Chen Lei,Ye Dejian

DOI: https://doi.org/10.1109/isise.2008.225

2008-01-01

Abstract:Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks make great impacts on various applications of the Internet. It disrupts the service provided by the target through consuming the target's CPU, memory or network bandwidth. In this paper, we give a brief summary on traditional DoS, DDoS attacks and defense schemes first. Then, we point out the possibility of DoS, DDoS attacks on streaming media application by analyzing the characteristics of streaming media application and RTSP protocol, show the evidences about DoS, DDoS attacks on streaming media application and analyze all the reasons by simulating attack scenarios, finally point out these serious security issues for streaming media application.

Dejian Ye

2009-01-01

Journal of Communications

Abstract:A defense scheme was designed and implemented against the loopholes of streaming media protocol RTSP.This defense scheme employed a group of distributed streaming media proxies in order to hide the server, which can improve the defense-ability against attacks;it could filter the malicious connections by analyzing the RTSP requests;and it also provided a trust-level manage mechanism to insure the priority of trusted user.Through the simulation of DoS, DDoS attacks for the loopholes of RTSP, it is proved that the defense scheme is effective.It also can be the reference for future research on streaming media service security.

魏蔚,董亚波,鲁东明

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.02.010

2010-01-01

Abstract:Distributed denial of service(DDoS)attack was defended by distributed filtering.Distributed defense was restricted inside autonomous system(AS),which was a suitable bound for defense.Both bandwidth and processing capability of victim were considered.The filtering threshold was dynamically adjusted in AS edge according to the throughput of victim in support vector machine(SVM)-based multi-resource max-min fairness(SMMF)algorithm.Then SMMF achieved multi-resource max-min fairness and was much effective.Simulation results demonstrate that attacking traffic can be depressed in a common scenario and the legitimate throughput can be kept in a normal level when current methods fail.A realiza-tion of filters on PC-based router indicates that only a very small amount of memory is needed and the packet throughput is still normal when thousands of filters are installed.

WEI Wei,DONG Ya-bo,LU Dong-ming,JIN Guang

DOI: https://doi.org/10.3785/j.issn.1008-973x.2008.05.007

2008-01-01

Abstract:Low rate TCP-targeted denial of service(DoS) attack makes use of time-out and retransmission mechanism in transmission control protocol(TCP) and could severely decrease the throughput of legitimate TCP traffic.With its attacking traffic pattern,obvious difference was found between the power spectrum density(PSD) of legitimate and attack traffic samples.The statistical characteristic of this difference in history data was analyzed,and a detection method using the summation of low frequency was proposed.Meanwhile,based on the methods of leak bucket and the increasing of routing buffer,a response method was provided,which uses leak bucket periodically for smoothing the flow and uses buffer for holding extra traffic to send in next period,and its reasonable resource requirement was proved.Simulations show that for more general attack scenarios than the existing methods,the detection method has very low positive and negative false ratio,and the response method can depress attack flows more effectively than the previous methods and maintain the legitimate throughput in a normal level while the previous methods failed.

尹浩,林闯,文浩,陈治佳,吴大鹏

DOI: https://doi.org/10.3321/j.issn:0254-4164.2008.05.005

2008-01-01

Chinese Journal of Computers

Abstract:Large-scale online streaming video application has gradually become the most important and potential technology of multimedia applications.Since Internet is heterogeneous and there is no Quality of Service(QoS)and security guarantee,large scale online streaming video application over the Internet faces many challenges.This paper,following the development of video sourcing coding and network transmission technology,comprehensively and deeply presents the scalable encoding and error-resilient encoding,and the development of multicast and P2P technology.Specially a new streaming architecture is proposed to satisfy the requirement of QoS,heterogeneity,and security guarantee in practical application.Some detailed analysis and comparisons are conducted in this paper.At last,future research direction is proposed.

