Evading DDoS detection with mimicry attacks
نویسنده
چکیده
Distributed Denial of Service (DDoS) attacks are security attacks that prevent normal use of communication facilities. More and more DDoS attacks are occurring each day. Conventional DDoS attacks are typically based on flooding the server. Currently, other types of DDoS attacks have been observed, such as the mimicry DDoS attack. The mimicry attack is characterized by (1) gradual increase in the number of connections, (2) mimicking a real usersession. This paper implements and evaluates two existing DDoS detection methods against both flooding attacks and mimicry attacks; Source IP address monitoring and Time-series decomposition. The experiments lead to the conclusion that Source IP monitoring is unable to detect the mimicry attack. We were unable to replicate the original results of the experiments with the Time-series decomposition algorithm, therefore no conclusions can be made whether the algorithm would fail to detect the mimicry attack.
منابع مشابه
F-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملHF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملDetecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average
Distributed Denial of Service (DDoS) attacks have become significant threats on Internet according to the development of network infrastructure and recent communication technology. There are various types of DDoS attacks with different characteristics. These differences have made very difficult to detect such attacks. Furthermore, the sophisticated the evolution of DDoS attacks techniques and t...
متن کاملReview on Ddos Attacks and Various Detection Mechanisms
DDoS attack is a coordinated attack on massive scale and it is a major threat in current computer networks. It is not easy to detect the attack , The seriousness of the DDoS problem and the increased frequency of DDoS attacks have led to the advent of numerous DDoS defense mechanisms. Detection mechanism is the first step to avoid the DDoS attack. Some of these mechanisms address a specific kin...
متن کامل