Biblio

Compared to ordinary Internet applications, the transfer of scientific data flows often has higher requirements for network performance. The network security devices and systems often affect the efficiency of scientific data transfer. As a new type of network architecture, Software-defined Networking (SDN) decouples the data plane from the control plane. Its programmability allows users to customize the network transfer path and makes the network more intelligent. The Science DMZ model is a private network for scientific data flow transfer, which can improve performance under the premise of ensuring network security. This paper combines SDN with Science DMZ, designs and implements an SDN-based traffic scheduling algorithm considering the load of link. In addition to distinguishing scientific data flow from common data flow, the algorithm further distinguishes the scientific data flows of different applications and performs different traffic scheduling of scientific data for specific link states. Experiments results proved that the algorithm can effectively improve the transmission performance of scientific data flow.

Resolving distributed attacks benefits from collaboration between networks. We present three approaches for the same multi-domain defensive action that can be applied in such an alliance: 1) Counteract Everywhere, 2) Minimize Countermeasures, and 3) Minimize Propagation. First, we provide a formula to compute efficiency of a defense; then we use this formula to compute the efficiency of the approaches under various circumstances. Finally, we discuss how task execution order and timing influence defense efficiency. Our results show that the Minimize Propagation approach is the most efficient method when defending against the chosen attack.

With the development of the Internet, the network attack technology has undergone tremendous changes. The forms of network attack and defense have also changed, which are features in attacks are becoming more diverse, attacks are more widespread and traditional security protection methods are invalid. In recent years, with the development of software defined security, network anomaly detection technology and big data technology, these challenges have been effectively addressed. This paper proposes a data-driven software defined security architecture with core features including data-driven orchestration engine, scalable network anomaly detection module and security data platform. Based on the construction of the analysis layer in the security data platform, real-time online detection of network data can be realized by integrating network anomaly detection module and security data platform under software defined security architecture. Then, data-driven security business orchestration can be realized to achieve efficient, real-time and dynamic response to detected anomalies. Meanwhile, this paper designs a deep learning-based HTTP anomaly detection algorithm module and integrates it with data-driven software defined security architecture so that demonstrating the flow of the whole system.

The rapid growth of the connected devices driven by Internet of Things (IoT) concept requires a complete rethinking of the conventional approaches for the network design. One of the key constraints of the IoT devices are their low capabilities in order to optimize energy consumption. On the other hand, many IoT applications require high level of data protection and privacy, which can be provided only by advanced cryptographic algorithms, which are not feasible for IoT devices. In this paper, we propose a scalable quadrature modulation aiming to solve the problem of secure communications at the physical layer. The key idea of the proposed approach is to transmit only part of information in way that allows target receiver to retrieve the complete information. Such approach allows to ensure the security of wireless channel, while reducing the overhead of advanced cryptographic algorithms.

Supervisory Control and Data Acquisition (SCADA)networks are widely deployed in modern industrial control systems (ICSs)such as energy-delivery systems. As an increasing number of field devices and computing nodes get interconnected, network-based cyber attacks have become major cyber threats to ICS network infrastructure. Field devices and computing nodes in ICSs are subjected to both conventional network attacks and specialized attacks purposely crafted for SCADA network protocols. In this paper, we propose a deep-learning-based network intrusion detection system for SCADA networks to protect ICSs from both conventional and SCADA specific network-based attacks. Instead of relying on hand-crafted features for individual network packets or flows, our proposed approach employs a convolutional neural network (CNN)to characterize salient temporal patterns of SCADA traffic and identify time windows where network attacks are present. In addition, we design a re-training scheme to handle previously unseen network attack instances, enabling SCADA system operators to extend our neural network models with site-specific network attack traces. Our results using realistic SCADA traffic data sets show that the proposed deep-learning-based approach is well-suited for network intrusion detection in SCADA systems, achieving high detection accuracy and providing the capability to handle newly emerged threats.

