Related papers: BGPeek-a-Boo: Active BGP-based Traceback for Ampli…
Disruption from service caused by DDoS attacks is an immense threat to Internet today. These attacks can disrupt the availability of Internet services completely, by eating either computational or communication resources through sheer…
DDoS attacks have become a major threat to the security of IoT devices and can cause severe damage to the network infrastructure. IoT devices suffer from the inherent problem of resource constraints and are therefore susceptible to such…
Spoofing with falsified IP-MAC pair is the first step in most of the LAN based-attacks. Address Resolution Protocol (ARP) is stateless, which is the main cause that makes spoofing possible. Several network level and host level mechanisms…
Distributed Denial of Service (DDoS) attacks exhaust victim's bandwidth or services. Traditional architecture of Internet is vulnerable to DDoS attacks and an ongoing cycle of attack & defense is observed. In this paper, different types and…
We present the Maestro attack, a novel Link Flooding Attack (LFA) that leverages control-plane traffic engineering techniques to concentrate botnet-sourced Distributed Denial of Service flows on transit links. Executed from a compromised or…
We propose a novel approach for distributed statistical detection of change-points in high-volume network traffic. We consider more specifically the task of detecting and identifying the targets of Distributed Denial of Service (DDoS)…
Source Address Validation (SAV) is a standard aimed at discarding packets with spoofed source IP addresses. The absence of SAV for outgoing traffic has been known as a root cause of Distributed Denial-of-Service (DDoS) attacks and received…
Volumetric Distributed Denial of Service (DDoS) attacks have been a recurrent issue on the Internet. These attacks generate a flooding of fake network traffic to interfere with targeted servers or network links. Despite many efforts to…
DoS and DDoS attacks have been growing in size and number over the last decade and existing solutions to mitigate these attacks are in general inefficient. Compared to other types of malicious cyber attacks, DoS and DDoS attacks are…
The rapid expansion of the Internet of Things (IoT) has intensified security challenges, notably from Distributed Denial of Service (DDoS) attacks launched by compromised, resource-constrained devices. Traditional defenses are often…
The IPv6 routing protocol for low-power and lossy networks (RPL) is the standard routing protocol for IPv6 based low-power wireless personal area networks (6LoWPANs). In RPL protocol, DODAG information object (DIO) messages are used to…
Networks (Autonomous Systems-AS) allocate or revoke IP prefixes with the intervention of official Internet resource number authorities, and select and advertise policy-compliant paths towards these prefixes using the inter-domain routing…
Recent anti-spoofing systems focus on spoofing detection, where the task is only to determine whether the test audio is fake. However, there are few studies putting attention to identifying the methods of generating fake speech. Common…
We propose a routing protocol for wireless networks. Wireless routing protocols allow hosts within a network to have some knowledge of the topology in order to know when to forward a packet (via broadcast) and when to drop it. Since a…
BGP prefix hijacking is a critical threat to the resilience and security of communications in the Internet. While several mechanisms have been proposed to prevent, detect or mitigate hijacking events, it has not been studied how to…
Despite the proliferation of traffic filtering capabilities throughout the Internet, attackers continue to launch distributed denial-of-service (DDoS) attacks to successfully overwhelm the victims with DDoS traffic. In this paper, we…
Many ad hoc routing protocols are based on some variant of flooding. Despite various optimizations, many routing messages are propagated unnecessarily. We propose a gossiping-based approach, where each node forwards a message with some…
Current tools and systems of detecting vulnerabilities simply alert the administrator of attempted attacks against his network or system. However, generally, the huge number of alerts to analyze and the amount time required to update…
With the goal of improving the security of Internet protocols, we seek faster, semi-automatic methods to discover new vulnerabilities in protocols such as DNS, BGP, and others. To this end, we introduce the LLM-Assisted Protocol Attack…
Prefix hijacking is a common phenomenon in the Internet that often causes routing problems and economic losses. In this demo, we propose ARTEMIS, a tool that enables network administrators to detect and mitigate prefix hijacking incidents,…