A real time estimation of the number of zombies in DDoS attack scenario is helpful to suppress the effect of attack by choosing predicted number of most suspicious attack sources for either filtering or rate limiting. In this paper, ANN is employed to estimate number of zombies involved in a DDoS attack. The method does not depend on the frequency of attack and hence solves the problem of low d...

It is highly desired to detect the DDoS flooding attacks at an early stage in order to launch effective countermeasures timely. We have developed a distributed change-point detection scheme to detect flooding type DDoS attacks over multiple network domains. The approach is to monitor the spatiotemporal pattern of the attack traffic. We have simulated the new defense system on the DETER testbed....

In our earlier work we have proposed and developed a methodology for the early detection of Distributed Denial of Service (DDoS) attacks. In this paper, we examine the applicability of Proactive Intrusion Detection on a considerably more complex set-up, with hosts associated with three clusters, connected by routers. Background TCP, UDP and ICMP traffic following Interrupted Poisson Processes a...

Current trends in distributed denial of service (DDoS) attacks show variations in terms of attack motivation, planning, infrastructure, and scale. “DDoS-for-Hire” and “DDoS mitigation as a Service” are the two services, which are available to attackers and victims, respectively. In this work, we provide a fundamental difference between a “regular” DDoS attack and an “extreme” DDoS attack. We co...

The last few years have seen a steady rise in the occurrence and sophistication of distributed denial of service (DDoS) attacks. Volume-based attacks aggregate at a target’s access router, suggesting that (i) detection and mitigation is best done by providers in their networks; and (ii) attacks are most readily detectable at access routers, where their impact is strongest. In-network detection ...

The shrew or pulsing DDoS (Distributed Denial-of-Service) attacks, also known as RoQ (Reduction of Quality) attacks, are stealthy, periodic, and low-rate in volume. The shrew attacks could be even more detrimental to network resources than the flooding type of DDoS attacks. Shrew attacks appear periodically in low volume, thereby damaging the victim servers for a long time without being detecte...

Distributed denial-of-service (DDoS) attack is one of the major threats to the web server. The rapid increase of DDoS attacks on the Internet has clearly pointed out the limitations in current intrusion detection systems or intrusion prevention systems (IDS/IPS), mostly caused by application-layer DDoS attacks. Within this context, the objective of the paper is to detect a DDoS attack using a m...

With the growing Information Systems and Network technologies, security threats over the systems have also become common. Providing a security mechanism to detect such threats has become an inevitable part of Information Systems. Distributed Denial of Service (DDoS) attack is one of the most common attacks which are done in a co-ordinated manner. Hence, we need a Distributed Intrusion Detection...

Cloud computing (CC) is the next revolution in the Information and Communication Technology arena. CC is often provided as a service comparable to utility services such as electricity, water, and telecommunications. Cloud service providers (CSP) offers tailored CC services which are delivered as subscription-based services, in which customers pay based on the usage. Many organizations and servi...

Denial of service attacks, viruses and worms are common tools for malicious adversarial behaviour in networks. Experience shows that over the last few years several of these techniques have probably been used by governments to impair the Internet communications of various entities, and we can expect that these and other information warfare tools will be used increasingly as part of hostile beha...