Biblio

A classification issue in machine learning is the issue of spotting Distributed Denial of Service (DDos) attacks. A Denial of Service (DoS) assault is essentially a deliberate attack launched from a single source with the implied intent of rendering the target's application unavailable. Attackers typically aims to consume all available network bandwidth in order to accomplish this, which inhibits authorized users from accessing system resources and denies them access. DDoS assaults, in contrast to DoS attacks, include several sources being used by the attacker to launch an attack. At the network, transportation, presentation, and application layers of a 7-layer OSI architecture, DDoS attacks are most frequently observed. With the help of the most well-known standard dataset and multiple regression analysis, we have created a machine learning model in this work that can predict DDoS and bot assaults based on traffic.

One of the major threats in the cyber security and networking world is a Distributed Denial of Service (DDoS) attack. With massive development in Science and Technology, the privacy and security of various organizations are concerned. Computer Intrusion and DDoS attacks have always been a significant issue in networked environments. DDoS attacks result in non-availability of services to the end-users. It interrupts regular traffic flow and causes a flood of flooded packets, causing the system to crash. This research presents a Machine Learning-based DDoS attack detection system to overcome this challenge. For the training and testing purpose, we have used the NSL-KDD Dataset. Logistic Regression Classifier, Support Vector Machine, K Nearest Neighbour, and Decision Tree Classifier are examples of machine learning algorithms which we have used to train our model. The accuracy gained are 90.4, 90.36, 89.15 and 82.28 respectively. We have added a feature called BOTNET Prevention, which scans for Phishing URLs and prevents a healthy device from being a part of the botnet.

Cloud provides access to shared pool of resources like storage, networking, and processing. Distributed denial of service attacks are dangerous for Cloud services because they mainly target the availability of resources. It is important to detect and prevent a DDoS attack for the continuity of Cloud services. In this review, we analyze the different mechanisms of detection and prevention of the DDoS attacks in Clouds. We identify the major DDoS attacks in Clouds and compare the frequently-used strategies to detect, prevent, and mitigate those attacks that will help the future researchers in this area.

In the Smart Grid paradigm, this critical infrastructure operation is increasingly exposed to cyber-threats due to the increased dependency on communication networks. An adversary can launch an attack on a power grid operation through False Data Injection into system measurements and/or through attacks on the communication network, such as flooding the communication channels with unnecessary data or intercepting messages. A cross-layered strategy that combines power grid data, communication grid monitoring and Machine Learning-based processing is a promising solution for detecting cyber-threats. In this paper, an implementation of an integrated solution of a cross-layer framework is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection of anomalies in the operation of power grid. IEEE 118-bus system is built in Simulink to provide a power grid testing environment and communication network data is emulated using SimComponents. The performance of the framework is investigated under various FDI and communication attacks.

In this work, the security sliding mode control issue is studied for interval type-2 (IT2) fuzzy systems under the unreliable network. The deception attacks and the denial-of-service (DoS) attacks may occur in the sensor-controller channels to affect the transmission of the system state, and these attacks are described via two independent Bernoulli stochastic variables. By adopting the compensation strategy and utilizing the available state, the new membership functions are constructed to design the fuzzy controller with the different fuzzy rules from the fuzzy model. Then, under the mismatched membership function, the designed security controller can render the closed-loop IT2 fuzzy system to be stochastically stable and the sliding surface to be reachable. Finally, the simulation results verify the security control scheme.

The consensus-based frequency control relying on a communication system is used to restore the frequency deviations introduced by the primary droop control in an islanded AC microgrid, a typical cyber-physical power system(CPPS). This paper firstly studies the performance of the CPPS under two types of Distributed Denial of Service (DDoS ) attacks, finds that the intelligent attacks may cause more damage than the brute force attacks, and analyzes some potential defense strategies of the CPPS from two points of view. Some simulation results are also given to show the performance of both the physical and cyber system of the CPPS under different operation conditions.

HTTP flood DDoS (Distributed Denial of Service) attacks send illegitimate HTTP requests to the targeted site or server. These kinds of attacks corrupt the networks with the help of massive attacking nodes thus blocking incoming traffic. Computer network connected devices are the major source to distributed denial of service attacks (or) botnet attacks. The computer manufacturers rapidly increase the network devices as per the requirement increases in the different environmental needs. Generally the manufacturers cannot ship computer network products with high level security. Those network products require additional security to prevent the DDoS attacks. The present technology is filled with 4G that will impact DDoS attacks. The million DDoS attacks had experienced in every year by companies or individuals. DDoS attack in a network would lead to loss of assets, data and other resources. Purchasing the new equipment and repair of the DDoS attacked network is financially becomes high in the value. The prevention mechanisms like CAPTCHA are now outdated to the bots and which are solved easily by the advanced bots. In the proposed work a secured botnet prevention mechanism provides network security by prevent and mitigate the http flooding based DDoS attack and allow genuine incoming traffic to the application or server in a network environment with the help of integrating invisible challenge and Resource Request Rate algorithms to the application. It offers double security layer to handle malicious bots to prevent and mitigate.

