249 days ago by Institute of Electrical and Electronics EngineersQ1 2009 Distributed Denial of Service (DDoS) Report
Contained within the Distributed Denial of Service (DDoS) report for the first Quarter (Q1) of 2009 are news items regarding noteworthy cyber attacks and botnets, the individuals or organizations responsible for their perpetration, arrests and legal developments stemming from these particular incidents, vulnerabilities and exploits that may enable future Denial of Service (DoS) and DDoS activity to occur, and intelligence that such attacks are becoming increasingly more sophisticated.
312 days ago by VerisignInputs of Coma: Static Detection of Denial-of-Service Vulnerabilities
As networked systems grow in complexity, they are increasingly vulnerable to Denial-of-Service (DoS) attacks involving resource exhaustion. A single malicious input of coma can trigger high-complexity behavior such as deep recursion in a carelessly implemented server, exhausting CPU time or stack space and making the server unavailable to legitimate clients. These DoS attacks exploit the semantics of the target application, are rarely associated with network traffic anomalies, and are thus extremely difficult to detect using conventional methods.
330 days ago by University of TexasDenial of Service Attacks in Networks With Tiny Buffers
Recently, several papers have studied the possibility of shrinking buffer sizes in Internet core routers to just a few dozen packets under certain constraints. If proven right, these results can open doors to building all-optical routers, since a major bottleneck in building such routers is the lack of large optical memories. However, reducing buffer sizes might pose new security risks: it is much easier to fill up tiny buffers, and thus organizing Denial of Service (DoS) attacks seems easier in a network with tiny buffers. To the best of the knowledge, such risks have not been studied before; all the focus has been on performance issues such as throughput, drop rate, and flow completion times.
346 days ago by University of TorontoMeasuring Global Denial of Service Attacks
Cyberattacks as a tool for information warfare are not new and have been popular for well over a decade. Their growing prevalence, however, is a disturbing trend that requires study. Distributed Denial of Service (DDoS) attacks are one of the most widely crippling elements of many cyberwarfare campaigns. Designed to overwhelm a victim's infrastructure with junk traffic, their impact has been a significant element in some cyber warfare campaigns. As seen in Georgia, Estonia, and against dissident groups, these attacks can affect much more than just the specific targets. Furthermore, with the growing sophistication of attackers, people see that they can strike key infrastructure elements.
354 days ago by CCD COEA Case Study: Using Architectural Features to Improve Sophisticated Denial-of-Service Attack Detections
Application features such as port numbers are used by Network-based Intrusion Detection Systems (NIDSs) to detect attacks coming from networks. System calls and the operating system related information are used by Host-based Intrusion Detection Systems (HIDSs) to detect intrusions towards a host. However, the relationship between hardware architecture events and Denial-of-Service (DoS) attacks has not been well revealed. When increasingly sophisticated intrusions emerge, some attacks are able to bypass both the application and the operating system level feature monitors.
435 days ago by Louisiana State UniversityDDoS Protection Service: Distributed Denial of Service (DDoS)
Since the early days of the Internet, "Denial-of-service" (DoS) attacks have been a fact of life. The goal of these attacks is to restrict on a grand scale the availability of certain online systems and/or services or to deny service completely. Usually, in this type of attack, an attempt is made to cause the attacked systems to crash by exploiting vulnerabilities in operating systems, programs and services or basic design flaws in the network protocols in use via the Internet. The online systems can also be overloaded to the extent that they no longer function properly.
508 days ago by SwisscomAn Experimental Evaluation of DoS Attack and Its Impact on Throughput of IEEE 802.11 Wireless Networks
Off late, Wireless LAN (WLAN) has gained popularity in a variety of locations. This has lead to development of high level security protocols for WLAN. The newest protocol IEEE 802.11i ratified to provide strong data encryption but it cannot prevent Denial of Service (DoS) attacks on WLAN. This paper in a testbed, conducts an experimental framework to implement and quantify common types of DoS attacks against WLAN throughput. The results of implementation of the experiments shows that how easily DoS attacks can be performed on WLAN which causes to reduce throughput of communication considerably to make inaccessible wireless connection for its authorized members.
596 days ago by Universiti Putra MalaysiaMitigating Distributed Denial of Service Attacks in Multiparty Applications in the Presence of Clock Drifts
A weak point in network-based applications is that they commonly open some known communication port(s), making themselves targets for Denial of Service (DoS) attacks. Considering adversaries that can eavesdrop and launch directed DoS attacks to the applications' open ports, solutions based on pseudo-random port-hopping have been suggested. As port-hopping needs that the communicating parties hop in a synchronized manner, these solutions suggest acknowledgment-based protocols between a client-server pair or assume the presence of synchronized clocks. Acknowledgments, if lost, can cause a port to be open for a longer time and thus be vulnerable to DoS attacks; Time servers for synchronizing clocks can become targets to DoS attack themselves. Here one studies the case where the communicating parties have clocks with rate drift, which is common in networking.
603 days ago by Chalmers University of TechnologyA Principle of a Data Synthesizer for Performance Test of Anti-DDOS Flood Attacks
Distributed Denial-Of-Service (DDOS) flood attacks remain a big issue in network security. Real events of DDOS flood attacks show that an attacked site (e.g., server) usually may not be overwhelmed immediately at the moment attack packets arrive at that site but sometime late. Therefore, a site has a performance to resist DDOS flood attacks. To test such a performance, data synthesizer is desired. This paper introduces a principle to synthesize packet series according to a given value of the Hurst parameter for performance test of anti-DDOS flood attacks.
733 days ago by Rensselaer Polytechnic Institute