濮青

DOI: https://doi.org/10.3969/j.issn.1001-3695.2003.03.023

2003-01-01

Abstract:Denial of Sevice (DoS) attack on the Internet now has become a ordinary network attack method.DoS attack is a malicious action that exhausts victim hosts resources and prevents them from serving any other legal users by exploiting software bugs or system leaks.In this paper,we discuss the theory of DoS attack,analyze some potential leaks in TCP/IP protocol set,and introduce some new progress such as DDos .We also show how to make security plans to defense the DoS attacks by using Firewalls or IDS.

HAN Xinhui,LI Chen,XIAO Xiangquan,LIU Bingshuang,YE Jiayi

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2016.23.008

2016-01-01

Abstract:P2P live video systems are widely used in today's Internet.Compared with eMule/BitTorrent and other traditional P2P file-sharing systems,a P2P live video system has higher requirements on real time data,which becomes vulnerable weakness.Delay attack,with strong concealment,is potentially lethal for large P2P video broadcasting systems.Theoretical security threats of popular P2P live video systems were analyzed to propose three types of delay attack based on Eclipse attack,No-Offer attack,Delay Chunk attack,and No-Chunk attack,with a high-availability defense strategy against delay attack being developed.Experiments were made on PlanetLab based on PeerStreamer,which proves the impact of delay attack and the effectiveness of the developed defense strategy.

ZHANG Shao-jun,LI Jian-hua,CHEN Xiu-zhen,HU Wei

DOI: https://doi.org/10.3321/j.issn:1006-2467.2008.02.009

2008-01-01

Abstract:As one of the most notorious network attacks,distributed denial-of-service(DDoS) attack is famous for its easiness to launch and difficulty to defend.DDoS attack was regarded as a multistage game of incomplete information with observable actions and its extensive form was given out.It is pointed out that to attain the game's perfect Bayes equilibrium,the problem of computing and modifying the belief value of each player's type must be solved.As a practice of this viewpoint,a method of filtering attack stream according to its package rate and source address distribution characteristic was proposed.Finally, simulation was given out to demonstrate the effectiveness of the method.

肖军,云晓春,张永铮

DOI: https://doi.org/10.3724/sp.j.1016.2010.01713

2010-01-01

Chinese Journal of Computers

Abstract:Mitigating Distributed Denial-of-Service(DDoS)attacks becomes more challenging with increasing available resources and techniques for attackers.Current network-layer security devices fail to counter application-layer DDoS(App-DDoS)attacks for the normal traffic feature on the network layer.In this paper,to handle App-DDoS attacks,a novel defense model is proposed.App-DDoS attack is divided into 5 types based on the attack URL generating way.Based on the differences between normal sessions and attack sessions,the paper proposes the session behavior suspicion parameters and the session suspicion model,which can be used to differentiate normal sessions from App-DDoS sessions accurately.The model is combined with 3 forwarding policies,including First-Come First-Serve(FCFS),Low Suspicion First(LSF)and Round Robin respectively to defend against 5 types of App-DDoS attacks.Simulation result with real Web trace shows that these forwarding policies perform well when the forwarding rate equals to the maximum normal request arrival rate,and FCFS and Round Robin perform better than LSF on the normal request response delay.

Huang Tang,Xiangning Chen,Jichun Zhang

DOI: https://doi.org/10.1109/csss.2012.207

2012-01-01

Abstract:Denial of service (DoS) attacks remain a serious threat on the internet and again it is very difficult to devise a perfect DoS defense mechanism. In this paper, we investigate the main form of blocking attacks launched by a small amount of attacker firstly. And then cite some of the major methods that deal with denial of service attacks from the three aspects of prevention, detection and tracking. After that, a new type of authentication method applied to a shared media network or broadcast network, based on the calculation of the amount, established a connection between the client and the server-side is proposed. Lastly we present a detailed analysis the method that greatly enhances the security of the server.

