In this paper, we introduce a practical scheme to defend against Distributed Denial of Service (DDoS) attacks based on IP source address filtering. The edge router keeps a history of all the legitimate IP addresses which have previously appeared in the network. When the edge router is overloaded, this history is used to decide whether to admit an incoming IP packet. Unlike other proposals to de...

With the growing threat of DDoS attacks, new attacking mechanisms emerge every day. In order to confront the ever-evolving DDoS attacks, it is insufficient to select defending strategy merely from existing strategy set. In this paper, we propose a method that generates new defending strategies and that selects the optimal one among them, thus increasing the defending ability. The Game Model for...

Distributed Denial of Service (DDoS) attacks can be so powerful that they can easily deplete the computing resources or bandwidth of the potential targets, by flooding massive packets. Internet infrastructures and network applications, including social services and communication systems for emergency management, are under the threat of the DDoS problem. This thesis aims at providing efficient m...

In this paper, we estimate the impact of enforcing the Convention on Cybercrime (COC) on deterring distributed denial of service (DDOS) attacks. Our data set comprises a sample of real, random spoof-source DDOS attacks recorded in 106 countries in 177 days in the period 2004–2008. We find that enforcing the COC decreases DDOS attacks by at least 11.8 percent, but a similar deterrence effect doe...

A Distributed Denial of Service (DDOS) attack is a type of Internet attack that disrupts the normal function of the targeted computer network (server). This kind of attacks attempts to make target host resource unavailable to its legal users. Several efforts had made in detection and computation of the DDOS attacks over network, where IDS (Intrusion detection systems) are unable to isolate the ...

The paper considers an approach to modeling and simulation of Distributed Denial of Service (DDoS) attacks fulfilled by a group of malefactors. The approach is based on combination of “joint intentions” and “common plans” theories as well as state machines. The formal framework for modeling and simulation of DDoS) attacks is presented. The architecture and user interfaces of the Attack Simulato...

Wireless networks are increasingly overwhelmed by Distributed Denial of Service (DDoS) attacks by generating flooding packets that exhaust critical computing and communication resources of a victim’s mobile device within a very short period of time. This must be protected. Effective detection of DDoS attacks requires an adaptive learning classifier, with less computational complexity, and an ac...

In recent years, most of the organizations in the world have increasingly realized the importance of cloud platforms. The cloud computing is one of the developing segmenting of IT industry as well as a promising concept to the end users. However Cloud Computing has more applications but there are many challenges that are facing by a Cloud environment. In recent years, the major attacks in cloud...

In this paper we present and evaluate a Radial-basis-function neural network detector for Distributed-Denial-of-Service (DDoS) attacks in public networks based on statistical features estimated in short-time window analysis of the incoming data packets. A small number of statistical descriptors were used to describe the DDoS attacks behaviour, and an accurate classification is achieved using th...

The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to ...