Related papers: Me Love (SYN-)Cookies: SYN Flood Mitigation in Pro…
Website fingerprinting attacks enable an adversary to infer which website a victim is visiting, even if the victim uses an encrypting proxy, such as Tor. Previous work has shown that all proposed defenses against website fingerprinting…
Distributed Denial-of-Service (DDoS) attacks are usually launched through the $botnet$, an "army" of compromised nodes hidden in the network. Inferential tools for DDoS mitigation should accordingly enable an early and reliable…
Deciding that two network flows are essentially the same is an important problem in intrusion detection and in tracing anonymous connections. A stepping stone or an anonymity network may try to prevent flow correlation by adding chaff…
With the growing realization that current Internet protocols are reaching the limits of their senescence, a number of on-going research efforts aim to design potential next-generation Internet architectures. Although they vary in maturity…
Distributed Denial-of-Service (DDoS) attacks remain a serious threat to online infrastructure, often bypassing detection by altering traffic in subtle ways. We present a method using hive-plot sequences of network data and a 3D…
The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of…
Denial-of-Service (DoS) attacks are one of the most common and consequential cyber attacks in computer networks. While existing research offers a plethora of detection methods, the issue of achieving both scalability and high detection…
The Denial-of-service (DoS) attack is considered one of the largest threats to the availability of cloud-computing services. Due to the unique architecture of cloud-computing systems, the methods for detecting and preventing DoS attacks are…
Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built…
With the increasing diversity of Distributed Denial-of-Service (DDoS) attacks, it is becoming extremely challenging to design a fully protected network. For instance, Stealthy Link Flooding Attack (SLFA) is a variant of DDoS attacks that…
Distributed Denial-of-Service (DDoS) attacks exhaust resources, leaving a server unavailable to legitimate clients. The Domain Name System (DNS) is a frequent target of DDoS attacks. Since DNS is a critical infrastructure service,…
Botnet Distributed Denial of Service (DDoS) attacks are now 20 years old; what has changed in that time? Their disruptive presence, their volume, distribution across the globe, and the relative ease of launching them have all been trending…
More and more industrial devices are connected to IP-based networks, as this is essential for the success of Industry 4.0. However, this interconnection also results in an increased attack surface for various network-based attacks. One of…
Cyber-attacks have been one of the deadliest attacks in today's world. One of them is DDoS (Distributed Denial of Services). It is a cyber-attack in which the attacker attacks and makes a network or a machine unavailable to its intended…
Denial of service attacks pose a threat in constant growth. This is mainly due to their tendency to gain in sophistication, ease of implementation, obfuscation and the recent improvements in occultation of fingerprints. On the other hand,…
Distributed denial of service (DDoS) attack becomes a rapidly growing problem with the fast development of the Internet. The existing DDoS attack detection methods have time-delay and low detection rate. This paper presents a DDoS attack…
In this paper, we analyze several recent schemes for watermarking network flows that are based on splitting the flow into timing intervals. We show that this approach creates time-dependent correlations that enable an attack that combines…
Existing processes and methods for incident handling are geared towards infrastructures and operational models that will be increasingly outdated by cloud computing. Research has shown that to adapt incident handling to cloud computing…
Unexpected increases in demand and most of all flash crowds are considered the bane of every web application as they may cause intolerable delays or even service unavailability. Proper quality of service policies must guarantee rapid…
Distributed Denial of Service (DDoS) attacks persist as significant threats to online services and infrastructure, evolving rapidly in sophistication and eluding traditional detection mechanisms. This evolution demands a comprehensive…