Xiaohua Tian,Wei Liu,Yu Cheng

2015-01-01

Abstract: Bloom filter (BF) based forwarding is an effective approach to implement scalable multicasting in distributed systems. The forwarding BF carried by each packet can encode either multicast tree or destination IP addresses, which are termed as tree oriented approach (TOA) and destination oriented approach (DOA), respectively. Recent studies have indicated that TOA based protocols have serious vulnerabilities under some distributed denial-of-service (DDoS) attacks, and raised doubt about deployability of BF based multicasting. However, security analysis for DOA based protocols is still unavailable. In this paper, we present a systematic analysis of security performance of BF based multicasting. Important DDoS attacks and the corresponding defending mechanisms are studied in the context of DOA. We have positive findings that DOA, with convenient enhancement, has a robust performance in resisting a variety of DDoS attacks that can deny service of TOA based protocols. Moreover, we reveal that TOA based protocols are prone to flow duplication attack when applied in the data center network (DCN). We propose a dynamic-sized BF mechanism to defend against flow duplication attack for TOA based protocols in the DCN. Simulation results are presented to validate our theoretical analysis.

Xiaohua Tian,Wei Liu,Yu Cheng

2015-01-01

Abstract:This paper analyze security issues of Bloom filter based multicast forwarding mechanisms. Tree oriented approaches and destination oriented approaches are studied. We analyze the possible distributed denail of service (DDoS) against the Bloom filter based multicast with the destination oriented approach, which has never been analyzed before. We reveal some attack patterns that have not been studied in the literature. We also analyze the possible DDoS attacks against Bloom filter based multicast in the DCN context.

Baojun Zhou,Jie Li,Jinsong Wu,Song Guo,Yu Gu,Zhetao Li

DOI: https://doi.org/10.1109/icc.2018.8422327

2018-01-01

Abstract:In order to cope with the increasing number of cyber attacks, network operators must monitor the whole network situations in real time. Traditional network monitoring method that usually works on a single machine, however, is no longer suitable for the huge traffic data nowadays due to its poor processing ability. In this paper, we propose a machine-learning based online Internet traffic monitoring system using Spark Streaming, a stream- processing-based big data framework, to detect DDoS attacks in real time. The system consists of three parts, collector, messaging system and stream processor. We use a correlation-based feature selection method and choose 4 most necessary network features in our machine- learning-based DDoS detection algorithm. We verify the result of feature selection method by a comparative experiment and compare the detection accuracy of 3 machine learning methods - Naïve Bayes, Logistic Regression and Decision Tree. Finally, we conduct experiments in a cluster with the standalone mode, showing that our system can detect 3 typical DDoS attacks - TCP flooding, UDP flooding and ICMP flooding at the accuracy of more than 99.3%. It also shows the system performs well even for large Internet traffic.

Jiabin Li,Ming Liu,Zhi Xue,Xiaochen Fan,Xiangjian He

DOI: https://doi.org/10.1109/access.2020.2974293

IF: 3.9

2020-01-01

IEEE Access

Abstract:Distributed Denial of Service (DDoS) attacks are increasingly harmful to the cyberspace nowadays. The attackers can now easily launch a bigger and more challenging DDoS attack both towards and with Internet-of-Things (IoT) devices, due to the fast popularization of them. Because of the characteristic of fast overwhelming, it is important to make fast as well as accurate response to DDoS attacks, and the real-time performance can be even more important to prevent and legitimate the attacks. Among the methods proposed by researchers, the entropy-based detection method provides a sensitive and reliable performance. However, the balance between computational complexity and recognition accuracy remains a challenge. In this paper, we propose a detection method that consists of 3 main parts in different aspects: a sliding time window to fasten the entropy calculation, a single-directional filter to realize early detection during the DDoS progress but not after the crash, and a quintile deviation check algorithm to optimize the detection result. These will eventually lead to a real-time and high-efficient performance to recognize IoT DDoS attacks as soon as possible.

