Biblio
Internet of Things (IoT) has an immense potential for a plethora of applications ranging from healthcare automation to defence networks and the power grid. The security of an IoT network is essentially paramount to the security of the underlying computing and communication infrastructure. However, due to constrained resources and limited computational capabilities, IoT networks are prone to various attacks. Thus, safeguarding the IoT network from adversarial attacks is of vital importance and can be realised through planning and deployment of effective security controls; one such control being an intrusion detection system. In this paper, we present a novel intrusion detection scheme for IoT networks that classifies traffic flow through the application of deep learning concepts. We adopt a newly published IoT dataset and generate generic features from the field information in packet level. We develop a feed-forward neural networks model for binary and multi-class classification including denial of service, distributed denial of service, reconnaissance and information theft attacks against IoT devices. Results obtained through the evaluation of the proposed scheme via the processed dataset illustrate a high classification accuracy.
The ever rising attacks on IT infrastructure, especially on networks has become the cause of anxiety for the IT professionals and the people venturing in the cyber-world. There are numerous instances wherein the vulnerabilities in the network has been exploited by the attackers leading to huge financial loss. Distributed denial of service (DDoS) is one of the most indirect security attack on computer networks. Many active computer bots or zombies start flooding the servers with requests, but due to its distributed nature throughout the Internet, it cannot simply be terminated at server side. Once the DDoS attack initiates, it causes huge overhead to the servers in terms of its processing capability and service delivery. Though, the study and analysis of request packets may help in distinguishing the legitimate users from among the malicious attackers but such detection becomes non-viable due to continuous flooding of packets on servers and eventually leads to denial of service to the authorized users. In the present research, we propose traffic flow and flow count variable based prevention mechanism with the difference in homogeneity. Its simplicity and practical approach facilitates the detection of DDoS attack at the early stage which helps in prevention of the attack and the subsequent damage. Further, simulation result based on different instances of time has been shown on T-value including generation of simple and harmonic homogeneity for observing the real time request difference and gaps.
Network attacks, especially DoS and DDoS attacks, are a significant threat for all providers of services or infrastructure. The biggest attacks can paralyze even large-scale infrastructures of worldwide companies. Attack mitigation is a complex issue studied by many researchers and security companies. While several approaches were proposed, there is still space for improvement. This paper proposes to augment existing mitigation heuristic with knowledge of reputation score of network entities. The aim is to find a way to mitigate malicious traffic present in DDoS amplification attacks with minimal disruption to communication of legitimate traffic.
Nowadays, most of the world's population has become much dependent on computers for banking, healthcare, shopping, and telecommunication. Security has now become a basic norm for computers and its resources since it has become inherently insecure. Security issues like Denial of Service attacks, TCP SYN Flooding attacks, Packet Dropping attacks and Distributed Denial of Service attacks are some of the methods by which unauthorized users make the resource unavailable to authorized users. There are several security mechanisms like Intrusion Detection System, Anomaly detection and Trust model by which we can be able to identify and counter the abuse of computer resources by unauthorized users. This paper presents a survey of several security mechanisms which have been implemented using Fuzzy logic. Fuzzy logic is one of the rapidly developing technologies, which is used in a sophisticated control system. Fuzzy logic deals with the degree of truth rather than the Boolean logic, which carries the values of either true or false. So instead of providing only two values, we will be able to define intermediate values.
Software Defined Network (SDN) architecture is a new and novel way of network management mechanism. In SDN, switches do not process the incoming packets like conventional network computing environment. They match for the incoming packets in the forwarding tables and if there is none it will be sent to the controller for processing which is the operating system of the SDN. A Distributed Denial of Service (DDoS) attack is a biggest threat to cyber security in SDN network. The attack will occur at the network layer or the application layer of the compromised systems that are connected to the network. In this paper a machine learning based intelligent method is proposed which can detect the incoming packets as infected or not. The different machine learning algorithms adopted for accomplishing the task are Naive Bayes, K-Nearest neighbor (KNN) and Support vector machine (SVM) to detect the anomalous behavior of the data traffic. These three algorithms are compared according to their performances and KNN is found to be the suitable one over other two. The performance measure is taken here is the detection rate of infected packets.
Cloud computing is a revolution in IT technology that provides scalable, virtualized on-demand resources to the end users with greater flexibility, less maintenance and reduced infrastructure cost. These resources are supervised by different management organizations and provided over Internet using known networking protocols, standards and formats. The underlying technologies and legacy protocols contain bugs and vulnerabilities that can open doors for intrusion by the attackers. Attacks as DDoS (Distributed Denial of Service) are ones of the most frequent that inflict serious damage and affect the cloud performance. In a DDoS attack, the attacker usually uses innocent compromised computers (called zombies) by taking advantages of known or unknown bugs and vulnerabilities to send a large number of packets from these already-captured zombies to a server. This may occupy a major portion of network bandwidth of the victim cloud infrastructures or consume much of the servers time. Thus, in this work, we designed a DDoS detection system based on the C.4.5 algorithm to mitigate the DDoS threat. This algorithm, coupled with signature detection techniques, generates a decision tree to perform automatic, effective detection of signatures attacks for DDoS flooding attacks. To validate our system, we selected other machine learning techniques and compared the obtained results.
