A Comprehensive Taxonomy of DDoS Attacks and Defense Mechanism Applying in a Smart Classification
نویسنده
چکیده
-A Distributed denial of service (DDoS) attack uses multiple machines operating in concern to attack a network or site. It is the most important security problem for IT managers. These attacks are very simple organized for intruders and hence so disruptive. The detection and defense of this attack has specific importance among network specialists. In this paper a new and smart taxonomy of DDoS attack and defense mechanism will be introduced. The attacks taxonomy is introduced using both known and potential attack mechanisms. It comprises all types of attacks and provides a comprehensive point of view for DDoS attacks. We introduce a useful tool that can be employed to a sophisticated selection defense method for DDoS attacks. Furthermore a smart taxonomy method of DDOS attacks will be proposed to help selection an appropriate defense mechanism. This method uses some features of DDOS attacks and classifies it to several clusters by Kmean algorithm and labels each cluster with a defense mechanism. If an IDS detects a DDOS attack, proposed system extract attack features and classify it by KNN (K-Nearest-Neighbor) to determine the cluster in which it belongs to. The defense mechanisms taxonomy is using the currently known approaches. Also the comprehensive defense classification will help to find the appropriate strategy to overcome the DDoS attack. Key-Words: DDoS attack, Defense mechanism, Taxonomy, Detection, Smart Classification
منابع مشابه
Review on Ddos Attacks and Various Detection Mechanisms
DDoS attack is a coordinated attack on massive scale and it is a major threat in current computer networks. It is not easy to detect the attack , The seriousness of the DDoS problem and the increased frequency of DDoS attacks have led to the advent of numerous DDoS defense mechanisms. Detection mechanism is the first step to avoid the DDoS attack. Some of these mechanisms address a specific kin...
متن کاملA Taxonomy of DDoS Attacks and DDoS Defense Mechanisms
This paper proposes a taxonomy of distributed denial-ofservice attacks and a taxonomy of the defense mechanisms that strive to counter these attacks. The attack taxonomy is illustrated using both known and potential attack mechanisms. Along with this classification we discuss important features of each attack category that in turn define the challenges involved in combating these threats. The d...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملSimulation of Internet DDoS Attacks and Defense
The paper considers the software simulation tool DDoSSim which has been developed for comprehensive investigation of Internet DDoS attacks and defense mechanisms. This tool can be characterized by three main peculiarities: agent-oriented approach to simulation, packet-based imitation of network security processes, and open library of different DDoS attacks and defense mechanisms. DDoSSim allows...
متن کامل