-
A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method
Authors:
P. D. Bojovic,
I. Basicevic,
S. Ocovaj,
M. Popovic
Abstract:
This paper presents a hybrid method for the detection of distributed denial-of-service (DDoS) attacks that combines feature-based and volume-based detection. Our approach is based on an exponential moving average algorithm for decision-making, applied to both entropy and packet number time series. The approach has been tested by performing a controlled DDoS experiment in a real academic network. T…
▽ More
This paper presents a hybrid method for the detection of distributed denial-of-service (DDoS) attacks that combines feature-based and volume-based detection. Our approach is based on an exponential moving average algorithm for decision-making, applied to both entropy and packet number time series. The approach has been tested by performing a controlled DDoS experiment in a real academic network. The network setup and test scenarios including both high-rate and low-rate attacks are described in the paper. The performance of the proposed method is compared to the performance of two methods that are already known in the literature. One is based on the counting of SYN packets and is used for detection of SYN flood attacks, while the other is based on a CUSUM algorithm applied to the entropy time series. The results show the advantage of our approach compared to methods that are based on either entropy or number of packets only.
△ Less
Submitted 8 November, 2018;
originally announced December 2018.
-
Multikast rutiranje open-source platformom - XORP
Authors:
Petar D. Bojovic,
K. Savic,
A. Smiljanic
Abstract:
Integration of a software router into embedded systems is obtained possibility of the most modern routers, at a much more affordable price. Transfer services TV and radio signals over the IP network are only activated by using multicast 1 protocol for routing. Multicast routing 2 is currently a feature of only costly hardware solutions. The XORP open-source platform offers multicast routing throug…
▽ More
Integration of a software router into embedded systems is obtained possibility of the most modern routers, at a much more affordable price. Transfer services TV and radio signals over the IP network are only activated by using multicast 1 protocol for routing. Multicast routing 2 is currently a feature of only costly hardware solutions. The XORP open-source platform offers multicast routing through a software router, with the ability to integrate into cheap embedded platforms.
---- Integracijom softverskog rutera u embedded sisteme dobija se mogućnost najsavremenijih rutera, po znatno pristupačnijoj ceni. Servisi prenosa TV i radio signala preko IP mreže, zaživljavaju tek korišćenjem multikast 1 protokola za rutiranje. Multikast rutiranje 2 je trenutno funkcija samo skupih hardverskih rešenja. XORP open-source platforma nudi multikast rutiranje kroz softverski ruter, sa mogućnošću integracije u jeftine embedded platforme.
△ Less
Submitted 3 December, 2017;
originally announced December 2017.
-
Analiza bezbednosnih mehanizama OSPF protokola
Authors:
P. D. Bojovic,
K. Savic
Abstract:
The security of the service and the system depends on the security of each of them components of this system. An attack on the routing protocol may be inaccurate functioning of the computer network. In some cases this is possible The attacker comes to data or artificial information for which he is not entitled. OSPF protocol is the most commonly used connection protocol. U In this paper, we conduc…
▽ More
The security of the service and the system depends on the security of each of them components of this system. An attack on the routing protocol may be inaccurate functioning of the computer network. In some cases this is possible The attacker comes to data or artificial information for which he is not entitled. OSPF protocol is the most commonly used connection protocol. U In this paper, we conducted an OSPF security analysis and described it security mechanisms.
----- Bezbednost nekog servisa i sistema zavisi od bezbednosti svake komponente tog sistema. Napad na protokol rutiranja može proizvesti neispravno funkcionisanje računarske mreže. U pojedinim slučajevima moguće je da napadač dođe do podataka ili umetne podatke za koje nema pravo. OSPF protokol je najrasprostranjeniji protokol stanja linka (link-state protocol). U ovom radu izvršili smo analizu bezbednosti OSPF protokola i opisali njegove bezbednosne mehanizme.
△ Less
Submitted 3 December, 2017;
originally announced December 2017.
-
An approach to evaluation of common DNS misconfigurations
Authors:
Petar D. Bojović,
Slavko Gajin
Abstract:
DNS is a basic Internet service which almost all other user services depend on. However, what has been perceived in practice are a lot of inconsistencies and errors in the configuration of servers that cause different problems. The majority of such cases are included in this research with the aim of identifying and classifying the major problems of DNS availability, performance and security. In or…
▽ More
DNS is a basic Internet service which almost all other user services depend on. However, what has been perceived in practice are a lot of inconsistencies and errors in the configuration of servers that cause different problems. The majority of such cases are included in this research with the aim of identifying and classifying the major problems of DNS availability, performance and security. In order to analyze these problems in correlation with DNS administrators working practice, we have developed a methodology and tool for testing, quantifying and analysis of DNS misconfigurations. The methodology and tool were applied on three heterogeneous domain categories - the most popular Internet domains, academic domains and one national top level domain. Our results confirm relatively high percentage of misconfigured domains, especially in the academic and national categories. However, we have shown that fixing the configuration on relatively small number of name servers can have significant impact to great number of domains. Proper domain management, permanent testing and collaboration with other administrators are identified as measures to improve domains operation, stability and security.
△ Less
Submitted 15 November, 2017;
originally announced November 2017.
-
IP Session continuity in heterogeneous mobile networks using Software Defined Networking
Authors:
Petar D. Bojović,
Živko Bojović,
Dragana Bajić,
Vojin Šenk
Abstract:
Smart environment requires uninterrupted connection when moving from one network to another. This is best accomplished at the network level (L3). Full interoperability and integration of heterogeneous networks is necessary for communication session continuity. Software Defined Networking (SDN) with virtual IP addresses solves the problem. Implementing a homogeneous SDN is expensive, given the enor…
▽ More
Smart environment requires uninterrupted connection when moving from one network to another. This is best accomplished at the network level (L3). Full interoperability and integration of heterogeneous networks is necessary for communication session continuity. Software Defined Networking (SDN) with virtual IP addresses solves the problem. Implementing a homogeneous SDN is expensive, given the enormous investments in existing networks. To solve this second problem, we deploy the least set of SDN features to provide full L3 mobility. We use a common controller to manage the IP address translations.
△ Less
Submitted 13 November, 2017;
originally announced November 2017.