The Named Data Network (NDN) is a promising network paradigm for content distribution based on caching. However, it may put consumer privacy at risk, as the adversary may identify the content, the name and the signature (namely a certificate) through side-channel timing responses from the cache of the routers. The adversary may identify the content name and the consumer node by distinguishing between cached and un- cached contents. In order to mitigate the timing attack, effective countermeasure methods have been proposed by other authors, such as random caching, random freshness, and probabilistic caching. In this work, we have implemented a timing attack scenario to evaluate the efficiency of these countermeasures and to demonstrate how the adversary can be detected. For this goal, a brute force timing attack scenario based on a real topology was developed, which is the first brute force attack model applied in NDN. Results show that the adversary nodes can be effectively distinguished from other legitimate consumers during the attack period. It is also proposed a multi-level mechanism to detect an adversary node. Through this approach, the content distribution performance can be mitigated against the attack.

At the time of more and more devices being connected to the internet, personal and sensitive information is going around the network more than ever. Thus, security and privacy regarding IoT communications, devices, and data are a concern due to the diversity of the devices and protocols used. Since traditional security mechanisms cannot always be adequate due to the heterogeneity and resource limitations of IoT devices, we conclude that there are still several improvements to be made to the 2nd line of defense mechanisms like Intrusion Detection Systems. Using a collection of IP flows, we can monitor the network and identify properties of the data that goes in and out. Since network flows collection have a smaller footprint than packet capturing, it makes it a better choice towards the Internet of Things networks. This paper aims to study IP flow properties of certain network attacks, with the goal of identifying an attack signature only by observing those properties.

With the economic development, the number of cars is increasing, and the traffic accidents and congestion problems that follow will not be underestimated. The concept of the Internet of Vehicles is becoming popular, and demand for intelligent traffic is growing. In this paper, the warning scheme we proposed aims to solve the traffic problems. Using intelligent terminals, it is faster and more convenient to obtain driving behaviors and road condition information. The application of blockchain technology can spread information to other vehicles for sharing without third-party certification. Group signature-based authentication protocol guarantees privacy and security while ensuring identity traceability. In experiments and simulations, the recognition accuracy of driving behavior can reach up to 94.90%. The use of blockchain provides secure, distributed, and autonomous features for the solution. Compared with the traditional signature method, the group signature-based authentication time varies less with the increase of the number of vehicles, and the communication time is more stable.

Network Function Virtualization (NFV) is an implementation of cloud computing that leverages virtualization technology to provide on-demand network functions such as firewalls, domain name servers, etc., as software services. One of the methods that help us understand the design and implementation process of such a new system in an abstract way is architectural modeling. Architectural modeling can be presented through UML diagrams to show the interaction between different components and its stakeholders. Also, it can be used to analyze the security threats and the possible countermeasures to mitigate the threats. In this paper, we show some of the possible threats that may jeopardize the security of NFV. We use misuse patterns to analyze misuses based on privilege escalation and VM escape threats. The misuse patterns are part of an ongoing catalog, which is the first step toward building a security reference architecture for NFV.

We recently see a real digital revolution where all companies prefer to use cloud computing because of its capability to offer a simplest way to deploy the needed services. However, this digital transformation has generated different security challenges as the privacy vulnerability against cyber-attacks. In this work we will present a new architecture of a hybrid Intrusion detection System, IDS for virtual private clouds, this architecture combines both network-based and host-based intrusion detection system to overcome the limitation of each other, in case the intruder bypassed the Network-based IDS and gained access to a host, in intend to enhance security in private cloud environments. We propose to use a non-traditional mechanism in the conception of the IDS (the detection engine). Machine learning, ML algorithms will can be used to build the IDS in both parts, to detect malicious traffic in the Network-based part as an additional layer for network security, and also detect anomalies in the Host-based part to provide more privacy and confidentiality in the virtual machine. It's not in our scope to train an Artificial Neural Network ”ANN”, but just to propose a new scheme for IDS based ANN, In our future work we will present all the details related to the architecture and parameters of the ANN, as well as the results of some real experiments.

