The wireless adhoc networks are highly vulnerable to distributed denial of service (DDoS) attacks because of its unique characteristics such as open network architecture and shared wireless medium. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its legitimate users. The denial of service (DOS...

We propose a new Distributed Denial of Service (DDoS) defense mechanism that protects http web servers from application-level DDoS attacks based on the two methodologies: whitelist-based admission control and busy period-based attack flow detection. The attack flow detection mechanism detects attach flows based on the symptom or stress at the server, since it is getting more difficult to identi...

Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-ofService (DDoS). DDoS attacks usually involve early stage actions such as multi-step exploitation, low frequency vulner...

The information technology has revolutionized almost every facet of our lives. Government, commercial, and educational organizations depend on computers and Internet to such an extent that day-to-day operations are significantly hindered when the networks are “down” (Gordon, Loeb, Lucyshyn & Richardson, 2005). The prosperity of the Internet also attracted abusers and attackers motivated for per...

Recently, as the serious damage caused by DDoS attacks increases, the rapid detection and the proper response mechanisms are urgent. However, existing security mechanisms do not provide effective defense against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. It is necessary to analyze the fundamental features of DDoS attacks because these a...

The shrew or RoS attacks are low-rate DDoS attacks that degrade the QoS to end systems slowly but not to deny the services completely. These attacks are more difficult to detect than the flooding type of DDoS attacks. In this paper, we explore the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present some form of periodicity because of TCP protocol...

An insider-robust approach to file integrity verification is developed using interacting strata of mobile agents. Previous approaches relied upon monolithic architectures, or more recently, agent frameworks using a centralized control mechanism or common reporting repository. However, any such distinct tampering-point introduces vulnerabilities, especially from knowledgeable insiders capable of...

This paper addresses a specific approach to resolving the problem of intrusion detection against distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANET). The main function of an intrusion detection system (IDS) is to inspect the network for malicious activities, policy violations and security loopholes integrity, and to generate the appropriate reports. Network forensics ...

Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. Recently, there are an increasing number of DDoS attacks against online services and Web applications. These attacks are targeting the application level. Detecting application layer DDOS attack is not an easy task. A more sophisticated mechanism is required to distinguish the malicious flow from the legitimate o...

Grid is an emerging technology that aims at utilizing resources efficiently and effectively. A three-tier architecture consisting of Service Providers, Brokers and Regional Resource Administrators is proposed. Consumers submit service requests and policy constraints to the RRA. Each entity has a trust value associated with them which is computed based on their behavior. The three-tier architect...