Adaptive techniques based on machine learning and data mining are gaining relevance in selfmanagement and self-defense for networks and distributed systems. In this paper, we focus on early detection and stopping of distributed flooding attacks and network abuses. We extend the framework proposed by Zhang and Parashar (2006) to cooperatively detect and react to abnormal behaviors before the tar...

The Session Initiation Protocol (SIP) has been used widely for Voice over IP (VoIP) service because of its potential advantages, economical efficiency and call setup simplicity. However, SIP-based VoIP service basically has two main security issues, malformed SIP message attack and SIP flooding attack. In this paper, we propose a novel mechanism for SIP-based VoIP system utilizing rule matching...

The risks to users of wireless technology have increased as the service has become more popular. Due to the dynamically changing topology, open environment and lack of centralized security infrastructure, a mobile ad hoc network (MANET) is vulnerable to the presence of malicious nodes and to ad hoc routing attacks. There are a wide variety of routing attacks that target the weakness of MANETs. ...

Due to the high demand for network service availability and reliability, the IDS (Intrusion Detecting System) has become an essential element for IP networks. Currently, most IDSs use a pattern-matching mechanism to detect network flooding attacks. However, while running, such a mechanism needs to take into considerable the computing time/resource of an IDS or an IDS-embedded router. This can e...

With the nature of SIP with a text-based message format and its openness to the public Internet, it is exposed to a number of potential threats of Denial of Service (DoS) by flooding attacks. In this paper, we propose a whitelist-based SIP flooding attack detection schemes.

It is highly desired to detect the DDoS flooding attacks at an early stage in order to launch effective countermeasures timely. We have developed a distributed change-point detection scheme to detect flooding type DDoS attacks over multiple network domains. The approach is to monitor the spatiotemporal pattern of the attack traffic. We have simulated the new defense system on the DETER testbed....

A distributed denial of service attacks are the most serious factor among network security risks in cloud computing environment. This study proposes a method of integration between HTTP GET flooding among DDOS attacks and MapReduce processing for a fast attack detection in cloud computing environment. This method is possible to ensure the availability of the target system for accurate and relia...

A new class of target link flooding attacks (LFA) can cut off the Internet connections of a target area without being detected because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usage since they require either additional modules to enhance routers or using the software-defined ne...

We describe the design and implementation of FastPass, a next-generation network architecture that thwarts bandwidth flooding attacks by providing destinations with finegrained control over their upstream network capacity. Prior attempts to achieve network flood resilience have required destinations to successfully receive an initial unprotected packet (capability-based designs) or have relied ...