Biblio

Machine learning (ML) models are increasingly being used in the development of Malware Detection Systems. Existing research in this area primarily focuses on developing new architectures and feature representation techniques to improve the accuracy of the model. However, recent studies have shown that existing state-of-the art techniques are vulnerable to adversarial machine learning (AML) attacks. Among those, data poisoning attacks have been identified as a top concern for ML practitioners. A recent study on clean-label poisoning attacks in which an adversary intentionally crafts training samples in order for the model to learn a backdoor watermark was shown to degrade the performance of state-of-the-art classifiers. Defenses against such poisoning attacks have been largely under-explored. We investigate a recently proposed clean-label poisoning attack and leverage an ensemble-based Nested Training technique to remove most of the poisoned samples from a poisoned training dataset. Our technique leverages the relatively large sensitivity of poisoned samples to feature noise that disproportionately affects the accuracy of a backdoored model. In particular, we show that for two state-of-the art architectures trained on the EMBER dataset affected by the clean-label attack, the Nested Training approach improves the accuracy of backdoor malware samples from 3.42% to 93.2%. We also show that samples produced by the clean-label attack often successfully evade malware classification even when the classifier is not poisoned during training. However, even in such scenarios, our Nested Training technique can mitigate the effect of such clean-label-based evasion attacks by recovering the model's accuracy of malware detection from 3.57% to 93.2%.

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specifically, services may share the regexes they use to sanitize input strings - and regex-based denial of service (ReDoS) is an emerging threat. Although prominent service outages caused by ReDoS have spurred interest in this topic, we know little about the degree to which live web services are vulnerable to ReDoS. In this paper, we conduct the first black-box study measuring the extent of ReDoS vulnerabilities in live web services. We apply the Consistent Sanitization Assumption: that client-side sanitization logic, including regexes, is consistent with the sanitization logic on the server-side. We identify a service's regex-based input sanitization in its HTML forms or its API, find vulnerable regexes among these regexes, craft ReDoS probes, and pinpoint vulnerabilities. We analyzed the HTML forms of 1,000 services and the APIs of 475 services. Of these, 355 services publish regexes; 17 services publish unsafe regexes; and 6 services are vulnerable to ReDoS through their APIs (6 domains; 15 subdomains). Both Microsoft and Amazon Web Services patched their web services as a result of our disclosure. Since these vulnerabilities were from API specifications, not HTML forms, we proposed a ReDoS defense for a popular API validation library, and our patch has been merged. To summarize: in client-visible sanitization logic, some web services advertise Re-DoS vulnerabilities in plain sight. Our results motivate short-term patches and long-term fundamental solutions. “Make measurable what cannot be measured.” -Galileo Galilei

In recent years, new types of cyber attacks called targeted attacks have been observed. It targets specific organizations or individuals, while usual large-scale attacks do not focus on specific targets. Organizations have published many Word or PDF files on their websites. These files may provide the starting point for targeted attacks if they include hidden data unintentionally generated in the authoring process. Adhatarao and Lauradoux analyzed hidden data found in the PDF files published by security agencies in many countries and showed that many PDF files potentially leak information like author names, details on the information system and computer architecture. In this study, we analyze hidden data of PDF files published on the website of police agencies in Japan and compare the results with Adhatarao and Lauradoux's. We gathered 110989 PDF files. 56% of gathered PDF files contain personal names, organization names, usernames, or numbers that seem to be IDs within the organizations. 96% of PDF files contain software names.

Technology plays a vital role in our lives to meet basic hygiene necessities. Currently, the whole world is facing an epidemic situation and the practice of using sanitizers is common nowadays. Sanitizers are used by people to sanitize their hands and bodies. It is also used for sanitizing objects that come into contact with the machine. While sanitizing a small area, people manage to sanitize via pumps, but it becomes difficult to sanitize the same area every day. One of the most severe sanitation concerns is a simple, economic and efficient method to adequately clean the indoor and outdoor environments. In particular, effective sanitization is required for people working in a clinical environment. Recently, some commonly used sanitizer techniques include electric sanitizer spray guns, electric sanitizer disinfectants, etc. However, these sanitizers are not automated, which means a person is required to roam personally with the device to every place to spray the disinfectant or sanitize an area. Therefore, a novel, cost-effective automatic sanitizing machine (ASM) named ASMBoT is designed that can dispense the sanitizer effectively by solving the aforementioned problems.

