Holistic approach for critical system security: Flooding prevention

Denial of Service (DoS) attacks can cause significant financial damages. Flooding is one kind of DoS attacks. This paper presents a new security approach which prevents flooding in the critical systems. A new concept of a dynamic-multi- points-communication is included to make the prevention of flooding attacks easier. In addition, dynamic key encryption technique is adapted as a part of the proposed approach to enhance its functionality.

[1]  Philip K. Chan,et al.  Detecting novel attacks by identifying anomalous network packet headers , 2001 .

[2]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[3]  Ahmed Mehaoua,et al.  Flooding attacks detection and victim identification over high speed networks , 2009, 2009 Global Information Infrastructure Symposium.

[4]  Bala Srinivasan,et al.  A Limited-Used Key Generation Scheme for Internet Transactions , 2004, WISA.

[5]  Andrew H. Sung,et al.  Computational Intelligent Techniques for Detecting Denial of Service Attacks , 2004, IEA/AIE.

[6]  Salim Hariri,et al.  Multivariate statistical analysis for network attacks detection , 2005, The 3rd ACS/IEEE International Conference onComputer Systems and Applications, 2005..

[7]  Evangelos Kranakis,et al.  Resisting Malicious Packet Dropping in Wireless Ad Hoc Networks , 2003, ADHOC-NOW.

[8]  Xianping Wu,et al.  Dynamic Keys Based Sensitive Information System , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[9]  Mario Gerla,et al.  D-ward: source-end defense against distributed denial-of-service attacks , 2003 .

[10]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[11]  Walid G. Aref,et al.  Digital Government Security Infrastructure Design Challenges , 2001, Computer.

[12]  Ruby B. Lee,et al.  Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.

[13]  Tai-Myoung Chung,et al.  Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System , 2008, 2008 10th International Conference on Advanced Communication Technology.

[14]  Los Angeles,et al.  D-WARD: Source-End Defense Against Distributed Denial-of-Service Attacks , 2003 .

[15]  Kutila Gunasekera,et al.  Comparative Efficiency and Implementation Issues of Itinerant Agent Language on Different Agent Platforms , 2008 .

[16]  Thomas Magedanz,et al.  Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding , 2007, IPTComm '07.

[17]  Que,et al.  @bullet @bullet @bullet ® , .

[18]  Andrew H. Sung,et al.  Computational intelligent techniques for detecting denial of service attacks , 2004 .

[19]  Tomas Olovsson,et al.  Detection of malicious traffic on back‐bone links via packet header analysis , 2008 .

[20]  Jordi Torres,et al.  Adaptive distributed mechanism against flooding network attacks based on machine learning , 2008, AISec '08.

[21]  Jörg Schwenk,et al.  The Accountability Problem of Flooding Attacks in Service-Oriented Architectures , 2009, 2009 International Conference on Availability, Reliability and Security.

[22]  Carl H. Hauser,et al.  Modular over-the-wire configurable security for long-lived critical infrastructure monitoring systems , 2009, DEBS '09.

[23]  Tae-Hyung Kim,et al.  Annulling SYN Flooding Attacks with Whitelist , 2008, 22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008).

[24]  Costas Lambrinoudakis,et al.  Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy , 2003, Comput. Commun..

[25]  Rebecca N. Wright,et al.  Off-Line Generation of Limited-Use Credit Card Numbers , 2001, Financial Cryptography.

[26]  Wei Chen,et al.  Defending Against TCP SYN Flooding Attacks Under Different Types of IP Spoofing , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[27]  Diego Zamboni,et al.  Data collection mechanisms for intrusion detection systems , 2000 .

[28]  Bora A. Akyol,et al.  A vulnerability taxonomy for network protocols: Corresponding engineering best practice countermeasures , 2004, Communications, Internet, and Information Technology.

[29]  Ion Stoica,et al.  Taming IP packet flooding attacks , 2004, Comput. Commun. Rev..

[30]  Young-Soo Kim,et al.  Delay Model for Flooding of Service Prevention in E-Commerce System , 2007, Future Generation Communication and Networking (FGCN 2007).

[31]  Philippe Owezarski,et al.  Some Issues raised by DoS Attacks and the TCP/IP Suite , 2005 .

[32]  William H. Mangione-Smith,et al.  Specialized Hardware for Deep Network Packet Filtering , 2002, FPL.

[33]  Biswanath Mukherjee,et al.  Network security via reverse engineering of TCP code: vulnerability analysis and proposed solutions , 1997 .