In this paper, we propose a simple but robust scheme to detect denial of service attacks (including distributed denial of service attacks) by monitoring the increase of new IP addresses. Unlike previous proposals for bandwidth attack detection schemes which are based on monitoring the traffic volume, our scheme is very effective for highly distributed denial of service attacks. Our scheme explo...

Recently many prominent web sites face a new type of denial of service attack known as Distributed Denial of Service attack (DDoS). Organizations deploying security measures such as firewalls, and intrusion detection systems could face the traditional DoS attack. Yet there is no complete solution neither for protection from DDoS attack, nor for preserving network hosts from participating in suc...

In this paper, we propose a simple but robust scheme to detect denial of service attacks (including distributed denial of service attacks) by monitoring the increase of new IP addresses. Unlike previous proposals for bandwidth attack detection schemes which are based on monitoring the traffic volume, our scheme is very effective for highly distributed denial of service attacks. Our scheme explo...

DDoS (Distributed Denial of Service) attack is being the most extensive danger and difficulty to defense. A new kind of DDoS attack named DRDoS (Distributed Reflector Denial of Service) appears in recent years, which is more dangerous than DDoS attack because it is in stronger disguise. In this paper, the principle of DRDoS attack is studied and the network traffic is analyzed by fuzzy associat...

Cloud computing (CC) is the next revolution in the Information and Communication Technology arena. CC is often provided as a service comparable to utility services such as electricity, water, and telecommunications. Cloud service providers (CSP) offers tailored CC services which are delivered as subscription-based services, in which customers pay based on the usage. Many organizations and servi...

DoS(Denial of Service) / DDoS(Distributed Denial of Service) attacks threaten Internet security nowadays. However, the current Internet protocol and backbone network do not support traceback to know attacker’s real location. Many methods to defend DoS/DDoS attack have been proposed. However these kinds of methods cause network overhead because they use many packets to reconstruct an attack path...

Distributed Denial of Service (DDoS) attacks are one the most challenging security threats, since a single victim is attacked by several compromised malicious nodes. As consequence, legitimate end users can be prevented to access network resources. This letter proposes noise-robust multilayer perceptron (MLP) architecture for DDoS attack detection trained with corrupted data. In proposed approa...

Software defined networking (SDN) is a new network architecture that allows for centralized control. The separation of the data plane from control plane, which establishes programmable environment, key breakthrough underpinning SDN. controller facilitates deployment services specify policies and delivers these rules to using common protocol such as OpenFlow at plane. Despite many advantages thi...

Denial-of-service (DoS) attacks pose an increasing threat to today’s Internet. One major difficulty to defend against Distributed Denial-of-service attack is that attackers often use fake, or spoofed IP addresses as the IP source address. Probabilistic packet marking algorithm (PPM), allows the victim to trace back the appropriate origin of spoofed IP source address to disguise the true origin....