ABSTRACT
The Distributed Denial of Service (DDoS) attack is a main concern in network security. Since the attackers have developed different techniques and methods, preventing DDoS attacks has become more difficult. Traditional firewall is ineffective in preventing DDoS attacks. In this paper, we propose a new type of firewall named XFirewall to defend against DDoS attacks. XFirewall is a temporary firewall and is created when an attack occurs. Also, XFirewall will be configured with dynamic rules based on real-time traffic analysis. We will discuss in detail the design and algorithm for generating an XFirewall.
- "Defeating DDOS Attacks," Cisco white paper, (January 2014). Retrieved March 10, 2017 from http://www.cisco.com/c/en/us/products/collateral/security/traffic-anomaly-detector-xt-5600a/prod_white_paper0900aecd8011e927.html.Google Scholar
- A. Aljuhani and T. Alharbi, 2017. "Virtualized network functions security attacks and vulnerabilities," The 7th IEEE Annual Computing and Communication Workshop and Conference (2017). DOI:http://dx.doi.org/10.1109/ccwc.2017.7868478. Google ScholarCross Ref
- V. Network and I. Planning, "SDN-NFV reference architecture," no. February, pp. 1--220, 2016.Google Scholar
- Doyle, L. What's the difference between NFV automation and NFV orchestration? Retrieved March 16, 2017 from http://searchsdn.techtarget.com/answer/Whats-the-difference-between-NFV-automation-and-NFV-orchestration.Google Scholar
- Juan, D., Hongxin, H., Hongda, L., Zhizhong, P., Kuang-Ching, W., Gail-Joon, A., Jun, B., Younghee, P. 2015. VNGuard: An NFV/SDN combination framework for provisioning and managing virtual firewalls. 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN) (2015). DOI:http://dx.doi.org/10.1109/nfv-sdn.2015.7387414. Google ScholarCross Ref
- T. Alharbi, A. Aljuhani, and H. Liu, 2017. "Holistic DDoS mitigation using NFV," The 7th IEEE Annual Computing and Communication Workshop and Conference (2017). DOI:http://dx.doi.org/10.1109/ccwc.2017.7868480. Google ScholarCross Ref
- Woolf, N. 2016. DDoS attack that disrupted internet was largest of its kind in history, experts say. (October 2016). Retrieved February 21, 2017 from https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnetGoogle Scholar
- Scott Hilton. Dyn analysis summary of friday october 21 attack. Retrieved February 21, 2017 from http://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/Google Scholar
- J. Jeong., H. Kim., and J. Park. 2015 "A framework for security services based on Software-Defined Networking,". ICTC 2015 DC2, Mar. 2015Google Scholar
- Barna, C., Shtern, M., Smit, M., Tzerpos, V., and Litoiu, M. Model-based adaptive DoS attack mitigation. In 2012 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS) (2012), pp. 119--128. Google ScholarCross Ref
- Navarikuth, M., Neelakantan, S., Sachan, K., Singh, U. P., Kumar, R. and Mallick, A. 2013. "A dynamic firewall architecture based on multi-source analysis". csi transactions on ICT 1.4 (2013): 317--329. Web.Google Scholar
- S, Akram., I, Zubair., M, Hasan Islam. 2009. "Fully Distributed Dynamically Configurable Firewall to Resist DOS Attacks in MANET". Networked Digital Technologies, 2009. NDT '09. First International Conference on Digital Object Identifier, 2009 pp. 547--549" Google ScholarCross Ref
Index Terms
- XFirewall: A Dynamic and Additional Mitigation Against DDoS Storm
Recommendations
Smart and Lightweight DDoS Detection Using NFV
ICCDA '17: Proceedings of the International Conference on Compute and Data AnalysisThe Distributed Denial of Service (DDoS) attack is a major threat to the network infrastructure. Network providers suffer from various types of DDoS attacks; the attack uses different advanced techniques such as botnets and tools to launch the attacks. ...
Improved Network Traffic by Attacking Denial of Service to Protect Resource Using Z-Test Based 4-Tier Geomark Traceback (Z4TGT)
AbstractNetwork security plays a vital role in protecting the resources available in the network against various threats. There are vulnerabilities in every system connected to the network. Due to these, unauthorized users try to access and utilize the ...
Malicious JavaScript Insertion through ARP Poisoning Attacks
Details about ARP poisoning attacks as well as countermeasures have been known for years. Yet, most networks are still vulnerable to these attacks because they haven't implemented defenses. This article explains how ARP poisoning attacks work and ...
Comments