Data poisoning is a type of adversarial attack on training data where an attacker manipulates a fraction of data to degrade the performance of machine learning model. There are several known defensive mechanisms for handling offline attacks, however defensive measures for online learning, where data points arrive sequentially, have not garnered similar interest. In this work, we propose a defense mechanism to minimize the degradation caused by the poisoned training data on a learner's model in an online setup. Our proposed method utilizes an influence function which is a classic technique in robust statistics. Further, we supplement it with the existing data sanitization methods for filtering out some of the poisoned data points. We study the effectiveness of our defense mechanism on multiple datasets and across multiple attack strategies against an online learner.

With Covid19 being endemic, it is very essential to continue proper physical hygiene protocols even today to avoid escalation. To ensure hygiene inside educational institutions, many governing bodies-imposed protocols to insist students wear hand gloves and facemasks. Such an implementation, however, has increased surgical waste in and around educational institutions, and also there is a rise in allergies due to the constant use of hand gloves by the students. Hence, a prototype of a hand sanitization-based attendance monitoring system has been proposed in the current research paper. This proposed sanitizer with attendance through remote monitoring (SWARM) uses Raspberry Pi devices to capture the image of a student’s identity card holding the registration number and through a bar code analysis module of computer vision, the ID number is extracted. This ID number is compared with a master attendance file to mark the students’ presence and then the updated file is shared with the concerned teacher via email. Such a setup is installed in the laboratory premise, thereby reducing the unnecessary use and disposal of surgical waste within the educational premise.

Real-time data transmissions from a vehicle enhance road safety and traffic efficiency by aggregating data in a central server for data analytics. When drivers share their instantaneous vehicular information for a service provider to perform a legitimate task, a curious service provider may also infer private information it has not been authorized for. In this paper, we propose a privacy preservation framework based on the Hilbert Schmidt Independence Criterion (HSIC) to sanitize driving data to protect the vehicle’s trajectory from adversarial inference while ensuring the data is still useful for driver behavior detection. We develop a deep learning model to learn the HSIC sanitizer and demonstrate through two datasets that our approach achieves better utility-privacy trade-offs when compared to three other benchmarks.

Healthcare has become one of the most important aspects of people’s lives, resulting in a surge in medical big data. Healthcare providers are increasingly using Internet of Things (IoT)-based wearable technologies to speed up diagnosis and treatment. In recent years, Through the Internet, billions of sensors, gadgets, and vehicles have been connected. One such example is for the treatment and care of patients, technology—remote patient monitoring—is already commonplace. However, these technologies also offer serious privacy and data security problems. Data transactions are transferred and logged. These medical data security and privacy issues might ensue from a pause in therapy, putting the patient’s life in jeopardy. We planned a framework to manage and analyse healthcare large data in a safe manner based on blockchain. Our model’s enhanced privacy and security characteristics are based on data sanitization and restoration techniques. The framework shown here make data and transactions more secure.

A direct access (DAX) file system maximizes the benefit of persistent memory(PM)’s low latency through removing the page cache layer from the file system access paths. However, this paper reveals that data block allocation of the DAX file systems in common is significantly slower than that of conventional file systems because the DAX file systems require the zero-out operation for the newly allocated blocks to prevent the leakage of old data previously stored in the allocated data blocks. The retarded block allocation significantly affects the file write performance. In addition to this revelation, this paper proposes an off-critical-path data block sanitization scheme tailored for DAX file systems. The proposed scheme detaches the zero-out operation from the latency-critical I/O path and performs that of released data blocks in the background. The proposed scheme’s design principle is universally applicable to most DAX file systems. For evaluation, we implemented our approach in Ext4-DAX and XFS-DAX. Our evaluation showed that the proposed scheme reduces the append write latency by 36.8%, and improved the performance of FileBench’s fileserver workload by 30.4%, YCSB’s workload A on RocksDB by 3.3%, and the Redis-benchmark by 7.4% on average, respectively.

