Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Filters

20202

Settings

Author: search.filters.author.Santhi Thilagam, P.Subject: search.filters.subject.DDoS

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Multiplexed Asymmetric Attacks: Next-Generation DDoS on HTTP/2 Servers
    (Institute of Electrical and Electronics Engineers Inc., 2020) Praseed, A.; Santhi Thilagam, P.
    Distributed Denial of Service (DDoS) attacks using the HTTP protocol have started gaining popularity in recent years. A recent trend in this direction has been the use of computationally expensive requests to launch attacks. These attacks, called Asymmetric Workload attacks can bring down servers using limited resources, and are extremely difficult to detect. The introduction of HTTP/2 has been welcomed by developers because it improves user experience and efficiency. This was made possible by the ability to transport HTTP requests and their associated inline resources simultaneously by using Multiplexing and Server Push. However multiplexing has made request traffic bursty and rendered DDoS detection mechanisms based on connection limiting obsolete. Contrary to its intention, multiplexing can also be misused to launch sophisticated DDoS attacks using multiple high workload requests in a single TCP connection. However, sufficient research has not been done in this area. Existing research demonstrates that the HTTP/2 protocol allows users to launch DDoS attacks easily, but does not focus on whether an HTTP/2 server can handle DDoS attacks more efficiently or not. Also, sufficient research has not been done on the possibility of Multiplexing and Server Push being misused. In this work, we analyse the performance of an HTTP/2 server compared to an HTTP/1.1 server under an Asymmetric DDoS attack for the same load. We propose a new DDoS attack vector called a Multiplexed Asymmetric DDoS attack, which uses multiplexing in a different way than intended. We show that such an attack can bring down a server with just a few attacking clients. We also show that a Multiplexed Asymmetric Attack on a server with Server Push enabled can trigger an egress network layer flood in addition to an application layer attack. © 2005-2012 IEEE.
  • No Thumbnail Available
    Item
    Naïve bayes classifier to mitigate the DDoS attacks severity in Ad-Hoc networks
    (Kohat University of Science and Technology ijcnis@gmail.com, 2020) Karri, K.; Santhi Thilagam, P.
    Ad-Hoc networks are becoming more popular due to their unique characteristics. As there is no centralized control, these networks are more vulnerable to various attacks, out of which Distributed Denial of Service (DDoS) attacks consider as more severe attacks. DDoS attack detection and mitigation is still a challenging issue in Ad-Hoc Networks. The existing solutions find the fixed or dynamic threshold value to detect the DDoS attacks without any trained data. Very few existing solutions use machine learning algorithms to detect these attacks. However, existing solutions are inefficient to handle when DDoS attackers perform this attack through bursty traffic, packet size, and fake packets flooding. We have proposed DDoS attack severity mitigation solution. Out DDoS mitigation solution consists of a new network node authentication module and naïve Bayes classifier module to detect and isolate the DDoS attack traffic patterns. Our simulation results show that naïve Bayes DDoS attack traffic classification outperforms in the hostile environment and secure the legitimate traffic from DDoS attack. © 2020, Kohat University of Science and Technology.