Abstract: Completely automated tests that exploit capabilities of human vision to tell humans apart from automated entities are disclosed herein. Persistence of vision and simultaneous contrasts are some of the properties of human vision that can be used in these tests. A video of an image is generated in colors that are distinguishable to the human eye but are not easily distinguished numerically. The image includes text manipulated such that positive image data and negative whitespace data occur at equal rates along with a noise component included in each of the video frames. Thus, raw data is made ambiguous while qualities of human visual interpretation are relied upon for extracting relevant meaning from the video.

Abstract: A low rate DoS attack detection algorithm is used, which relies on a characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test defends against DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it also differentiates legitimate traffic from low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It also differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users.

Abstract: A low rate DoS attack detection algorithm is used, which relies on a characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test defends against DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it also differentiates legitimate traffic from low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It also differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users.

Abstract: A technique to mitigate low rate Denial-of-Service (DoS) attacks at routers in the Internet is described. In phase 1, necessary flow information from the packets traversing through the router is stored in fast memory; and in phase 2, stored flow information is periodically moved to slow memory from the fast memory for further analysis. The system detects a sudden increase in the traffic load of expired flows within a short period. In a network without low rate DoS attacks, the traffic load of all the expired flows is less than certain thresholds which are derived from real Internet traffic analysis. The system can also include a filtering solution to drop attack packets. The filtering scheme treats the long-lived flows in the Internet preferentially, and drops the attack traffic by monitoring the queue length if the queue length exceeds a threshold percent of the queue limit.

Abstract: A technique to mitigate low rate Denial-of-Service (DoS) attacks at routers in the Internet is described. In phase 1, necessary flow information from the packets traversing through the router is stored in fast memory; and in phase 2, stored flow information is periodically moved to slow memory from the fast memory for further analysis. The system detects a sudden increase in the traffic load of expired flows within a short period. In a network without low rate DoS attacks, the traffic load of all the expired flows is less than certain thresholds which are derived from real Internet traffic analysis. The system can also include a filtering solution to drop attack packets. The filtering scheme treats the long-lived flows in the Internet preferentially, and drops the attack traffic by monitoring the queue length if the queue length exceeds a threshold percent of the queue limit.

Abstract: A low rate DoS attack detection algorithm is used, which relies on a characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test defends against DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it also differentiates legitimate traffic from low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It also differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users.