Machine learning-based DDoS attack detection methods are mostly implemented at the packet level with expensive computational time costs, and the space cost of those sketch-based detection methods is uncertain. This paper proposes a two-stage DDoS attack detection algorithm combining time series-based multi-dimensional sketch and machine learning technologies. Besides packet numbers, total lengths, and protocols, we construct the time series-based multi-dimensional sketch with limited space cost by storing elephant flow information with the Boyer-Moore voting algorithm and hash index. For the first stage of detection, we adopt CNN to generate sketch-level DDoS attack detection results from the time series-based multi-dimensional sketch. For the sketch with potential DDoS attacks, we use RNN with flow information extracted from the sketch to implement flow-level DDoS attack detection in the second stage. Experimental results show that not only is the detection accuracy of our proposed method much close to that of packet-level DDoS attack detection methods based on machine learning, but also the computational time cost of our method is much smaller with regard to the number of machine learning operations.

The issues of development and legal regulation of cybersecurity in Ukraine are considered. The expediency of further improvement of the regulatory framework, its implementation and development of cybersecurity systems is substantiated. Further development of the theoretical base of cyber defense using spline functions is proposed. The characteristics of network traffic are considered from the point of view of detecting DDoS cyber attacks (SYN-Flood, ICMP-Flood, UDP-Flood) and predicting DDoS cyber-attacks using spline functions. The spline extrapolation method makes it possible to predict DDoS cyber attacks with great accuracy.

This paper studies Distributed Denial of Service (DDoS) attack detection by adopting the Deep Neural Network (DNN) model in Software Defined Networking (SDN). We first deploy the flow collector module to collect the flow table entries. Considering the detection efficiency of the DNN model, we also design some features manually in addition to the features automatically obtained by the flow table. Then we use the preprocessed data to train the DNN model and make a prediction. The overall detection framework is deployed in the SDN controller. The experiment results illustrate DNN model has higher accuracy in identifying attack traffic than machine learning algorithms, which lays a foundation for the defense against DDoS attack.

DDoS attacks, one of the oldest forms of cyberthreats, continue to be a favorite tool of mass interruption, presenting cybersecurity hazards to practically every type of company, large and small. As a matter of fact, according to IDC, DDoS attacks are predicted to expand at an 18 percent compound annual growth rate (CAGR) through 2023, indicating that it is past time to enhance investment in strong mitigation systems. And while some firms may assume they are limited targets for a DDoS assault, the amount of structured internet access to power corporation services and apps exposes everyone to downtime and poor performance if the infrastructure is not protected against such attacks. We propose using correlations between missing packets to increase detection accuracy. Furthermore, to ensure that these correlations are calculated correctly.

Intrusion detection systems (IDS) are most efficient way of defending against network-based attacks aimed at system devices, especially wireless devices. These systems are used in almost all large-scale IT infrastructures components, and they effected with different types of network attacks such as DDoS attack. Distributed Denial of-Services (DDoS) attacks the protocols and systems that are intended to provide services (to the public) are inherently vulnerable to attacks like DDoS, which were launched against a number of important Internet sites where security precautions were in place.

This paper mainly explores the detection and defense of DDoS attacks in the SDN architecture of the 5G environment, and proposes a DDoS attack detection method based on the deep learning two-level model CNN-LSTM in the SDN network. Not only can it greatly improve the accuracy of attack detection, but it can also reduce the time for classifying and detecting network traffic, so that the transmission of DDoS attack traffic can be blocked in time to ensure the availability of network services.

Target attack identification and detection has always been a concern of network security in the current environment. However, the economic losses caused by DDoS attacks are also enormous. In recent years, DDoS attack detection has made great progress mainly in the user application layer of the network layer. In this paper, a review and discussion are carried out according to the different detection methods and platforms. This paper mainly includes three parts, which respectively review statistics-based machine learning detection, target attack detection on SDN platform and attack detection on cloud service platform. Finally, the research suggestions for DDoS attack detection are given.