The big data platform based on cloud computing realizes the storage, analysis and processing of massive data, and provides users with more efficient, accurate and intelligent Internet services. Combined with the characteristics of college teaching resource sharing platform based on cloud computing mode, the multi-faceted security defense strategy of the platform is studied from security management, security inspection and technical means. In the detection module, the optimization of the support vector machine is realized, the detection period is determined, the DDoS data traffic characteristics are extracted, and the source ID blacklist is established; the triggering of the defense mechanism in the defense module, the construction of the forwarder forwarding queue and the forwarder forwarding capability are realized. Reallocation.

Internet Protocol Version 6 (IPv6) is expected for widespread deployment worldwide. Such rapid development of IPv6 may lead to safety problems. The main threats in IPv6 networks are denial of service (DoS) attacks and distributed DoS (DDoS) attacks. In addition to the similar threats in Internet Protocol Version 4 (IPv4), IPv6 has introduced new potential vulnerabilities, which are DoS and DDoS attacks based on Internet Control Message Protocol version 6 (ICMPv6). We divide such new attacks into two categories: pure flooding attacks and source address spoofing attacks. We propose P4-NSAF, a scheme to defend against the above two IPv6 DoS and DDoS attacks in the programmable data plane. P4-NSAF uses Count-Min Sketch to defend against flooding attacks and records information about IPv6 agents into match tables to prevent source address spoofing attacks. We implement a prototype of P4-NSAF with P4 and evaluate it in the programmable data plane. The result suggests that P4-NSAF can effectively protect IPv6 networks from DoS and DDoS attacks based on ICMPv6.

DDoS attacks are usually accompanied by IP spoofing, but the availability of existing DDoS defense systems for high-speed networks decreases when facing DDoS attacks with IP spoofing. Although IP traceback technologies are proposed to focus on IP spoofing in DDoS attacks, there are problems in practical application such as the need to change existing protocols and extensive infrastructure support. To defend against DDoS attacks under IP spoofing in high-speed networks, we propose a novel DDoS defense system, IM-Shield. IM-Shield uses the address pair consisting of the upper router interface MAC address and the destination IP address for DDoS attack detection. IM-Shield implements fine-grained defense against DDoS attacks under IP spoofing by filtering the address pairs of attack traffic without requiring protocol and infrastructure extensions to be applied on the Internet. Detection experiments using the public dataset show that in a 10Gbps high-speed network, the detection precision of IM-Shield for DDoS attacks under IP spoofing is higher than 99.9%; and defense experiments simulating real-time processing in a 10Gbps high-speed network show that IM-Shield can effectively defend against DDoS attacks under IP spoofing.

In recent years, the need for seamless connectivity has increased across various network platforms with demands coming from industries, home, mobile, transportation and office networks. The 5th generation (5G) network is being deployed to meet such demand of high-speed seamless network device connections. The seamless connectivity 5G provides could be a security threat allowing attacks such as distributed denial of service (DDoS) because attackers might have easy access into the network infrastructure and higher bandwidth to enhance the effects of the attack. The aim of this research is to provide a security solution for 5G technology to DDoS attacks by managing the response to threats posed by DDoS. Deploying a security policy language which is reactive and event-oriented fits into a flexible, efficient, and lightweight security approach. A policy in our language consists of an event whose occurrence triggers a policy rule where one or more actions are taken.

DDoS is a major issue in network security and a threat to service providers that renders a service inaccessible for a period of time. The number of Internet of Things (IoT) devices has developed rapidly. Nevertheless, it is proven that security on these devices is frequently disregarded. Many detection methods exist and are mostly focused on Machine Learning. However, the best method has not been defined yet. The aim of this paper is to find the optimal volumetric DDoS attack detection method by first comparing different existing machine learning methods, and second, by building an adaptive lightweight heuristics model relying on few traffic attributes and simple DDoS detection rules. With this new simple model, our goal is to decrease the classification time. Finally, we compare machine learning methods with our adaptive new heuristics method which shows promising results both on the accuracy and performance levels.

MQTT is widely adopted by IoT devices because it allows for the most efficient data transfer over a variety of communication lines. The security of MQTT has received increasing attention in recent years, and several studies have demonstrated the configurations of many MQTT brokers are insecure. Adversaries are allowed to exploit vulnerable brokers and publish malicious messages to subscribers. However, little has been done to understanding the security issues on the device side when devices handle unauthorized MQTT messages. To fill this research gap, we propose a fuzzing framework named ShadowFuzzer to find client-side vulnerabilities when processing incoming MQTT messages. To avoiding ethical issues, ShadowFuzzer redirects traffic destined for the actual broker to a shadow broker under the control to monitor vulnerabilities. We select 15 IoT devices communicating with vulnerable brokers and leverage ShadowFuzzer to find vulnerabilities when they parse MQTT messages. For these devices, ShadowFuzzer reports 34 zero-day vulnerabilities in 11 devices. We evaluated the exploitability of these vulnerabilities and received a total of 44,000 USD bug bounty rewards. And 16 CVE/CNVD/CN-NVD numbers have been assigned to us.

