Buchumschlag
Distributed Denial of Service attacks: real-world detection and mitigation
Gespeichert in:
Bibliographische Detailangaben
Beteiligte Personen: Brooks, Richard R. (VerfasserIn), Özçelik, İlker (VerfasserIn)
Format: Elektronisch E-Book
Sprache:Englisch
Veröffentlicht: Boca Raton ; London ; New York CRC Press 2020
Ausgabe:First edition
Links:https://ebookcentral.proquest.com/lib/munchentech/detail.action?docID=6268312
Beschreibung:Cover -- Half Title -- Title Page -- Copyright Page -- Dedication -- Contents -- Foreword -- About the Authors -- Acknowledgments -- Preface -- Contributors -- 1. Introduction -- 1.1 Performance Testing and Analysis of DDoS Detection Approaches -- 1.2 Deceiving DDoS Detection -- 1.3 DDoS Mitigation -- 1.4 Organization -- 2. What is DDoS? -- 2.1 Definition -- 2.2 Classification -- 2.2.1 Resource Saturation -- 2.2.1.1 System/Device Resources -- 2.2.1.2 Network Bandwidth -- 2.2.2 Exploiting Vulnerability -- 2.2.3 Tampering -- 2.2.4 Misuse -- 2.2.4.1 Fragmentation and Reassembly -- 2.2.4.2 TCP-based -- 2.2.4.3 Low and Slow Attacks -- 2.2.4.4 Filtering -- 2.2.4.5 Others -- 2.2.5 Physical Destruction -- 2.3 Botnet -- 2.3.1 Botnet Architectures -- 2.3.2 Botnet Topologies -- 2.3.2.1 Star -- 2.3.2.2 Multi-server -- 2.3.2.3 Hierarchical -- 2.3.2.4 Random -- 2.3.3 Botnet Resilience and CnC Resolution -- 2.3.3.1 IP Flux -- 2.3.3.2 Domain Flux -- 2.3.3.3 Blind Proxy Redirection -- 2.4 Attack Tools -- 2.4.1 Classification of Attack Tools -- 2.4.2 Popular Attack Tools -- 2.5 Problems -- 2.6 Glossary -- 3. History and Motivation -- 3.1 A Brief History of Computers and Computer Crime -- 3.2 DDoS Tools and Technologies -- 3.2.1 DDoS Bots and Stressers -- 3.2.2 Botnets -- 3.2.3 Worms -- 3.2.4 DNS DDoS -- 3.2.5 BGP Exploits -- 3.3 DDoS History -- 3.3.1 Early DoS -- 3.3.2 Hackers -- 3.3.2.1 L0pht -- 3.3.2.2 Ma aboy -- 3.3.3 Commercial Exploitation -- 3.3.3.1 DDoS for Hire -- 3.3.3.2 Ransomware -- 3.3.4 Censorship -- 3.3.4.1 Myanmar -- 3.3.4.2 Kyrgyzstan -- 3.3.4.3 Kazakh -- 3.3.4.4 Iran -- 3.3.4.5 Vietnam -- 3.3.4.6 Radio Free Europe/Radio Liberty -- 3.3.4.7 Krebs on Security -- 3.3.5 Cyberwar -- 3.3.5.1 Hainan -- 3.3.5.2 Estonia -- 3.3.5.3 Georgia -- 3.3.5.4 Ukraine -- 3.3.5.5 Israel -- 3.3.5.6 US and Korea -- 3.3.6 Hacktivism and/or Terrorism
3.3.6.1 Electronic Disturbance Theater -- 3.3.6.2 Electrohippies -- 3.3.6.3 Lufthansa -- 3.3.6.4 Russian Election -- 3.3.6.5 Chanology -- 3.3.6.6 CNN -- 3.3.6.7 Operations Titstorm and Payback -- 3.3.6.8 Lizard Squad -- 3.3.6.9 Black Lives Matter -- 3.3.6.10 Syrian Electronic Army -- 3.3.6.11 Daesh -- 3.3.7 Internet Blackouts -- 3.4 Conclusions -- 3.5 Problems -- 3.6 Glossary -- 4. Legal Considerations -- 4.1 Introduction -- 4.2 Laws against DDoS -- 4.3 Jurisdiction -- 4.4 DDoS Liability -- 4.5 Protest -- 4.6 Cyberwar -- 4.7 Conclusion -- 4.8 Problems -- 4.9 Glossary -- 5. DDoS Research: Traffic -- 5.1 Dataset -- 5.1.1 Classification -- 5.1.2 Features -- 5.2 Traffic Generation -- 5.2.1 Approaches -- 5.2.2 Tools -- 5.2.2.1 Stress Testing / Attack Traffic Generation Tools -- 5.2.2.2 Background Traffic Generation Tools -- 5.2.2.3 Replay Tools -- 5.3 (D)DoS Benchmark Datasets -- 5.4 Discussion -- 5.5 Problems -- 5.6 Glossary -- 6. DDoS Research: Testing -- 6.1 Network Simulators / Emulators -- 6.1.1 Popular Network Simulators / Emulators -- 6.1.1.1 NS2 -- 6.1.1.2 NS3 -- 6.1.1.3 OMNET++ -- 6.1.1.4 Shadow -- 6.1.1.5 GNS3 -- 6.1.1.6 IMUNES -- 6.1.1.7 CORE -- 6.1.1.8 Mininet -- 6.1.1.9 VNX -- 6.1.1.10 Wistar -- 6.2 Network Testbeds -- 6.2.1 Technologies and Concepts -- 6.2.2 Popular Network Testbeds -- 6.2.2.1 Emulab -- 6.2.2.2 PlanetLab -- 6.2.2.3 GENI -- 6.2.2.4 KREONET -- 6.2.2.5 FIRE -- 6.2.2.6 SAVI -- 6.2.2.7 JGN -- 6.3 Case Study Network Mirroring -- 6.3.1 Experiment Setup -- 6.3.2 Advantages of Experiment Setup -- 6.4 Problems -- 6.5 Glossary -- 7. DDoS Research: Evaluation -- 7.1 Performance Evaluation Metrics -- 7.1.1 Detection Performance -- 7.1.2 Mitigation Performance -- 7.1.3 System Cost -- 7.1.4 Qualitative Evaluation -- 7.2 Discussion -- 7.3 Problems -- 7.4 Glossary -- 8. Attack Detection -- 8.1 Classification of DDoS Detection Algorithms
8.2 An Empirical Study: DDoS Detection Using Operational Network Data -- 8.2.1 Literature -- 8.2.2 Background -- 8.2.2.1 Cumulative Sum (CUSUM) -- 8.2.2.2 Wavelet -- 8.2.2.3 Entropy -- 8.2.3 Performance Testing Using Operational Network Data -- 8.2.3.1 Traffic Volume-based Detection -- 8.2.3.2 Entropy-based Detection -- 8.2.3.3 Comparison and Discussion -- 8.2.4 Cusum-Entropy -- 8.2.4.1 Cusum - Entropy Algorithm -- 8.3 Problems -- 8.4 Glossary -- 9. Deceiving DDoS Detection -- 9.1 A Case Study: Deceiving Entropy-based DDoS Detection Systems -- 9.1.1 Entropy Spoofing -- 9.1.1.1 Controlling Entropy Value -- 9.1.2 Experimental Results -- 9.1.3 Discussion -- 9.2 Problems -- 9.3 Glossary -- 10. Attack Mitigation -- 10.1 Classification -- 10.1.1 Classification-based on Mitigation Time -- 10.1.1.1 Before An Attack (Prevention) -- 10.1.1.2 During An Attack (Detection) -- 10.1.1.3 After An Attack (Reaction / Source Identi cation) -- 10.1.2 Classification-based on Deployment Type -- 10.1.2.1 Centralized -- 10.1.2.2 Distributed -- 10.1.3 Classification-based on Deployment Location -- 10.1.3.1 Source-based -- 10.1.3.2 Destination-based -- 10.1.3.3 Network-based -- 10.1.3.4 Hybrid -- 10.1.4 Classification-based on Reaction Place -- 10.1.4.1 On The Premises -- 10.1.4.2 In The Cloud -- 10.1.5 Classification-based on Reaction Type -- 10.1.5.1 Filtering-based -- 10.1.5.2 Increasing Attack Surface -- 10.1.5.3 Moving Target -- 10.2 Content Delivery Networks -- 10.3 Deflect -- 10.4 DDM: Dynamic DDoS Mitigation System -- 10.4.1 DDM Building Blocks -- 10.4.1.1 Resource Manager -- 10.4.1.2 DNS Module -- 10.4.1.3 Deflect Module -- 10.4.1.4 Data Collection Module -- 10.4.1.5 Decision Module -- 10.4.1.6 DDM Controller -- 10.4.2 DDM Testing -- 10.4.2.1 Attack Scenarios -- 10.4.2.2 Test Results -- 10.4.3 Discussion -- 10.5 DDoS Mitigation Using Game Theory
10.5.1 Distributed Denial of Service Mitigation Approach Traffic Flow -- 10.5.1.1 Player 1 - Blue -- 10.5.1.2 Player 2 - Red -- 10.5.2 Distributed Denial of Service Mitigation Approach - Recon guration Strategies -- 10.5.2.1 Game -- 10.5.2.2 Sum of Games and Thermographs -- 10.6 Economic Denial of Sustainability -- 10.7 Discussion and Comparison -- 10.8 Problems -- 10.9 Glossary -- 11. Security and DDoS in SDN: Opportunities and Challenges -- 11.1 Overview -- 11.2 Fundamentals of SDN -- 11.3 Improving Network Security with SDN -- 11.3.1 Implementing