A distributed denial-of-service (DDoS) is a malicious attempt by attackers to disrupt the normal traffic of a targeted server, service or network. This is done by overwhelming the target and its surrounding infrastructure with a flood of Internet traffic. The multiple compromised computer systems (bots or zombies) then act as sources of attack traffic. Exploited machines can include computers and other network resources such as IoT devices. The attack results in either degraded network performance or a total service outage of critical infrastructure. This can lead to heavy financial losses and reputational damage. These attacks maximise effectiveness by controlling the affected systems remotely and establishing a network of bots called bot networks. It is very difficult to separate the attack traffic from normal traffic. Early detection is essential for successful mitigation of the attack, which gives rise to a very important role in cybersecurity to detect the attacks and mitigate the effects. This can be done by deploying machine learning or deep learning models to monitor the traffic data. We propose using various machine learning and deep learning algorithms to analyse the traffic patterns and separate malicious traffic from normal traffic. Two suitable datasets have been identified (DDoS attack SDN dataset and CICDDoS2019 dataset). All essential preprocessing is performed on both datasets. Feature selection is also performed before detection techniques are applied. 8 different Neural Networks/ Ensemble/ Machine Learning models are chosen and the datasets are analysed. The best model is chosen based on the performance metrics (DEEP NEURAL NETWORK MODEL). An alternative is also suggested (Next best - Hypermodel). Optimisation by Hyperparameter tuning further enhances the accuracy. Based on the nature of the attack and the intended target, suitable mitigation procedures can then be deployed.

Cities are becoming increasingly smart as the Internet of Things (IoT) proliferates. With IoT devices interconnected, smart cities can offer novel and ubiquitous services as well as automate many of our daily lives (e.g., smart health, smart home). The abundance in the number of IoT devices leads to divergent types of security threats as well. One of such important attacks is the Distributed Denial of Service attack(DDoS). DDoS attacks have become increasingly common in the internet of things because of the rapid growth of insecure devices. These attacks slow down legitimate network requests. Although DDoS attacks were first reported in 1996, the sophistication of these attacks has increased significantly. In mid-August 2020, a 2 Terabytes per second(TBps) attack targeting critical infrastructure, such as finance, was reported. In the next two years, it is predicted that this number will double to 15 million attacks. Blockchain technology, whose development dates back to the advent of the internet, has become one of the most important advancements to come along since that time. Several applications can use this technology to secure exchanges. Using blockchain to mitigate DDoS attacks is discussed in this survey paper in diverse domains to date. Its purpose is to expose the strengths, weaknesses, and limitations of the different approaches to DDoS mitigation. As a research and development platform for DDoS mitigation, this paper will act as a central hub for a more comprehensive understanding of these approaches.

Software Defined Networking (SDN) is an emerging technology, which provides the flexibility in communicating among network. Software Defined Network features separation of the data forwarding plane from the control plane which includes controller, resulting centralized network. Due to centralized control, the network becomes more dynamic, and resources are managed efficiently and cost-effectively. Network Virtualization is transformation of network from hardware-based to software-based. Network Function Virtualization will permit implementation, adaptable provisioning, and even management of functions virtually. The use of virtualization of SDN networks permits network to strengthen the features of SDN and virtualization of NFV and has for that reason has attracted notable research awareness over the last few years. SDN platform introduces network security challenges. The network becomes vulnerable when a large number of requests is encapsulated inside packet\_in messages and passed to controller from switch for instruction, if it is not recognized by existing flow entry rules. which will limit the resources and become a bottleneck for the entire network leading to DDoS attack. It is necessary to have quick provisional methods to prevent the switches from breaking down. To resolve this problem, the researcher develops a mechanism that detects and mitigates flood attacks. This paper provides a comprehensive survey which includes research relating frameworks which are utilized for detecting attack and later mitigation of flood DDoS attack in Software Defined Network (SDN) with the help of NFV.

DDoS attacks produce a lot of traffic on the network. DDoS attacks may be fought in a novel method thanks to the rise of Software Defined Networking (SDN). DDoS detection and data gathering may lead to larger system load utilization among SDN as well as systems, much expense of SDN, slow reaction period to DDoS if they are conducted at regular intervals. Using the Identification Retrieval algorithm, we offer a new DDoS detection framework for detecting resource scarcity type DDoS attacks. In designed to check low-density DDoS attacks, we employ a combination of network traffic characteristics. The KSVD technique is used to generate a dictionary of network traffic parameters. In addition to providing legitimate and attack traffic models for dictionary construction, the suggested technique may be used to network traffic as well. Matching Pursuit and Wavelet-based DDoS detection algorithms are also implemented and compared using two separate data sets. Despite the difficulties in identifying LR-DoS attacks, the results of the study show that our technique has a detection accuracy of 89%. DDoS attacks are explained for each type of DDoS, and how SDN weaknesses may be exploited. We conclude that machine learning-based DDoS detection mechanisms and cutoff point DDoS detection techniques are the two most prevalent methods used to identify DDoS attacks in SDN. More significantly, the generational process, benefits, and limitations of each DDoS detection system are explained. This is the case in our testing environment, where the intrusion detection system (IDS) is able to block all previously identified threats

