Show simple item record

dc.contributor Graduate Program in Electrical and Electronic Engineering.
dc.contributor.advisor Anarım, Emin.
dc.contributor.author Seifpoor, Tina.
dc.date.accessioned 2023-03-16T10:18:21Z
dc.date.available 2023-03-16T10:18:21Z
dc.date.issued 2014.
dc.identifier.other EE 2014 S45
dc.identifier.uri http://digitalarchive.boun.edu.tr/handle/123456789/12850
dc.description.abstract Distributed Denial of Service (DDoS) attacks are one of the dominant and persistent threats to the security of the Internet nowadays. The aim of these attacks are mainly resource or the bandwidth consumption with enormous number of normal packets. Their target are at layer three or four of the network which are network and transport layers, where distinguishing a normal packet from a malicious one is an arduous task. However, these are not the only precarious aspects of DDoS attacks. A DDoS attacker may easily spoof its source IP address, to hide the origins of the attack. Therefore, developing a distributed defense ltering strategy which can e ciently detect and drop attack packets with the least possible false negative probability is crucial. In this thesis, we propose an incorporated ltering scheme in victim host and edge routers, which detects and drops the illegitimate packets while mitigating the huge amount of data coming toward the victim in edge routers. First, a novel anomaly detection based on feature statistical behavior and payload characteristics of normal and attack tra c is proposed. In the second step, a host-based ltering strategy that detects spoofed packets with a combination of IP history based and hops counting lters, is applied in victim side by means of an advanced matrix bloom lter. Along with this lter, the defense and availability of the service on the target is guaranteed by turning o several edge routers by optimization system. This optimization, selects edge routers to be turned o for the good throughput to reach to the victim via two optimization algorithms, (i) Genetic evolutionary algorithm and (ii) linear programming algorithm.
dc.format.extent 30 cm.
dc.publisher Thesis (M.S.) - Bogazici University. Institute for Graduate Studies in Science and Engineering, 2014.
dc.subject.lcsh Denial of service attacks.
dc.subject.lcsh Computer networks -- Access control.
dc.subject.lcsh Computer networks -- Security measures.
dc.subject.lcsh Computer security.
dc.title Active packet filtering against DDoS attack
dc.format.pages xi, 48 leaves ;


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search Digital Archive


Browse

My Account