Flexible and Cost-effective Security Functions -- 11.3.2 Deception and Moving Target Defense -- 11.3.3 Securing Protocols against Spoofing -- 11.3.4 Other Opportunities -- 11.4 New Security Threats against SDN -- 11.4.1 Reconnaissance against SDN -- 11.4.2 Taking Advantage of the Widened Attack Surface -- 11.5 DDoS in SDN -- 11.5.1 New DDoS Attacks Threatening SDN -- 11.5.2 Using SDN for Better DDoS Defense -- 11.6 Discussion and Future Trends -- 11.7 Problems -- 11.8 Glossary -- 12. Denial of Service Attack in Control Systems -- 12.1 DoS Attack in Cyber Physical Systems -- 12.2 Modeling DoS Attack From Control Perspective -- 12.3 DoS Attack Estimation and Countermeasure -- 12.3.1 Overview on Observer Design and Diagnostics -- 12.3.2 Adaptive Observer Design -- 12.4 Proposed Algorithm -- 12.5 Case Study and Simulation Results -- 12.6 Problems -- 12.7 Glossary -- 13. Denial of Service Attack on Phasor Measurement Unit -- 13.1 Overview -- 13.2 Background -- 13.2.1 The Synchrophasor Protocol -- 13.2.2 Security Gateways -- 13.2.3 Side-Channel Analysis -- 13.2.3.1 Hidden Markov Models -- 13.2.4 Man-In-The-Middle Attack -- 13.3 Two-Area Four Machine Power System with Utility-Scale PV Plant and PMUs -- 13.3.1 PMU Traffic Separation Algorithm -- 13.3.2 DoS Attack on PMU Measurement Traffic
13.4 AGC Operation Under Attack -- 13.4.1 Experimental Setup -- 13.5 Consequences of DoS Attacks -- 13.5.1 Fault and Attack without Countermeasure -- 13.5.2 Analysis -- 13.6 Summary -- 13.7 Problems -- 13.8 Glossary -- 14. DDoS Lab -- 14.1 Toolbox -- 14.1.1 Wireshark / tshark -- 14.1.2 Scapy -- 14.1.3 JMeter -- 14.1.4 Apache Traffic Server (ATS) -- 14.1.5 Apache HTTP Server -- 14.1.6 BIND Domain Name Server -- 14.1.7 Virtualbox -- 14.1.8 Deflect -- 14.1.9 Distributed DDoS Mitigation Tool (DDM) -- 14.2 Lab Guidelines -- 14.2.1 Data Handling -- 14.2.1.1 Course Background -- 14.2.1.2 Attestation -- 14.2.2 Assignment / Project Report -- 14.2.2.1 Introduction -- 14.2.2.2 Methodology -- 14.2.2.3 Results -- 14.2.2.4 Conclusion -- 14.2.2.5 Comments -- 14.2.2.6 Bibliography -- 14.2.2.7 Appendix -- 14.3 Assignments -- 14.3.1 Attack -- 14.3.1.1 Sniffing Network -- 14.3.1.2 Man in the Middle -- 14.3.1.3 Spoofing -- 14.3.1.4 Network Background Traffic Generation -- 14.3.1.5 DDoS Simulation -- 14.3.1.6 Syn Flood -- 14.3.1.7 Bandwidth Starvation Attack -- 14.3.1.8 Amplification / Reflection -- 14.3.1.9 HTTP GET / POST -- 14.3.2 Detection -- 14.3.2.1 Thresholding -- 14.3.2.2 Cusum -- 14.3.2.3 Cusum - Wavelet -- 14.3.2.4 Wavelet - Cusum -- 14.3.2.5 Entropy -- 14.3.2.6 Questions -- 14.3.3 Deception -- 14.3.4 Mitigation -- 15. Conclusion -- 15.1 Analysis and Conclusions -- 15.2 Suggestions for Future Research -- 15.3 Final Words -- 16. Appendix -- 16.1 Generate TCP Traffic with Ostinato -- 16.2 Mininet Quick Guide -- 16.2.1 Mininet Quick Hands-On -- 16.2.1.1 Install Mininet -- 16.2.1.2 Access Mininet VM -- 16.2.1.3 Start and Stop Mininet -- 16.2.2 Mininet Lab Guide -- 16.2.2.1 Create a Topology -- 16.2.2.2 Run Applications on the Network -- 16.3 NS2 DDoS Simulation -- 16.3.1 Explanation of Script "attack.tcl -- 16.3.1.1 Key Concepts
16.3.1.2 Explanation of the Script
Umfang:1 Online-Ressource Illustrationen
ISBN:9781351817646
9781315213125
Bestellen (Login erforderlich)
Online lesen