Who's got my back? Measuring the adoption of an internet-wide BGP RTBH Service

Distributed Denial-of-Service (DDoS) attacks continue to threaten the availability of Internet-based services. While countermeasures exist to decrease the impact of these attacks, not all operators have the resources or knowledge to deploy them. Alternatively, anti-DDoS services such as DDoS clearing houses and blackholing have emerged....

Uncovering the vulnerable: Exploring the issue of TCP reflective amplification in the network of an ISP

The rapid growth of internet-connected devices has led to a significant increase in the number of cyber attacks, resulting in security challenges related to IoT. Researchers have discovered a new attack technique that can be used for launching large DDoS attacks, which involves TCP reflective amplification by abusing middleboxes and IoT devices....

Detection and Mitigation Mechanisms for Attacks in Programmable Data Planes

DDoS attacks are becoming more common and sophisticated. Only recently, in 2017, Google claims they have mitigated an attack which sent 2.54 Tbps of traffic to their servers. In order to prevent these attacks, more and more robust defence mechanisms need to be put in place to withstand the malicious traffic and secure the networks. Programmable...

SAVing the Internet: Measuring the adoption of Source Address Validation (SAV) by network providers

IP spoofing is the act of forging source IP addresses assigned to a host machine. Spoofing provides users the ability to hide their identity and impersonate another machine. Malicious users use spoofing to invoke a variety of attacks. Examples are Distributed Denial of Service (DDoS) attacks, policy evasion and a range of application-level...

HTTPScout: A Machine Learning based Countermeasure for HTTP Flood Attacks in SDN

Nowadays, the number of Distributed Denial of Service (DDoS) attacks is growing rapidly. The aim of these type of attacks is to make the prominent and critical services unavailable for legitimate users. HTTP flooding is one of the most common DDoS attacks and because of its implementation in application layer, it is difficult to detect and...

Assessing e-Government DNS Resilience

Electronic government (e-gov) enables citizens and residents to digitally interact with their government via the Internet. Underpinning these services is the Internet Domain Name Systems (DNS), which maps e-gov domain names to Internet addresses. Structuring DNS with multiple levels of redundancy that can withstand stress events such as denial...

Blockchain-based frameworks for mitigating DDoS and Sybil attacks in the IoT

With the growing scale of the IoT, many industries enjoy the benefit of automation. The IoT consists of an interconnected network of devices that sense their surroundings and share data among other IoT devices. However, this data can be sensitive and private in nature, making security within the ever-growing IoT network a high priority. Because...

Understanding the Attackers and Victims in IoT-based DDoS attacks: A mixed methodology approach to understanding cybercrime

To protect critical services in today's society it is necessary to mitigate and prevent risks threatening the reliability of the internet. Internet-of-Things (IoT) devices are the number one attack target on the internet. The situation will become worse as there will be an expected 40 billion IoT devices in 2025. IoT bot activity represented 78%...

Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks

Amplification attacks generate an enormous flood of unwanted traffic towards a victim and are generated with the help of open, unsecured services, to which an adversary sends spoofed service requests that trigger large answer volumes to a victim. However, the actual execution of the packet flood is only one of the activities necessary for a...

United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale

Amplification Distributed Denial of Service (DDoS) attacks' traffic and harm are at an all-time high. To defend against such attacks, distributed attack mitigation platforms, such as traffic scrubbing centers that operate in peering locations, e.g., Internet Exchange Points (IXP), have been deployed in the Internet over the years. These...

Evaluating Hosting Provider Security Through Abuse Data and the Creation of Metrics

Hosting providers are theoretically in a key position to combat cybercrime as they are often the entities renting out the resources that end up being abused by miscreants. Yet, notwithstanding hosting providers' current security measures to combat abuse, their responses vary widely. In many cases the response is ineffective, as empirical...

Pay the Piper: DDoS mitigation technique to deter financially-motivated attackers

Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content delivery network, have been proposed; unfortunately, these are...

Is it OK to be an Anonymous?

Do the deviant acts carried out by the collective known as Anonymous qualify as vigilante activity, and if so, can they be justified? Addressing this question helps expose the difficulties of morally evaluating technologically enabled deviance. Anonymous is a complex, fluid actor but not as mysterious as popularly portrayed. Under a definition...

A study on TCP-SYN attacks and their effects on a network infrastructure

Over the years, the Internet has evolved from a tool for the research community to an indispensable network connecting over a billion nodes world wide. There are many security threats existing on the Internet, one of them is the denial-of-service attack (DoS). In this thesis, we study effect of denial-of-service attacks arising from TCP SYN...