Ruihao Wang,Yangyang Wang,Mingwei Xu

DOI: https://doi.org/10.1145/3405837.3411384

2021-01-01

Abstract:ABSTRACTIn recent years, the idea of deploying DDoS defense mechanisms at the core networks of the Internet has attracted the attention. Nevertheless, Marcin Nawrocki et al. [3] discovered the serious limitations of Blackholing technology through research. Considering that Blackholing is difficult to achieve fine-grained and timely attack processing, it has obvious lag and subjectivity. Intelligent and accurate DDoS detection algorithms have become particularly important.

Xin Kang,Yongdong Wu

2012-01-01

Abstract:Nowadays, peer-to-peer (P2P) streaming systems have become the most popular way to deliver multimedia conte nt over the internet due to their low bandwidth requirement, high video streaming quality, and flexibility. However, P2P streaming systems are vulnerable to various attacks, especially poll ution attacks, due to their distributed and dynamically changing infrastructure. In this paper, by exploring the unique features of various pollution attacks, we propose a trust management system tailored for P2P streaming systems. Both direct trus t and indirect trust are taken into consideration in the design of the trust management system. A new way to model the direct trust i s proposed, and a dynamic confidence factor that can dynamical ly adjust the weight of direct and indirect trust in computing t he trust is proposed and studied. It is shown that the proposed trust management system is effective in identifying pollut ers and preventing them from further sharing of polluted data chunks.

pingping lin,xiaosong zhang

DOI: https://doi.org/10.1142/9789812799524_0074

2008-01-01

Abstract:Give a simple but practical scheme for detecting and defending against Distributed Denial of Service (DDoS), especially for Highly Distributed Denial of Service (HDDoS) attacks by monitoring the increase of new IP addresses. Unlike previous proposals, this proposal includes three modules: detecting, filtering, and illegal-packets analyzing. To improve the detection accuracy, we also proposed a simple but robust algorithm: sliding window algorithm. In the filtering module, a filter performs its tasks only during attacks. While the attack-packets-analyzing module uses a trap to analyze attack packets, perfects the defense system. Simulation results demonstrate the effectiveness of the proposed scheme under varieties of DDoS attack scenarios.

Chai Ying,Ye Dejian

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.10.074

2008-01-01

Abstract:Usually,the data of streaming media are transmitted through RTP/RTCP on UDP protocol,which performs poor on wireless network channel with high-error-rate and dramatic-fluctuated-bandwidth.A 2-TCP transmit mode and the performance of the 2-TCP is tested and analyzed.with separated TCP connections for RTSP and RTP is proposed.An efficient authorization protocol is designed,which is suitable for the popular distributed architecture of the streaming media server.The security and robustness of the authorization protocol are analyzed,and the performance of the 2-TCP is tested and analyzed.

陈静,李润知,董小社

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.23.057

2009-01-01

Abstract:Based on the analysis of the security challenges for P2P environments presented by mobile real-time streaming application, a P2PSIP-based mobile live streaming system(MPSLSS) is presented as well as a hybrid layered P2P network architecture is designed aiming at the controllability and manageability of MPSLSS.The security threats faced by MPSLSS are illustrated and analyzed using STRIDE threats modeling.A security architecture suitable for mobile real-time streaming application is presented and analyzed.

Yunhao Liu,Xiaomei Liu,Chen Wang,Li Xiao

DOI: https://doi.org/10.1109/icpp.2007.31

2007-01-01

Abstract:A flooding-based search mechanism is often used in unstructured P2P systems. Although a flooding-based search mechanism is simple and easy to implement, it is vulnerable to overlay distributed denial-of-service (DDoS) attacks. Most previous security techniques protect networks from network-layer DDoS attacks, but cannot be applied to overlay DDoS attacks. Overlay flooding-based DDoS attacks can be more damaging in that a small number of messages are inherently propagated to consume a large amount of bandwidth and computation resources. We propose a distributed and scalable method, DD-POLICE, to detect malicious nodes in order to defend P2P systems from overlay flooding-based DDoS attacks. We show the effectiveness of DD-POLICE by comprehensive simulation studies. We believe that deploying DD-POLICE will make P2P systems more scalable and robust.