Search results
1 – 10 of over 2000In the last a few years a number of highly publicized incidents of Distributed Denial of Service (DDoS) attacks against high‐profile government and commercial websites have made…
Abstract
In the last a few years a number of highly publicized incidents of Distributed Denial of Service (DDoS) attacks against high‐profile government and commercial websites have made people aware of the importance of providing data and services security to users. A DDoS attack is an availability attack, which is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resources. This paper introduces the vulnerability of web applications to DDoS attacks, and presents an active distributed defense system that has a deployment mixture of sub‐systems to protect web applications from DDoS attacks. According to the simulation experiments, this system is effective in that it is able to defend web applications against attacks. It can avoid overall network congestion and provide more resources to legitimate web users.
Details
Keywords
David Douglas, José Jair Santanna, Ricardo de Oliveira Schmidt, Lisandro Zambenedetti Granville and Aiko Pras
This paper aims to examine whether there are morally defensible reasons for using or operating websites (called ‘booters’) that offer distributed denial-of-service (DDoS) attacks…
Abstract
Purpose
This paper aims to examine whether there are morally defensible reasons for using or operating websites (called ‘booters’) that offer distributed denial-of-service (DDoS) attacks on a specified target to users for a price. Booters have been linked to some of the most powerful DDoS attacks in recent years.
Design/methodology/approach
The authors identify the various parties associated with booter websites and the means through which booters operate. Then, the authors present and evaluate the two arguments that they claim may be used to justify operating and using booters: that they are a useful tool for testing the ability of networks and servers to handle heavy traffic, and that they may be used to perform DDoS attacks as a form of civil disobedience on the internet.
Findings
The authors argue that the characteristics of existing booters disqualify them from being morally justified as network stress testing tools or as a means of performing civil disobedience. The use of botnets that include systems without the permission of their owners undermines the legitimacy of both justifications. While a booter that does not use any third-party systems without permission might in principle be justified under certain conditions, the authors argue that it is unlikely that any existing booters meet these requirements.
Practical/implications
Law enforcement agencies may use the arguments presented here to justify shutting down the operation of booters, and so reduce the number of DDoS attacks on the internet.
Originality/value
The value of this work is in critically examining the potential justifications for using and operating booter websites and in further exploring the ethical aspects of using DDoS attacks as a form of civil disobedience.
Details
Keywords
Nasser S. Abouzakhar and Gordon A. Manson
In today’s society, information and communications technology (ICT) is the force that drives prosperity and provides a higher standard of living. All other e‐services and…
Abstract
In today’s society, information and communications technology (ICT) is the force that drives prosperity and provides a higher standard of living. All other e‐services and infrastructures tend to play a major role in our daily life and global economy. The growing dependence on such systems, however, has increased their vulnerability to cyber attacks. Any failure to these systems typically would lead to a huge impact, not only on businesses, but also human life, that depends on such interconnected systems. The growing potential for telecommunications network infrastructures problems stems from their nature of openness. A successful attempt for a network attack to a particular organization’s network could have devastating effects on the security of the organisation. In this paper we propose an innovative way to counteract distributed protocols attacks such as distributed denial of service (DDoS) attacks using intelligent fuzzy agents.
Details
Keywords
Faisal Lone, Harsh Kumar Verma and Krishna Pal Sharma
The purpose of this study is to extensively explore the vehicular network paradigm, challenges faced by them and provide a reasonable solution for securing these vulnerable…
Abstract
Purpose
The purpose of this study is to extensively explore the vehicular network paradigm, challenges faced by them and provide a reasonable solution for securing these vulnerable networks. Vehicle-to-everything (V2X) communication has brought the long-anticipated goal of safe, convenient and sustainable transportation closer to reality. The connected vehicle (CV) paradigm is critical to the intelligent transportation systems vision. It imagines a society free of a troublesome transportation system burdened by gridlock, fatal accidents and a polluted environment. The authors cannot overstate the importance of CVs in solving long-standing mobility issues and making travel safer and more convenient. It is high time to explore vehicular networks in detail to suggest solutions to the challenges encountered by these highly dynamic networks.
Design/methodology/approach
This paper compiles research on various V2X topics, from a comprehensive overview of V2X networks to their unique characteristics and challenges. In doing so, the authors identify multiple issues encountered by V2X communication networks due to their open communication nature and high mobility, especially from a security perspective. Thus, this paper proposes a trust-based model to secure vehicular networks. The proposed approach uses the communicating nodes’ behavior to establish trustworthy relationships. The proposed model only allows trusted nodes to communicate among themselves while isolating malicious nodes to achieve secure communication.
Findings
Despite the benefits offered by V2X networks, they have associated challenges. As the number of CVs on the roads increase, so does the attack surface. Connected cars provide numerous safety-critical applications that, if compromised, can result in fatal consequences. While cryptographic mechanisms effectively prevent external attacks, various studies propose trust-based models to complement cryptographic solutions for dealing with internal attacks. While numerous trust-based models have been proposed, there is room for improvement in malicious node detection and complexity. Optimizing the number of nodes considered in trust calculation can reduce the complexity of state-of-the-art solutions. The theoretical analysis of the proposed model exhibits an improvement in trust calculation, better malicious node detection and fewer computations.
