This paper presents a simple and robust mechanism, called Change-Point Monitoring (CPM), to detect denial of service (DoS) attacks. The core of CPM is based on the inherent network protocol behaviors, and is an instance of the Sequential Change Point Detection. To make the detection mechanism insensitive to sites and traffic patterns, a non-parametric Cumulative Sum (CUSUM) method is applied, t...

High-rate flooding attacks (aka Distributed Denial of Service or DDoS attacks) continue to constitute a pernicious threat within the Internet domain. In this work we demonstrate how using packet source IP addresses coupled with a change-point analysis of the rate of arrival of new IP addresses may be sufficient to detect the onset of a high-rate flooding attack. Importantly, minimizing the numb...

A flooding attack in a wireless sensor network consumes the energy of the sensor node included in the path in the process of sending a persistent false packet to the base station. If a flooding attack is continuously generated, the sensor node with a low residual energy causes energy depletion and the life of the sensor networks is shortened when the number of sensor nodes having depleted energ...

wireless sensors having limited capabilities, because of these factors sensors possess huge attacks like sinkhole, worm hole, Sybil, flooding, etc. a lot of research work already done, but no one implemented secure routing protocol to mitigate all these attacks. Some proposals came on security of wireless sensor network which controlled only one or two attacks. We proposed Secure Routing in Clu...

The NetShield security system was developed at USC to defend against network worms and flood attacks. The system prevents malicious hackers from orchestrating DDoS flooding attacks on any IP-based public network. This article presents new packet filtering and anomaly detection techniques developed with the NetShield system. All packets from each IP source are counted and timed during their life...

Internet has been one of the most successful inventions in the last fifty years. Thanks to its fast widespread availability has become the standard way for world communications. The emerging usage models and new access methods expose some limitations of the current Internet architecture, that was conceived back in 1970-s. Content-Centric Networking (CCN) is an emerging networking paradigm being...

This session focuses on the security issues surrounding Layer 2, the data-link layer. With a significant percentage of network attacks originating inside the corporate firewall, exploring this soft underbelly of data networking is critical for any secure network design. Security issues addressed in this session include ARP spoofing, MAC flooding, VLAN hopping, DHCP attacks, and Spanning Tree Pr...

Currently employed intrusion detection sensor configurations rarely change. This represents a broad, static attack detection domain. Changes within a dynamic environment, due either to policy changes, or changes within the system’s condition, can make certain attacks more important than others. Static scopes will either result in flooding administrators with relatively less important attack rep...

Lack of accountability makes the Internet vulnerable to numerous attacks, including prefix hijacking, route forgery, source address spoofing, and DoS flooding attacks. This paper aims to bring accountability to the Internet with low-cost and deployable enhancements. We present IPA, a design that uses the readily available toplevel DNSSEC infrastructure and BGP to bootstrap accountability. We sh...

Denial-of-service attacks have become a regular occurrence on the Internet. The current architecture of the Internet, coupled with the relative ease with which software bugs can be exploited on Internet-connected hosts, provides a fruitful environment for the creation of malicious traffic attacks. This article proposes a novel DoS defence scheme based on Active Queue Management (AQM) principles...