The most significant threats to networks usually originate from external entities. As such, the Northbound interface of SDN networks which ensures communication with external applications requires particularly close attention. In this paper we propose the Risk Assessment and Management approach to SEcure SDN (RAMSES). This novel solution is able to estimate the risk associated with traffic demand requests received via the Northbound-API in SDN networks. RAMSES quantifies the impact on network cost incurred by expected traffic demands and specifies the likelihood of adverse requests estimated using the reputation system. Accurate risk estimation allows SDN network administrators to make the right decisions and mitigate potential threat scenarios. This can be observed using extensive numerical verification based on an network optimization tool and several scenarios related to the reputation of the sender of the request. The verification of RAMSES confirmed the usefulness of its risk assessment approach to protecting SDN networks against threats associated with the Northbound-API.

Present networks within safety-critical systems rely on complex and inflexible network configurations. New technologies such as software-defined networking are more dynamic and offer more flexibility, but due care needs to be exercised to ensure that safety and security are not compromised by incorrect configurations. To this end, this paper proposes the use of pre-generated and optimized configuration templates. These provide alternate routes for traffic considering availability, resilience and timing constraints where network components fail due to attacks or faults.To obtain these templates, two heuristics based on Dijkstra's algorithm and an optimization algorithm providing the maximum resilience were investigated. While the configurations obtained through optimization yield appropriate templates, the heuristics investigated are not suitable to obtain configuration templates, since they cannot fulfill all requirements.

Security auditing is an effective means of safety supervision and risk self-identification. It is also a hot issue in the research of major enterprises and institutions. The existing standard norms cannot effectively guide the internal audit of the enterprise intranet, “how to review” and “review” What is not easy to grasp. This paper analyzes the status quo, problems and development trends of security audit, and proposes a behavior-based security audit mode, which can effectively discover the non-compliance behavior of intranet users, and can provide reference for peers through practice.

We propose a new key sharing protocol executed through any constant parameter noiseless public channel (as Internet itself) without any cryptographic assumptions and protocol restrictions on SNR in the eavesdropper channels. This protocol is based on extraction by legitimate users of eigenvalues from randomly generated matrices. A similar protocol was proposed recently by G. Qin and Z. Ding. But we prove that, in fact, this protocol is insecure and we modify it to be both reliable and secure using artificial noise and privacy amplification procedure. Results of simulation prove these statements.

Blockchain technology is useful with the record keeping of digital transactions, IoT, supply chain management etc. However, we have observed that the traditional attacks are possible on blockchain due to lack of robust identity management. We found that Sybil attack can cause severe impact in public/permissionless blockchain, in which an attacker can subvert the blockchain by creating a large number of pseudonymous identities (i.e. Fake user accounts) and push legitimate entities in the minority. Such virtual nodes can act like genuine nodes to create disproportionately large influence on the network. This may lead to several other attacks like DoS, DDoS etc. In this paper, a Sybil attack is demonstrated on a blockchain test bed with its impact on the throughput of the system. We propose a solution directive, in which each node monitors the behavior of other nodes and checks for the nodes which are forwarding the blocks of only particular user. Such nodes are quickly identified, blacklisted and notified to other nodes, and thus the Sybil attack can be restricted. We analyze experimental results of the proposed solution.

A common tool to defend against Sybil attacks is proof-of-work, whereby computational puzzles are used to limit the number of Sybil participants. Unfortunately, current Sybil defenses require significant computational effort to offset an attack. In particular, good participants must spend computationally at a rate that is proportional to the spending rate of an attacker. In this paper, we present the first Sybil defense algorithm which is asymmetric in the sense that good participants spend at a rate that is asymptotically less than an attacker. In particular, if T is the rate of the attacker's spending, and J is the rate of joining good participants, then our algorithm spends at a rate f O($\surd$(TJ) + J). We provide empirical evidence that our algorithm can be significantly more efficient than previous defenses under various attack scenarios. Additionally, we prove a lower bound showing that our algorithm's spending rate is asymptotically optimal among a large family of algorithms.

