Biblio

Filters: Author is Lai, Yingxu  [Clear All Filters]
2023-01-05
Chen, Ye, Lai, Yingxu, Zhang, Zhaoyi, Li, Hanmei, Wang, Yuhang.  2022.  Malicious attack detection based on traffic-flow information fusion. 2022 IFIP Networking Conference (IFIP Networking). :1–9.
While vehicle-to-everything communication technology enables information sharing and cooperative control for vehicles, it also poses a significant threat to the vehicles' driving security owing to cyber-attacks. In particular, Sybil malicious attacks hidden in the vehicle broadcast information flow are challenging to detect, thereby becoming an urgent issue requiring attention. Several researchers have considered this problem and proposed different detection schemes. However, the detection performance of existing schemes based on plausibility checks and neighboring observers is affected by the traffic and attacker densities. In this study, we propose a malicious attack detection scheme based on traffic-flow information fusion, which enables the detection of Sybil attacks without neighboring observer nodes. Our solution is based on the basic safety message, which is broadcast by vehicles periodically. It first constructs the basic features of traffic flow to reflect the traffic state, subsequently fuses it with the road detector information to add the road fusion features, and then classifies them using machine learning algorithms to identify malicious attacks. The experimental results demonstrate that our scheme achieves the detection of Sybil attacks with an accuracy greater than 90 % at different traffic and attacker densities. Our solutions provide security for achieving a usable vehicle communication network.
2018-01-16
Liu, Jing, Lai, Yingxu, Zhang, Shixuan.  2017.  FL-GUARD: A Detection and Defense System for DDoS Attack in SDN. Proceedings of the 2017 International Conference on Cryptography, Security and Privacy. :107–111.

This paper proposed a new detection and prevention system against DDoS (Distributed Denial of Service) attack in SDN (software defined network) architecture, FL-GUARD (Floodlight-based guard system). Based on characteristics of SDN and centralized control, etc., FL-GUARD applies dynamic IP address binding to solve the problem of IP spoofing, and uses 3.3.2 C-SVM algorithm to detect attacks, and finally take advantage of the centralized control of software-defined network to issue flow tables to block attacks at the source port. The experiment results show the effectiveness of our system. The modular design of FL-GUARD lays a good foundation for the future improvement.