Undoubtedly, technology has not only transformed our world of work and lifestyle, but it also carries with it a lot of security challenges. The Distributed Denial-of-Service (DDoS) attack is one of the most prominent attacks witnessed by cyberspace of the current era. This paper outlines several DDoS attacks, their mitigation stages, propagation of attacks, malicious codes, and finally provides redemptions of exhibiting normal and DDoS attacked scenarios. A case study of a SYN flooding attack has been exploited by using Metasploit. The utilization of CPU frame length and rate have been observed in normal and attacked phases. Preliminary results clearly show that in a normal scenario, CPU usage is about 20%. However, in attacked phases with the same CPU load, CPU execution overhead is nearly 90% or 100%. Thus, through this research, the major difference was found in CPU usage, frame length, and degree of data flow. Wireshark tool has been used for network traffic analyzer.

From the past few years, DDoS attack incidents are continuously rising across the world. DDoS attackers have also shifted their target towards cloud environments as majority of services have shifted their operations to cloud. Various authors proposed distinct solutions to minimize the DDoS attacks effects on victim services and co-located services in cloud environments. In this work, we propose an approach by utilizing incoming request separation at the container-level. In addition, we advocate to employ scale-inside out [10] approach for all the suspicious requests. In this manner, we achieve the request serving of all the authenticated benign requests even in the presence of an attack. We also improve the usages of scale-inside out approach by applying it to a container which is serving the suspicious requests in a separate container. The results of our proposed technique show a significant decrease in the response time of benign users during the DDoS attack as compared with existing solutions.

DDoS attacks still represent a severe threat to network services. While there are more or less workable solutions to defend against these attacks, there is a significant space for further research regarding automation of reactions and subsequent management. In this paper, we focus on one piece of the whole puzzle. We strive to automatically infer filtering rules which are specific to the current DoS attack to decrease the time to mitigation. We employ a machine learning technique to create a model of the traffic mix based on observing network traffic during the attack and normal period. The model is converted into the filtering rules. We evaluate our approach with various setups of hyperparameters. The results of our experiments show that the proposed approach is feasible in terms of the capability of inferring successful filtering rules.

In recent decades, a Distributed Denial of Service (DDoS) attack is one of the most expensive attacks for business organizations. The DDoS is a form of cyber-attack that disrupts the operation of computer resources and networks. As technology advances, the styles and tools used in these attacks become more diverse. These attacks are increased in frequency, volume, and intensity, and they can quickly disrupt the victim, resulting in a significant financial loss. In this paper, it is described the significance of DDOS attacks and propose a new method for detecting and mitigating the DDOS attacks by analyzing the traffics coming to the server from the BOTNET in attacking system. The process of analyzing the requests coming from the BOTNET uses the Machine learning algorithm in the decision making. The simulation is carried out and the results analyze the DDOS attack.

Network security is a prominent topic that is gaining international attention. Distributed Denial of Service (DDoS) attack is often regarded as one of the most serious threats to network security. Software Defined Network (SDN) decouples the control plane from the data plane, which can meet various network requirements. But SDN can also become the object of DDoS attacks. This paper proposes an automated DDoS attack mitigation method that is based on the programmability of the Ryu controller and the features of the OpenFlow switch flow tables. The Mininet platform is used to simulate the whole process, from SDN traffic generation to using a K-Nearest Neighbor model for traffic classification, as well as identifying and mitigating DDoS attack. The packet counts of the victim's malicious traffic input port are significantly lower after the mitigation method is implemented than before the mitigation operation. The purpose of mitigating DDoS attack is successfully achieved.