期刊文献+
共找到7篇文章
< 1 >
每页显示 20 50 100
Mitigating while Accessing:A Lightweight Defense Framework Against Link Flooding Attacks in SDN
1
作者 Sun Hancun Chen Xu +1 位作者 Luo Yantian Ge Ning 《China Communications》 SCIE CSCD 2024年第11期15-27,共13页
Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,t... Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,the proliferation of Internet of Things(IoT)has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs.In LFAs,attackers typically utilize low-speed flows that do not reach the victims,making the attack difficult to detect.Traditional LFA defense methods mainly reroute the attack traffic around the congested link,which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic.To address these challenges,we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale.This framework is lightweight and can be deployed at border switches of the network in a distributed manner,which ensures the scalability of our defense system.The performance of our framework is assessed in an experimental environment.The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity. 展开更多
关键词 attack mitigation distributed denial of service(DDoS) link flooding attack(LFA) software defined networking(SDN)
下载PDF
Flooding attack and defence in Ad hoc networks 被引量:5
2
作者 Yi Ping Hou Yafei +2 位作者 Zhong Yiping Zhang Shiyong Dai Zhoulin 《Journal of Systems Engineering and Electronics》 SCIE EI CSCD 2006年第2期410-416,共7页
Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. T... Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called AA hoc Flooding Attack(AHFA), is that intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed AM hoc Flooding Attack, we develop Flooding Attack Prevention (FAP), a genetic defense against the AM hoc Flooding Attack. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation show FAP can prevent the AM hoe Flooding attack efficiently. 展开更多
关键词 computer networks SECURITY mobile Ad hoe networks routing protocol denial of service Ad hoc flooding attack.
下载PDF
ReLFA:Resist Link Flooding Attacks via Renyi Entropy and Deep Reinforcement Learning in SDN-IoT 被引量:3
3
作者 Jiushuang Wang Ying Liu +3 位作者 Weiting Zhang Xincheng Yan Na Zhou Zhihong Jiang 《China Communications》 SCIE CSCD 2022年第7期157-171,共15页
Link flooding attack(LFA)is a fresh distributed denial of service attack(DDoS).Attackers can cut off the critical links,making the services in the target area unavailable.LFA manipulates legal lowspeed flow to flood c... Link flooding attack(LFA)is a fresh distributed denial of service attack(DDoS).Attackers can cut off the critical links,making the services in the target area unavailable.LFA manipulates legal lowspeed flow to flood critical links,so traditional technologies are difficult to resist such attack.Meanwhile,LFA is also one of the most important threats to Internet of things(IoT)devices.The introduction of software defined network(SDN)effectively solves the security problem of the IoT.Aiming at the LFA in the software defined Internet of things(SDN-IoT),this paper proposes a new LFA mitigation scheme ReLFA.Renyi entropy is to locate the congested link in the data plane in our scheme,and determines the target links according to the alarm threshold.When LFA is detected on the target links,the control plane uses the method based on deep reinforcement learning(DRL)to carry out traffic engineering.Simulation results show that ReLFA can effectively alleviate the impact of LFA in SDN IoT.In addition,the rerouting time of ReLFA is superior to other latest schemes. 展开更多
关键词 link flooding attacks renyi entropy deep reinforcement learning
下载PDF
Performance analysis of mobile ad hoc networks under flooding attacks 被引量:1
4
作者 Ping Yi Futai Zou +1 位作者 Yan Zou Zhiyang Wang 《Journal of Systems Engineering and Electronics》 SCIE EI CSCD 2011年第2期334-339,共6页
Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service (DoS) attacks launched by intruders. The effects o... Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service (DoS) attacks launched by intruders. The effects of flooding attacks in network simulation 2 (NS2) and measured performance parameters are investigated, including packet loss ratio, average delay, throughput and average number of hops under different numbers of attack nodes, flooding frequency, network bandwidth and network size. Simulation results show that with the increase of the flooding frequency and the number of attack nodes, network performance sharply drops. But when the frequency of flooding attacks or the number of attack nodes is greater than a certain value, performance degradation tends to a stable value. 展开更多
关键词 mobile ad hoc network SECURITY flooding attack.