One of the key objectives of distributed denial of service (DDoS) attack on the smart grid advanced metering infrastructure is to threaten the availability of end user's metering data. This will surely disrupt the smooth operations of the grid and third party operators who need this data for billing and other grid control purposes. In previous work, we proposed a cloud-based Openflow firewall for mitigation against DDoS attack in a smart grid AMI. In this paper, PRISM model checker is used to perform a probabilistic best-and worst-case analysis of the firewall with regard to DDoS attack success under different firewall detection probabilities ranging from zero to 1. The results from this quantitative analysis can be useful in determining the extent the DDoS attack can undermine the correctness and performance of the firewall. In addition, the study can also be helpful in knowing the extent the firewall can be improved by applying the knowledge derived from the worst-case performance of the firewall.
This paper proposed a new detection and prevention system against DDoS (Distributed Denial of Service) attack in SDN (software defined network) architecture, FL-GUARD (Floodlight-based guard system). Based on characteristics of SDN and centralized control, etc., FL-GUARD applies dynamic IP address binding to solve the problem of IP spoofing, and uses 3.3.2 C-SVM algorithm to detect attacks, and finally take advantage of the centralized control of software-defined network to issue flow tables to block attacks at the source port. The experiment results show the effectiveness of our system. The modular design of FL-GUARD lays a good foundation for the future improvement.
Software-Defined Networking (SDN) allows for fast reactions to security threats by dynamically enforcing simple forwarding rules as counter-measures. However, in classic SDN all the intelligence resides at the controller, with the switches only capable of performing stateless forwarding as ruled by the controller. It follows that the controller, in addition to network management and control duties, must collect and process any piece of information required to take advanced (stateful) forwarding decisions. This threatens both to overload the controller and to congest the control channel. On the other hand, stateful SDN represents a new concept, developed both to improve reactivity and to offload the controller and the control channel by delegating local treatments to the switches. In this paper, we adopt this stateful paradigm to protect end-hosts from Distributed Denial of Service (DDoS). We propose StateSec, a novel approach based on in-switch processing capabilities to detect and mitigate DDoS attacks. StateSec monitors packets matching configurable traffic features (e.g., IP src/dst, port src/dst) without resorting to the controller. By feeding an entropy-based algorithm with such monitoring features, StateSec detects and mitigates several threats such as (D)DoS and port scans with high accuracy. We implemented StateSec and compared it with a state-of-the-art approach to monitor traffic in SDN. We show that StateSec is more efficient: it achieves very accurate detection levels, limiting at the same time the control plane overhead.
Recent architectures for the advanced metering infrastructure (AMI) have incorporated several back-end systems that handle billing and other smart grid control operations. The non-availability of metering data when needed or the untimely delivery of data needed for control operations will undermine the activities of these back-end systems. Unfortunately, there are concerns that cyber attacks such as distributed denial of service (DDoS) will manifest in magnitude and complexity in a smart grid AMI network. Such attacks will range from a delay in the availability of end user's metering data to complete denial in the case of a grounded network. This paper proposes a cloud-based (IaaS) firewall for the mitigation of DDoS attacks in a smart grid AMI network. The proposed firewall has the ability of not only mitigating the effects of DDoS attack but can prevent the attack before they are launched. Our proposed firewall system leverages on cloud computing technology which has an added advantage of reducing the burden of data computations and storage for smart grid AMI back-end systems. The openflow firewall proposed in this study is a better security solution with regards to the traditional on-premises DoS solutions which cannot cope with the wide range of new attacks targeting the smart grid AMI network infrastructure. Simulation results generated from the study show that our model can guarantee the availability of metering/control data and could be used to improve the QoS of the smart grid AMI network under a DDoS attack scenario.
Distributed Denial of Service (DDoS) attack has been bringing serious security concerns on banks, finance incorporation, public institutions, and data centers. Also, the emerging wave of Internet of Things (IoT) raises new concerns on the smart devices. Software Defined Networking (SDN) and Network Functions Virtualization (NFV) have provided a new paradigm for network security. In this paper, we propose a new method to efficiently prevent DDoS attacks, based on a SDN/NFV framework. To resolve the problem that normal packets are blocked due to the inspection on suspicious packets, we developed a threshold-based method that provides a client with an efficient, fast DDoS attack mitigation. In addition, we use open source code to develop the security functions in order to implement our solution for SDN-based network security functions. The source code is based on NETCONF protocol [1] and YANG Data Model [2].
The increased number of cyber attacks makes the availability of services a major security concern. One common type of cyber threat is distributed denial of service (DDoS). A DDoS attack is aimed at disrupting the legitimate users from accessing the services. It is easier for an insider having legitimate access to the system to deceive any security controls resulting in insider attack. This paper proposes an Early Detection and Isolation Policy (EDIP)to mitigate insider-assisted DDoS attacks. EDIP detects insider among all legitimate clients present in the system at proxy level and isolate it from innocent clients by migrating it to attack proxy. Further an effective algorithm for detection and isolation of insider is developed with the aim of maximizing attack isolation while minimizing disruption to benign clients. In addition, concept of load balancing is used to prevent proxies from getting overloaded.
Cloud computing emerges as an endowment technological data for the longer term and increasing on one of the standards of utility computing is most likely claimed to symbolize a wholly new paradigm for viewing and getting access to computational assets. As a result of protection problem many purchasers hesitate in relocating their touchy data on the clouds, regardless of gigantic curiosity in cloud-based computing. Security is a tremendous hassle, considering the fact that so much of firms present a alluring goal for intruders and the particular considerations will pursue to lower the advancement of distributed computing if not located. Hence, this recent scan and perception is suitable to honeypot. Distributed Denial of Service (DDoS) is an assault that threats the availability of the cloud services. It's fundamental investigate the most important features of DDoS Defence procedures. This paper provides exact techniques that been carried out to the DDoS attack. These approaches are outlined in these paper and use of applied sciences for special kind of malfunctioning within the cloud.