SYN proxy is a firewall's solution to protect against SYN flooding . It playswell under the low fate of attacks, but stumbles under heavy loads, In this paper, a novel approachbased on SYN proxy is introduced, its...SYN proxy is a firewall's solution to protect against SYN flooding . It playswell under the low fate of attacks, but stumbles under heavy loads, In this paper, a novel approachbased on SYN proxy is introduced, its design explained, and its performance evaluated . In thisapproach, the hash table is used to save half-connection states under light loads, and SYN cookieused under heavy loads. A bitmap is introduced into buckets of the hash table, which speedups of thelookup under SYN Flooding. Bucket length of the hash table is limited to a predefined value,thereby the performance degradation is prevented. A firewall implementing our proposal is tested,which shows that good performance is achieved.展开更多
Combating DDoS attacks at their sources is still in its infancy. In tttis paper, a noaparametric adaptive CUSUM (cumulative sum) method is presented, which is proven efficient in detecting SYN flooding attacks close...Combating DDoS attacks at their sources is still in its infancy. In tttis paper, a noaparametric adaptive CUSUM (cumulative sum) method is presented, which is proven efficient in detecting SYN flooding attacks close to their sources. Different from other CUSUM methods, this new method has two distinct features: (1) its detection threshold can adapt itself to various traffic conditions and (2) it can timely detect the end of an attack within a required delay. Trace-driven simulations are conducted to validate the efficacy of this method in detecting SYN flooding attacks, and the results show that the nonparametric adaptive CUSUM method excels in detecting low-rate attacks.展开更多
The success of Internet of Things(IoT)deployment has emerged important smart applications.These applications are running independently on different platforms,almost everywhere in the world.Internet of Medical Things(I...The success of Internet of Things(IoT)deployment has emerged important smart applications.These applications are running independently on different platforms,almost everywhere in the world.Internet of Medical Things(IoMT),also referred as the healthcare Internet of Things,is the most widely deployed application against COVID-19 and offering extensive healthcare services that are connected to the healthcare information technologies systems.Indeed,with the impact of the COVID-19 pandemic,a large number of interconnected devices designed to create smart networks.These networks monitor patients from remote locations as well as tracking medication orders.However,IoT may be jeopardized by attacks such as TCP SYN flooding and sinkhole attacks.In this paper,we address the issue of detecting Denial of Service attacks performed by TCP SYN flooding attacker nodes.For this purpose,we develop a new algorithm for Intrusion Detection System(IDS)to detect malicious activities in the Internet of Medical Things.The proposed scheme minimizes as possible the number of attacks to ensure data security,and preserve confidentiality of gathered data.In order to check the viability of our approach,we evaluate analytically and via simulations the performance of our proposed solution under different probability of attacks.展开更多
Microsoft server Operating Systems are considered to have in-built, host based security features that should provide some protection against Distributed Denial of Service (DDoS) attacks. In this paper, we presented re...Microsoft server Operating Systems are considered to have in-built, host based security features that should provide some protection against Distributed Denial of Service (DDoS) attacks. In this paper, we presented results of experiments that were conducted to test the security capability of the latest server Operating System from Microsoft Inc., namely Windows Server 2012 R2. Experiments were designed to evaluate its in-built security features in defending against a common Distributed Denial of Service (DDoS) attack, namely the TCP-SYN based DDoS attack. Surprisingly, it was found that the Windows Server 2012 R2 OS lacked sufficient host-based protection and was found to be unable to defend against even a medium intensity3.1 Gbps-magnitude of TCP-SYN attack traffic. The server was found to crash within minutes after displaying a Blue Screen of Death (BSoD) under such security attacks.展开更多
文摘SYN proxy is a firewall's solution to protect against SYN flooding . It playswell under the low fate of attacks, but stumbles under heavy loads, In this paper, a novel approachbased on SYN proxy is introduced, its design explained, and its performance evaluated . In thisapproach, the hash table is used to save half-connection states under light loads, and SYN cookieused under heavy loads. A bitmap is introduced into buckets of the hash table, which speedups of thelookup under SYN Flooding. Bucket length of the hash table is limited to a predefined value,thereby the performance degradation is prevented. A firewall implementing our proposal is tested,which shows that good performance is achieved.
基金Supported by the Special Fund of Central College Basic Scientific Research Bursary (DUT1ORC(3)225)Key Discipline Construction Fund of Liaoning Province
文摘Combating DDoS attacks at their sources is still in its infancy. In tttis paper, a noaparametric adaptive CUSUM (cumulative sum) method is presented, which is proven efficient in detecting SYN flooding attacks close to their sources. Different from other CUSUM methods, this new method has two distinct features: (1) its detection threshold can adapt itself to various traffic conditions and (2) it can timely detect the end of an attack within a required delay. Trace-driven simulations are conducted to validate the efficacy of this method in detecting SYN flooding attacks, and the results show that the nonparametric adaptive CUSUM method excels in detecting low-rate attacks.
基金Funding for this study was received from the Deanship of Scientific Research(DSR)at Jouf University,Sakakah,Kingdom of Saudi Arabia under the Grant No:DSR-2021-02-0103.
文摘The success of Internet of Things(IoT)deployment has emerged important smart applications.These applications are running independently on different platforms,almost everywhere in the world.Internet of Medical Things(IoMT),also referred as the healthcare Internet of Things,is the most widely deployed application against COVID-19 and offering extensive healthcare services that are connected to the healthcare information technologies systems.Indeed,with the impact of the COVID-19 pandemic,a large number of interconnected devices designed to create smart networks.These networks monitor patients from remote locations as well as tracking medication orders.However,IoT may be jeopardized by attacks such as TCP SYN flooding and sinkhole attacks.In this paper,we address the issue of detecting Denial of Service attacks performed by TCP SYN flooding attacker nodes.For this purpose,we develop a new algorithm for Intrusion Detection System(IDS)to detect malicious activities in the Internet of Medical Things.The proposed scheme minimizes as possible the number of attacks to ensure data security,and preserve confidentiality of gathered data.In order to check the viability of our approach,we evaluate analytically and via simulations the performance of our proposed solution under different probability of attacks.
文摘Microsoft server Operating Systems are considered to have in-built, host based security features that should provide some protection against Distributed Denial of Service (DDoS) attacks. In this paper, we presented results of experiments that were conducted to test the security capability of the latest server Operating System from Microsoft Inc., namely Windows Server 2012 R2. Experiments were designed to evaluate its in-built security features in defending against a common Distributed Denial of Service (DDoS) attack, namely the TCP-SYN based DDoS attack. Surprisingly, it was found that the Windows Server 2012 R2 OS lacked sufficient host-based protection and was found to be unable to defend against even a medium intensity3.1 Gbps-magnitude of TCP-SYN attack traffic. The server was found to crash within minutes after displaying a Blue Screen of Death (BSoD) under such security attacks.