下载PDF
Research on Detection Method of Interest Flooding Attack on Content Centric Network
5
作者 Yabin Xu Ting Xu Xiaowei Xu 《Computers, Materials & Continua》 SCIE EI 2020年第8期1075-1089,共15页
To improve the attack detection capability of content centric network(CCN),we propose a detection method of interest flooding attack(IFA)making use of the feature of self-similarity of traffic and the information entr... To improve the attack detection capability of content centric network(CCN),we propose a detection method of interest flooding attack(IFA)making use of the feature of self-similarity of traffic and the information entropy of content name of interest packet.On the one hand,taking advantage of the characteristics of self-similarity is very sensitive to traffic changes,calculating the Hurst index of the traffic,to identify initial IFA attacks.On the other hand,according to the randomness of user requests,calculating the information entropy of content name of the interest packets,to detect the severity of the IFA attack,is.Finally,based on the above two aspects,we use the bilateral detection method based on non-parametric CUSUM algorithm to judge the possible attack behavior in CCN.The experimental results show that flooding attack detection method proposed for CCN can not only detect the attack behavior at the early stage of attack in CCN,but also is more accurate and effective than other methods. 展开更多
关键词 CCN interest flooding attack self-similar feature information entropy bilateral detection method
下载PDF
Security Attacks in Named Data Networking: A Review and Research Directions 被引量:1
6
作者 Naveen Kumar Ashutosh Kumar Singh +1 位作者 Abdul Aleem Shashank Srivastava 《Journal of Computer Science & Technology》 SCIE EI CSCD 2019年第6期1319-1350,共32页
Contents such as audios,videos,and images,contribute most of the Internet traffic in the current paradigm.Secure content sharing is a tedious issue.The existing security solutions do not secure data but secure the com... Contents such as audios,videos,and images,contribute most of the Internet traffic in the current paradigm.Secure content sharing is a tedious issue.The existing security solutions do not secure data but secure the communicating endpoints.Named data networking(NDN)secures the data by enforcing the data publisher to sign the data.Any user can verify the data by using the public key of the publisher.NDN is resilient to most of the probable security attacks in the TCP/IP model due to its new architecture.However,new types of attacks are possible in NDN.This article surveys the most significant security attacks in NDN such as interest flooding attacks,cache privacy attacks,cache pollution attacks,and content poisoning attacks.Each attack is classified according to their behavior and discussed for their detection techniques,countermeasures,and the affected parameters.The article is an attempt to help new researchers in this area to gather the domain knowledge of NDN.The article also provides open research issues that could be addressed by researchers. 展开更多
关键词 named data networking(NDN) interest flooding attack cache privacy attack cache pollution attack content poisoning attack
原文传递
Enhanced DDoS Detection Using Advanced Machine Learning and Ensemble Techniques in Software Defined Networking
7
作者 Hira Akhtar Butt Khoula Said Al Harthy +3 位作者 Mumtaz Ali Shah Mudassar Hussain Rashid Amin Mujeeb Ur Rehman 《Computers, Materials & Continua》 SCIE EI 2024年第11期3003-3031,共29页
Detecting sophisticated cyberattacks,mainly Distributed Denial of Service(DDoS)attacks,with unexpected patterns remains challenging in modern networks.Traditional detection systems often struggle to mitigate such atta... Detecting sophisticated cyberattacks,mainly Distributed Denial of Service(DDoS)attacks,with unexpected patterns remains challenging in modern networks.Traditional detection systems often struggle to mitigate such attacks in conventional and software-defined networking(SDN)environments.While Machine Learning(ML)models can distinguish between benign and malicious traffic,their limited feature scope hinders the detection of new zero-day or low-rate DDoS attacks requiring frequent retraining.In this paper,we propose a novel DDoS detection framework that combines Machine Learning(ML)and Ensemble Learning(EL)techniques to improve DDoS attack detection and mitigation in SDN environments.Our model leverages the“DDoS SDN”dataset for training and evaluation and employs a dynamic feature selection mechanism that enhances detection accuracy by focusing on the most relevant features.This adaptive approach addresses the limitations of conventional ML models and provides more accurate detection of various DDoS attack scenarios.Our proposed ensemble model introduces an additional layer of detection,increasing reliability through the innovative application of ensemble techniques.The proposed solution significantly enhances the model’s ability to identify and respond to dynamic threats in SDNs.It provides a strong foundation for proactive DDoS detection and mitigation,enhancing network defenses against evolving threats.Our comprehensive runtime analysis of Simultaneous Multi-Threading(SMT)on identical configurations shows superior accuracy and efficiency,with significantly reduced computational time,making it ideal for real-time DDoS detection in dynamic,rapidly changing SDNs.Experimental results demonstrate that our model achieves outstanding performance,outperforming traditional algorithms with 99%accuracy using Random Forest(RF)and K-Nearest Neighbors(KNN)and 98%accuracy using XGBoost. 展开更多
关键词 Table 1(continued)OSI layer Possible DDoS attack Data link MAC Address flooding Physical Cable disconnection JaMMING physical impersonation
下载PDF
上一页 1 下一页 到第
使用帮助 返回顶部