Pub Date : 1900-01-01DOI: 10.4018/978-1-7998-5348-0.ch025
Rohit Kumar
IaaS, PaaS, and SaaS models collectively form the Cloud Computing Infrastructure. The complexity of interrelationship of service models is very high and so security issue becomes essentials and must be developed with utmost care. Distributed DOS attacks are a major concern for different organization engaged in using cloud based services. The denial of service attack and distributed denial of service attacks in particular in cloud paradigms are big threat on a cloud network or platform. These attacks operate by rendering the server and network useless by sending unnecessary service and resource requests. The victims host or network isn't aware of such attacks and keeps providing recourses until they get exhausted. Due to resource exhaustions, the resources requests of genuine users doesn't get fulfilled. Severity of these attacks can lead to huge financial losses if, they are able to bring down servers executing financial services. This chapter presents DOS threats and methods to mitigate them in varied dimensions.
{"title":"DOS Attacks on Cloud Platform","authors":"Rohit Kumar","doi":"10.4018/978-1-7998-5348-0.ch025","DOIUrl":"https://doi.org/10.4018/978-1-7998-5348-0.ch025","url":null,"abstract":"IaaS, PaaS, and SaaS models collectively form the Cloud Computing Infrastructure. The complexity of interrelationship of service models is very high and so security issue becomes essentials and must be developed with utmost care. Distributed DOS attacks are a major concern for different organization engaged in using cloud based services. The denial of service attack and distributed denial of service attacks in particular in cloud paradigms are big threat on a cloud network or platform. These attacks operate by rendering the server and network useless by sending unnecessary service and resource requests. The victims host or network isn't aware of such attacks and keeps providing recourses until they get exhausted. Due to resource exhaustions, the resources requests of genuine users doesn't get fulfilled. Severity of these attacks can lead to huge financial losses if, they are able to bring down servers executing financial services. This chapter presents DOS threats and methods to mitigate them in varied dimensions.","PeriodicalId":417372,"journal":{"name":"Research Anthology on Combating Denial-of-Service Attacks","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121139813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-7998-5348-0.ch021
J. D. T. Gonzalez, W. Kinsner
A comparison between the probability similarities of a Distributed Denial-of-Service (DDoS) dataset and Lévy walks is presented. This effort validates Lévy walks as a model resembling DDoS probability features. In addition, a method, based on the Smirnov transform, for generating synthetic data with the statistical properties of Lévy-walks is demonstrated. The Smirnov transform is used to address a cybersecurity problem associated with the Internet-of-things (IoT). The synthetic Lévy-walk is merged with sections of distinct signals (uniform noise, Gaussian noise, and an ordinary sinusoid). Zero-crossing rate (ZCR) within a varying-size window is utilized to analyze both the composite signal and the DDoS dataset. ZCR identifies all the distinct sections in the composite signal and successfully detects the occurrence of the cyberattack. The ZCR value increases as the signal under analysis becomes more complex and produces steadier values as the varying window size increases. The ZCR computation directly in the time-domain is its most notorious advantage for real-time implementations.
{"title":"Zero-Crossing Analysis of Lévy Walks and a DDoS Dataset for Real-Time Feature Extraction","authors":"J. D. T. Gonzalez, W. Kinsner","doi":"10.4018/978-1-7998-5348-0.ch021","DOIUrl":"https://doi.org/10.4018/978-1-7998-5348-0.ch021","url":null,"abstract":"A comparison between the probability similarities of a Distributed Denial-of-Service (DDoS) dataset and Lévy walks is presented. This effort validates Lévy walks as a model resembling DDoS probability features. In addition, a method, based on the Smirnov transform, for generating synthetic data with the statistical properties of Lévy-walks is demonstrated. The Smirnov transform is used to address a cybersecurity problem associated with the Internet-of-things (IoT). The synthetic Lévy-walk is merged with sections of distinct signals (uniform noise, Gaussian noise, and an ordinary sinusoid). Zero-crossing rate (ZCR) within a varying-size window is utilized to analyze both the composite signal and the DDoS dataset. ZCR identifies all the distinct sections in the composite signal and successfully detects the occurrence of the cyberattack. The ZCR value increases as the signal under analysis becomes more complex and produces steadier values as the varying window size increases. The ZCR computation directly in the time-domain is its most notorious advantage for real-time implementations.","PeriodicalId":417372,"journal":{"name":"Research Anthology on Combating Denial-of-Service Attacks","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131397564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-3646-8.CH003
Rizwan Ur Rahman, D. Tomar
Security issues in e-commerce web applications are still exploratory, and in spite of an increase in e-commerce application research and development, lots of security challenges remain unanswered. Botnets are the most malicious threats to web applications, especially the e-commerce applications. Botnet is a network of BOTs. It executes automated scripts to launch different types of attack on web applications. Botnets are typically controlled by one or more hackers known as Bot masters and are exploited for different types of attacks including Dos (denial of service), DDos (distributed denial of service), phishing, spreading of malware, adware, Spyware, identity fraud, and logic bombs. The aim of this chapter is to scrutinize to what degree botnets can cause a threat to e-commerce security. In the first section, an adequate overview of botnets in the context of e-commerce security is presented in order to provide the reader with an understanding of the background for the remaining sections.