Cooperative Intelligent Transport Systems (C-ITS) are expected to play an important role in our lives. They will improve the traffic safety and bring about a revolution on the driving experience. However, these benefits are counterbalanced by possible attacks that threaten not only the vehicle's security, but also passengers' lives. One of the most common attacks is the Sybil attack, which is even more dangerous than others because it could be the starting point of many other attacks in C-ITS. This paper proposes a distributed approach allowing the detection of Sybil attacks by using the traffic flow theory. The key idea here is that each vehicle will monitor its neighbourhood in order to detect an eventual Sybil attack. This is achieved by a comparison between the real accurate speed of the vehicle and the one estimated using the V2V communications with vehicles in the vicinity. The estimated speed is derived by using the traffic flow fundamental diagram of the road's portion where the vehicles are moving. This detection algorithm is validated through some extensive simulations conducted using the well-known NS3 network simulator with SUMO traffic simulator.

Cloud use for High Performance Computing (HPC) and High Performance Data Analytics (HPDA) is increasing. The data are transferred to the cloud and usually left there even after the data being processed. There is security concern for such data being left online. We propose secure staging system to prepare not only data but also computing platform for processing the data dynamically just while the data is processed. The data plane of the secure staging system has dynamic reconfigurability with several lower-than-IP-layer partitioning mechanisms. The control plane consists of a scheduler and a resource provisioner working together to reconfigure the partitioning in the data plane dynamically. A field trial system is deployed for treating secure data in dental school to be processed in the computer center with the location distance of 1km. The system shows high score in the Common Vulnerability Scoring System (CVSS) evaluation.

Keeping Internet users safe from attacks and other threats is one of the biggest security challenges nowadays. Distributed Denial of Service (DDoS) [1] is one of the most common attacks. DDoS makes the system stop working by resource overload. Software Define Networking (SDN) [2] has recently emerged as a new networking technology offering an unprecedented programmability that allows network operators to dynamically configure and manage their infrastructures. The flexible processing and centralized management of SDN controller allow flexibly deploying complex security algorithms and mitigation methods. In this paper, we propose a new TCP-SYN flood attack mitigation in SDN networks using machine learning. By using a testbed, we implement the proposed algorithms, evaluate their accuracy and address the trade-off between the accuracy and capacity of the security device. The results show that the algorithms can mitigate TCP-SYN Flood attack over 96.

Software Defined Networking (SDN) is very popular due to the benefits it provides such as scalability, flexibility, monitoring, and ease of innovation. However, it needs to be properly protected from security threats. One major attack that plagues the SDN network is the distributed denial-of-service (DDoS) attack. There are several approaches to prevent the DDoS attack in an SDN network. We have evaluated a few machine learning techniques, i.e., J48, Random Forest (RF), Support Vector Machine (SVM), and K-Nearest Neighbors (K-NN), to detect and block the DDoS attack in an SDN network. The evaluation process involved training and selecting the best model for the proposed network and applying it in a mitigation and prevention script to detect and mitigate attacks. The results showed that J48 performs better than the other evaluated algorithms, especially in terms of training and testing time.

In today's time Software Defined Network (SDN) gives the complete control to get the data flow in the network. SDN works as a central point to which data is administered centrally and traffic is also managed. SDN being open source product is more prone to security threats. The security policies are also to be enforced as it would otherwise let the controller be attacked the most. The attacks like DDOS and DOS attacks are more commonly found in SDN controller. DDOS is destructive attack that normally diverts the normal flow of traffic and starts the over flow of flooded packets halting the system. Machine Learning techniques helps to identify the hidden and unexpected pattern of the network and hence helps in analyzing the network flow. All the classified and unclassified techniques can help detect the malicious flow based on certain parameters like packet flow, time duration, accuracy and precision rate. Researchers have used Bayesian Network, Wavelets, Support Vector Machine and KNN to detect DDOS attacks. As per the review it's been analyzed that KNN produces better result as per the higher precision and giving a lower falser rate for detection. This paper produces better approach of hybrid Machine Learning techniques rather than existing KNN on the same data set giving more accuracy of detecting DDOS attacks on higher precision rate. The result of the traffic with both normal and abnormal behavior is shown and as per the result the proposed algorithm is designed which is suited for giving better approach than KNN and will be implemented later on for future.

Widespread use of Wireless Sensor Networks (WSNs) introduced many security threats due to the nature of such networks, particularly limited hardware resources and infrastructure less nature. Denial of Service attack is one of the most common types of attacks that face such type of networks. Building an Intrusion Detection and Prevention System to mitigate the effect of Denial of Service attack is not an easy task. This paper proposes the use of two machine learning techniques, namely decision trees and Support Vector Machines, to detect attack signature on a specialized dataset. The used dataset contains regular profiles and several Denial of Service attack scenarios in WSNs. The experimental results show that decision trees technique achieved better (higher) true positive rate and better (lower) false positive rate than Support Vector Machines, 99.86% vs 99.62%, and 0.05% vs. 0.09%, respectively.

Routing on the Internet is defined among autonomous systems (ASes) based on a weak trust model where it is assumed that ASes are honest. While this trust model strengthens the connectivity among ASes, it results in an attack surface which is exploited by malicious entities to hijacking routing paths. One such attack is known as the BGP prefix hijacking, in which a malicious AS broadcasts IP prefixes that belong to a target AS, thereby hijacking its traffic. In this paper, we proposeRouteChain: a blockchain-based secure BGP routing system that counters BGP hijacking and maintains a consistent view of the Internet routing paths. Towards that, we leverage provenance assurance and tamper-proof properties of blockchains to augment trust among ASes. We group ASes based on their geographical (network) proximity and construct a bihierarchical blockchain model that detects false prefixes prior to their spread over the Internet. We validate strengths of our design by simulations and show its effectiveness by drawing a case study with the Youtube hijacking of 2008. Our proposed scheme is a standalone service that can be incrementally deployed without the need of a central authority.

Internet of Things is nowadays growing faster than ever before. Operators are planning or already creating dedicated networks for this type of devices. There is a need to create dedicated solutions for this type of network, especially solutions related to information security. In this article we present a mechanism of security-aware routing, which takes into account the evaluation of trust in devices and packet flows. We use trust relationships between flows and network nodes to create secure SDN paths, not ignoring also QoS and energy criteria. The system uses SDN infrastructure, enriched with Cognitive Packet Networks (CPN) mechanisms. Routing decisions are made by Random Neural Networks, trained with data fetched with Cognitive Packets. The proposed network architecture, implementing the security-by-design concept, was designed and is being implemented within the SerIoT project to demonstrate secure networks for the Internet of Things (IoT).

The growing trend toward information technology increases the amount of data travelling over the network links. The problem of detecting anomalies in data streams has increased with the growth of internet connectivity. Software-Defined Networking (SDN) is a new concept of computer networking that can adapt and support these growing trends. However, the centralized nature of the SDN design is challenged by the need for an efficient method for traffic monitoring against traffic anomalies caused by misconfigured devices or ongoing attacks. In this paper, we propose a new model for traffic behavior monitoring that aims to ensure trusted communication links between the network devices. The main objective of this model is to confirm that the behavior of the traffic streams matches the instructions provided by the SDN controller, which can help to increase the trust between the SDN controller and its covered infrastructure components. According to our preliminary implementation, the behavior monitoring unit is able to read all traffic information and perform a validation process that reports any mismatching traffic to the controller.