DoS attack detection and mitigation
Başlık çevirisi mevcut değil.
- Tez No: 402185
- Danışmanlar: DR. RICHARD BROOKS
- Tez Türü: Doktora
- Konular: Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Elektrik ve Elektronik Mühendisliği, Computer Engineering and Computer Science and Control, Electrical and Electronics Engineering
- Anahtar Kelimeler: Belirtilmemiş.
- Yıl: 2015
- Dil: İngilizce
- Üniversite: Clemson University
- Enstitü: Yurtdışı Enstitü
- Ana Bilim Dalı: Belirtilmemiş.
- Bilim Dalı: Belirtilmemiş.
- Sayfa Sayısı: 98
Özet
Özet yok.
Özet (Çeviri)
As a result of growing dependence on the Internet by both the general public and service providers, the availability of Internet services has become a concern. While DoS attacks cause inconvenience for users, and revenue loss for service providers; their effects on critical infrastructures like the smart grid and public utilities could be catastrophic. For example, an attack on a smart grid system can cause cascaded power failures and lead to a major blackout. In this dissertation, we investigate the Distributed Denial of Service (DDoS) problem using operational network data. Testing and developing DoS attack detection and mitigation systems in their operating environment is crucial. However, it was previously not possible to use an operational network for DoS study. Therefore most studies have used computer simulations. We introduce an approach to experiment using operational system data and performing real attacks without disturbing the original system. Thus, we could evaluate the detection performances with real ground truth. Using our approach, we analyzed the detection performance of anomaly based DDoS detec-tion approaches using both packet count and entropy of packet header fields. These approaches are tested on low and high network utilization levels to see the effect network excess capacity has on attack detection. We compared our results with the published ones and pointed out the significant difference caused by the inappropriate assumptions about network background and attack traffic in network simulations. In addition, we proposed the detection approach: Cusum - Entropy which performs additional signal processing on the entropy of the packet header field to improve detection efficiency. Information theory-based metrics, like Shannon entropy and generalized entropy, are com-mon in recent DDoS detection publications. They are also one of the most effective features for detecting these attacks. However, intrusion detection systems (IDS) using entropy based detection approaches can be a victim of spoofing attacks. An attacker can sniff the network and calculate background traffic entropy before a (D)DoS attack starts. They can then spoof attack packets to keep the entropy value in the expected range during the attack. We explained the vulnerability of entropy based network monitoring systems. Then, we presented a proof of concept entropy spoofing attack and showed that by exploiting this vulnerability, the attacker can either avoid detection or degrade detection performance to an unacceptable level. The attack detection is a crucial step in DDoS mitigation systems. The performance of the detection approaches varies depending on the network conditions like changing utilization level. It is even possible to conceal a network anomaly in order to deceive a detection system. In addition, when a detection system moves away from the victim on the network, accurate detection requires more time; and most of the time it is too late when an attack is detected. We designed our mitigation system to increase service availability by scaling up the system resources using multiple cloud service providers when it is necessary. The system reduces the operation cost by reducing the number of caches when they are unnecessary. The experiment results showed the effectiveness of the proposed system.
Benzer Tezler
- New lightweight DoS attack mitigation techniques for RPL based IoT networks
RPL temelli IoT ağları için DoS saldırılarının etkisini azaltacak yeni teknikler
AHMET ARIŞ
Doktora
İngilizce
2019
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik ÜniversitesiBilgisayar Mühendisliği Ana Bilim Dalı
PROF. DR. SEMA FATMA OKTUĞ
- A testbed design for intrusion detection and mitigation in SDN architecture by using DPI
Yazılım tanımlı ağ mimarisinde derin paket analizi kullanarak saldırı tespiti ve önleme için deney düzeneği tasarımı
AHMED DIRIE
Yüksek Lisans
İngilizce
2017
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolSakarya ÜniversitesiBilgisayar ve Bilişim Mühendisliği Ana Bilim Dalı
PROF. DR. CELAL ÇEKEN
- Yazılım tanımlı ağlarda DoS saldırılarının tespiti ve engellenmesi
Detection and mitigation of DoS attacks in software defined networks
ONUR POLAT
Yüksek Lisans
Türkçe
2017
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolGazi ÜniversitesiBilgisayar Mühendisliği Ana Bilim Dalı
YRD. DOÇ. DR. HÜSEYİN POLAT
- Attack detection and analysis with deep learning in cloud computing
Bulut bilgisayarında derin öğrenme ile saldırı tespit ve analizi
HAYDER ABDULAMEER YOUSIF AL-IESSA
Yüksek Lisans
İngilizce
2023
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolKarabük ÜniversitesiBilgisayar Mühendisliği Ana Bilim Dalı
DR. ÖĞR. ÜYESİ ISA AVCI
- Embedding intrusion detection in distributed computing artificial intelligence-based routing in AD HOC networks
Başlık çevirisi yok
ZAINAB ALI ABBOOD ALMAMOORI
Doktora
İngilizce
2023
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolAltınbaş ÜniversitesiElektrik ve Bilgisayar Mühendisliği Ana Bilim Dalı
DOÇ. DR. DOĞU ÇAĞDAŞ ATİLLA