{"title":"Botnet Threats to E-Commerce Web Applications and Their Detection","authors":"Rizwan Ur Rahman, D. Tomar","doi":"10.4018/978-1-5225-3646-8.CH003","DOIUrl":"https://doi.org/10.4018/978-1-5225-3646-8.CH003","url":null,"abstract":"Security issues in e-commerce web applications are still exploratory, and in spite of an increase in e-commerce application research and development, lots of security challenges remain unanswered. Botnets are the most malicious threats to web applications, especially the e-commerce applications. Botnet is a network of BOTs. It executes automated scripts to launch different types of attack on web applications. Botnets are typically controlled by one or more hackers known as Bot masters and are exploited for different types of attacks including Dos (denial of service), DDos (distributed denial of service), phishing, spreading of malware, adware, Spyware, identity fraud, and logic bombs. The aim of this chapter is to scrutinize to what degree botnets can cause a threat to e-commerce security. In the first section, an adequate overview of botnets in the context of e-commerce security is presented in order to provide the reader with an understanding of the background for the remaining sections.","PeriodicalId":417372,"journal":{"name":"Research Anthology on Combating Denial-of-Service Attacks","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134269219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-7998-5348-0.ch026
T. M., N. S, Sindhuja R
Cloud computing is the fastest growing technology in today's world. Cloud services provide pay as go models on capacity or usage. For providing better cloud services, capacity planning is very important. Proper capacity planning will maximize efficiency and on the other side proper control over the resources will help to overcome from attacks. As the technology develops in one side, threats and vulnerabilities to security also increases on the other side. A complete analysis of Denial of Service (DOS) attacks in cloud computing and how are they done in the cloud environment and the impact of reduced capacity in cloud causes greater significance. Among all the cloud computing attacks, DOS is a major threat to the cloud environment. In this book chapter, we are going to discuss DOS attack in the cloud and its types, what are the tools used to perform DOS attack and how they are detected and prevented. Finally it deals with the measures to protect the cloud services from DOS attack and also penetration testing for DOS attack.
{"title":"Denial of Service (DoS) Attacks Over Cloud Environment","authors":"T. M., N. S, Sindhuja R","doi":"10.4018/978-1-7998-5348-0.ch026","DOIUrl":"https://doi.org/10.4018/978-1-7998-5348-0.ch026","url":null,"abstract":"Cloud computing is the fastest growing technology in today's world. Cloud services provide pay as go models on capacity or usage. For providing better cloud services, capacity planning is very important. Proper capacity planning will maximize efficiency and on the other side proper control over the resources will help to overcome from attacks. As the technology develops in one side, threats and vulnerabilities to security also increases on the other side. A complete analysis of Denial of Service (DOS) attacks in cloud computing and how are they done in the cloud environment and the impact of reduced capacity in cloud causes greater significance. Among all the cloud computing attacks, DOS is a major threat to the cloud environment. In this book chapter, we are going to discuss DOS attack in the cloud and its types, what are the tools used to perform DOS attack and how they are detected and prevented. Finally it deals with the measures to protect the cloud services from DOS attack and also penetration testing for DOS attack.","PeriodicalId":417372,"journal":{"name":"Research Anthology on Combating Denial-of-Service Attacks","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123962398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-9742-1.CH016
S. Yamaguchi, B. Gupta
This chapter introduces malware's threat in the internet of things (IoT) and then analyzes the mitigation methods against the threat. In September 2016, Brian Krebs' web site “Krebs on Security” came under a massive distributed denial of service (DDoS) attack. It reached twice the size of the largest attack in history. This attack was caused by a new type of malware called Mirai. Mirai primarily targets IoT devices such as security cameras and wireless routers. IoT devices have some properties which make them malware attack's targets such as large volume, pervasiveness, and high vulnerability. As a result, a DDoS attack launched by infected IoT devices tends to become massive and disruptive. Thus, the threat of Mirai is an extremely important issue. Mirai has been attracting a great deal of attention since its birth. This resulted in a lot of information related to IoT malware. Most of them came from not academia but industry represented by antivirus software makers. This chapter summarizes such information.
{"title":"Malware Threat in Internet of Things and Its Mitigation Analysis","authors":"S. Yamaguchi, B. Gupta","doi":"10.4018/978-1-5225-9742-1.CH016","DOIUrl":"https://doi.org/10.4018/978-1-5225-9742-1.CH016","url":null,"abstract":"This chapter introduces malware's threat in the internet of things (IoT) and then analyzes the mitigation methods against the threat. In September 2016, Brian Krebs' web site “Krebs on Security” came under a massive distributed denial of service (DDoS) attack. It reached twice the size of the largest attack in history. This attack was caused by a new type of malware called Mirai. Mirai primarily targets IoT devices such as security cameras and wireless routers. IoT devices have some properties which make them malware attack's targets such as large volume, pervasiveness, and high vulnerability. As a result, a DDoS attack launched by infected IoT devices tends to become massive and disruptive. Thus, the threat of Mirai is an extremely important issue. Mirai has been attracting a great deal of attention since its birth. This resulted in a lot of information related to IoT malware. Most of them came from not academia but industry represented by antivirus software makers. This chapter summarizes such information.","PeriodicalId":417372,"journal":{"name":"Research Anthology on Combating Denial-of-Service Attacks","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130499058","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: