In the last several years, DDoS attack methods become more sophisticated and effective. Hence, it is more difficult to detect the DDoS attack. In order to cope with these problems, there have been many researches on DDoS detection mechanism. However, the common shortcoming of the previous detection mechanisms is that they cannot detect new attacks. In this paper, we propose a new DDoS detection...

The threat of DDoS attack are mainly directed at home and SOHO network that lacks the incentive, expertise, and financial means to defend themselves. This paper proposes an Autonomous Anti-DDoS Network Design (A2D2) that integrates and improves existing technologies. A2D2 enables SOHO networks to take control of their own defense within their own boundary. Testbed results show that A2D2 is effe...

In a Denial of Service (DoS) attack, legitimate users are prevented from access to services or network resources. Distributed DoS (DDoS) occurs if a group of attackers coordinate in DoS. When a DDoS attack occurs in a mobile ad hoc network (MANET), the attacker compromises a number of mobile nodes, which can follow different mobility patterns and have different speeds. This paper provides a sur...

In recent years, distributed denial of service (DDoS) attacks have brought increasing threats to the Internet since attack traffic caused by DDoS attacks can consume lots of bandwidth or computing resources on the Internet and the availability of DDoS attack tools has become more and more easy. However, due to the similarity between DDoS attack traffic and transient bursts of normal traffic, it...

DDoS attacks aim to exhaust the resources of victims, such as network bandwidth, computing power and operating system data structures. Early DDoS attacks emerged around the year 2000, and well-known web sites, such as CNN, Amazon and Yahoo, have been the targets of hackers since then. The purpose of early attacks was mainly for fun and curiosity about the technique. However, recently we have wi...

Resisting distributed denial of service (DDoS) attacks become more challenging with the availability of resources and techniques to attackers. The application-layer-based DDoS attacks utilize legitimate HTTP requests to overwhelm victim resources are more undetectable and are protocol compliant and non-intrusive. Focusing on the detection for application layer DDoS attacks, the existing scheme ...

The paper considers an approach to modeling and simulation of Distributed Denial of Service (DDoS) attacks fulfilled by a group of malefactors. The approach is based on combination of “joint intentions” and “common plans” theories as well as state machines. The formal framework for modeling and simulation of DDoS) attacks is presented. The architecture and user interfaces of the Attack Simulato...

Under sponsorship of the Defense Advanced Research Projects Agency’s (DARPA) Fault Tolerant Networks (FTN) program, The Johns Hopkins University Applied Physics Laboratory (JHU/APL) has been conducting the Distributed Denial of Service Defense Attack Tradeoff Analysis (DDOS-DATA). DDOS-DATA’s goal is to analyze Distributed Denial of Service (DDOS) attacks and mitigation technologies to develop ...

Distributed denial of service (DDoS) attacks are widely regarded as a major threat to the Internet. A flooding-based DDoS attack is a very common way to attack a victim machine by sending a large amount of malicious traffic. Existing networklevel congestion control mechanisms are inadequate in preventing service quality from deteriorating because of these attacks. Although a number of technique...