Biblio

Distributed Denial-of-Service (DDoS) attack is a long-lived attack that is hugely harmful to the Internet. In particular, the emergence of a new type of DDoS called Link Flooding Attack (LFA) makes the detection and defense more difficult. In LFA, the attacker cuts off a specific area by controlling large numbers of bots to send low-rate traffic to congest selected links. Since the attack flows are similar to the legitimate ones, traditional schemes like anomaly detection and intrusion detection are no longer applicable. Blockchain provides a new solution to address this issue. In this paper, we propose a blockchain-based LFA detection scheme, which is deployed on routers and servers in and around the area that we want to protect. Blockchain technology is used to record and share the traceroute information, which enables the hosts in the protected region to easily trace the flow paths. We implement our scheme in Ethereum and conduct simulation experiments to evaluate its performance. The results show that our scheme can achieve timely detection of LFA with a high detection rate and a low false positive rate, as well as a low overhead.

Distributed detection with data fusion has gained great attention in recent years. Collaborative detection improves the performance, and the optimal sensor deployment may change with time. It has been shown that with data fusion less sensors are needed to get the same detection ability when abundant sensors are deployed randomly. However, because of limitations on equipment number and deployment methods, fixed sensor locations may be preferred underwater. In this paper, we try to establish a theoretical framework for finding sensor positions to maximize the detection probability with a distributed sensor network. With joint data processing, detection performance is related to all the sensor locations; as sensor number grows, the optimization problem would become more difficult. To simplify the demonstration, we choose a 1-dimensional line deployment model and present the relevant numerical results.

A distributed detection method is proposed to detect single stage multi-point (SSMP) attacks on a Cyber Physical System (CPS). Such attacks aim at compromising two or more sensors or actuators at any one stage of a CPS and could totally compromise a controller and prevent it from detecting the attack. However, as demonstrated in this work, using the flow properties of water from one stage to the other, a neighboring controller was found effective in detecting such attacks. The method is based on physical invariants derived for each stage of the CPS from its design. The attack detection effectiveness of the method was evaluated experimentally against an operational water treatment testbed containing 42 sensors and actuators. Results from the experiments point to high effectiveness of the method in detecting a variety of SSMP attacks but also point to its limitations. Distributing the attack detection code among various controllers adds to the scalability of the proposed method.