Originality/value
The proposed model is the first to add another dimension to trust calculation by incorporating opinions about recommender nodes. The added dimension improves the trust calculation resulting in better performance in thwarting attacks and enhancing security while also reducing the trust calculation complexity.
Details
Keywords
Ok‐Ran Jeong, Chulyun Kim, Won Kim and Jungmin So
A botnet is a network of computers on the internet infected with software robots (or bots). There are numerous botnets, and some of them control millions of computers. Cyber…
Abstract
Purpose
A botnet is a network of computers on the internet infected with software robots (or bots). There are numerous botnets, and some of them control millions of computers. Cyber criminals use botnets to launch spam e‐mails and denial of service attacks; and commit click fraud and data theft. Governments use botnets for political purposes or to wage cyber warfare. The purpose of this paper is to review the botnet threats and the responses to the botnet threats.
Design/methodology/approach
The paper describes how botnets are created and operated. Then, the paper discusses botnets in terms of architecture, attacking behaviors, communication protocols, observable botnet activities, rally mechanisms, and evasion techniques. Finally, the paper reviews state‐of‐the‐art techniques for detecting and counteracting botnets, and also legal responses to botnet threats.
Findings
Botnets have become the platform for many online threats such as spam, denial of service attacks, phishing, data thefts, and online frauds. Security researchers must develop technology to detect and take down botnets, and governments must develop capacity to crack down on botmasters and botnets. Individual computer owners must diligently take measures to keep their computers from becoming members of botnets.
Originality/value
The paper provides a review of current status of botnets and a summary of up‐to‐date responses to botnets in both technical and legal aspects, which can be used as a stepping stone for further research.
Details
Keywords
Presidential Decision Directive 63 concerning critical infrastructure protection, was signed on May 22, 1998. This order created a Presidential Commission charged with formulating…
Abstract
Presidential Decision Directive 63 concerning critical infrastructure protection, was signed on May 22, 1998. This order created a Presidential Commission charged with formulating policy recommendations to the President on measures to protect the critical infrastructures of the USA from cyber‐based attack. These initiatives were advanced in the Bush Administration with Executive Order 13231 – Critical Infrastructure Protection in the Information Age, October 16, 2001. Critical infrastructures are defined as those that are so vital that their incapacity or destruction would have a debilitating impact on the defence or economic security of the country. Among these are finance and banking, and telecommunications, the pillars of commerce and the nascent electronic commerce (e‐commerce) industry. Subsequent to this, the new century began with the publication of Defending America’s Cyberspace: The National Plan for Information Systems Protection, the distributed denial of service attacks on Yahoo!, and other major sites, and the hundreds of millions of dollars in damage due to the Code Red and Nimda viruses. One month after the publication of The National Strategy to Secure Cyberspace was distributed for comments (September 2002), the core domain name system root servers were attacked. In spite of these events, the reality is that market forces will continue to fuel the interest in e‐commerce regardless of concerns over security. Additionally, it will also remain difficult to encourage private sector openness and investment in security solutions in the absence of a major commercial catastrophe even in the face of rising customer expectations in service, security, and privacy. This paper explores these issues as they affect e‐commerce and suggests strategies to limit the potential impact of the array of threats facing critical infrastructures and e‐commerce. In doing so the paper discusses the importance of e‐commerce, the critical infrastructures, the threats to e‐commerce, and policies for protecting the organizations’ e‐commerce operations.
Details
Keywords
Using the Internet as a means of registering discontent with politicians, policies and groups is a growing phenomenon. There are various ways of manifesting protest on the…
Abstract
Using the Internet as a means of registering discontent with politicians, policies and groups is a growing phenomenon. There are various ways of manifesting protest on the Internet, including building protest sites, cyber‐squatting, defacing Web sites and organising denial of service attacks. Some of these methods are extremely effective, being cheap to use and requiring limited technical ability. Others err on the wrong side of the law and involve full‐scale hacking. Overall, hacktivism can be a productive part of the political process.
Details
Keywords
The Internet is changing the way businesses operate today. Firms are using the Web for procurement, to find trading partners, and to link existing applications to other…
Abstract
The Internet is changing the way businesses operate today. Firms are using the Web for procurement, to find trading partners, and to link existing applications to other applications. Web services are rapidly becoming the enabling technology of today’s e‐business, and e‐commerce systems. We are having a massive impact on the way businesses think about designing, developing, and deploying Web‐based applications. Web services may be an evolutionary step in designing distributed applications, however, they are not without problems. There are issues relating to security, transactions and scalability that need to be addressed. This paper addresses security concerns in Web services and the role of technology trust.
Details
Keywords
Eileen M. Decker, Matthew Morin and Eric M. Rosner
This chapter explores the laws and unique challenges associated with the investigation and prosecution of cybercrime. Crimes that involve the misuse of computers (e.g., hacking…
Abstract
This chapter explores the laws and unique challenges associated with the investigation and prosecution of cybercrime. Crimes that involve the misuse of computers (e.g., hacking, denial of service, and ransomware attacks) and criminal activity that uses computers to commit the act are both covered (e.g., fraud, theft, and money laundering). This chapter also describes the roles of the various federal agencies involved in investigating cybercrime, common cybercrime terms and trends, the statutes frequently used to prosecute cybercrimes, and the challenges and complexity of investigating cybercrime.
Details