In this paper, we investigate a networked control problem in the presence of Denial-of-Service (DoS) attacks, which prevent transmissions over the communication network. The communication between the process and controller is also subject to bit rate constraints. For mitigating the influences of DoS attacks and bit rate constraints, we develop a variable bit rate (VBR) encoding-decoding protocol and quantized controller to stabilize the control system. We show that the system’s resilience against DoS under VBR is preserved comparing with those under constant bit rate (CBR) quantized control, with fewer bits transmitted especially when the attack levels are low. The proposed VBR quantized control framework in this paper is general enough such that the results of CBR quantized control under DoS and moreover the results of minimum bit rate in the absence of DoS can be recovered.

Denial-of-Service (DoS) attacks in wide-area control loops of electric power systems can cause temporary halting of information flow between the generators, leading to closed-loop instability. One way to counteract this issue would be to recreate the missing state information at the impacted generators by using the model of the entire system. However, that not only violates privacy but is also impractical from a scalability point of view. In this paper, we propose to resolve this issue by using a model-free technique employing neural networks. Specifically, a long short-term memory network (LSTM) is used. Once an attack is detected and localized, the LSTM at the impacted generator(s) predicts the magnitudes of the corresponding missing states in a completely decentralized fashion using offline training and online data updates. These predicted states are thereafter used in conjunction with the healthy states to sustain the wide-area feedback until the attack is cleared. The approach is validated using the IEEE 68-bus, 16-machine power system.

Internet of Things (IoT), Cloud and Augmented Reality (AR) are the emerging and developing technologies and are at the horizon and hype of their life cycle. Lots of commercial applications based on IoT, cloud and AR provide unrestricted access to data. The real-time applications based on these technologies are at the cusp of their innovations. The most frequent security attacks for IoT, cloud and AR applications are DDoS attacks. In this paper a detailed account of various DDoS attacks that can be the hindrance of many important sensitive services and can degrade the overall performance of recent services which are purely based on network communications. The DDoS attacks should be dealt with carefully and a set of a new generations of algorithm need to be developed to mitigate the problems caused by non-repudiation kinds of attacks.

Currently, the increasing complexity of DDoS attacks makes it difficult for modern security systems to track them. Machine learning techniques are increasingly being used in such systems as they are well established. However, a new problem arose: the creation of informative datasets. Generative adversarial networks can help create large, high-quality datasets for machine learning training. The article discusses the issue of using generative adversarial networks to generate new patterns of network attacks for the purpose of their further use in training.

The network attack such as Distributed Denial-of-Service (DDoS) attack could be critical to latency-critical systems such as Mobile Edge Computing (MEC) as such attacks significantly increase the response delay of the victim service. Intrusion prevention system (IPS) is a promising solution to defend against such attacks, but there will be a trade-off between IPS deployment and application resource reservation as the deployment of IPS will reduce the number of computation resources for MEC applications. In this paper, we proposed a game-theoretic framework to study the joint computation resource allocation and IPS deployment in the MEC architecture. We study the pricing strategy of the MEC platform operator and purchase strategy of the application service provider, given the expected attack strength and end user demands. The best responses of both MPO and ASPs are derived theoretically to identify the Stackelberg equilibrium. The simulation results confirm that the proposed solutions significantly increase the social welfare of the system.

Recently, DDoS attack has developed rapidly and become one of the most important threats to the Internet. Traditional machine learning and deep learning methods can-not train a satisfactory model based on the data of a single client. Moreover, in the real scenes, there are a large number of devices used for traffic collection, these devices often do not want to share data between each other depending on the research and analysis value of the attack traffic, which limits the accuracy of the model. Therefore, to solve these problems, we design a DDoS attack detection model based on federated learning named FLDDoS, so that the local model can learn the data of each client without sharing the data. In addition, considering that the distribution of attack detection datasets is extremely imbalanced and the proportion of attack samples is very small, we propose a hierarchical aggregation algorithm based on K-Means and a data resampling method based on SMOTEENN. The result shows that our model improves the accuracy by 4% compared with the traditional method, and reduces the number of communication rounds by 40%.

Internet always remains the target for the cyberattacks, and attackers are getting equipped with more potent tools due to the advancement of technology to preach the security of the Internet. Industries and organizations are sponsoring many projects to avoid these kinds of problems. As a result, SDN (Software Defined Network) architecture is becoming an acceptable alternative for the traditional IP based networks which seems a better approach to defend the Internet. However, SDN is also vulnerable to many new threats because of its architectural concept. SDN might be a primary target for DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks due to centralized control and linking of data plane and control plane. In this paper, the we propose a novel technique for detection of DDoS attacks using information theory metric. We compared our approach with widely used Intrusion Detection Systems (IDSs) based on Shannon entropy and Renyi entropy, and proved that our proposed methodology has more power to detect malicious flows in SDN based networks. We have used precision, detection rate and FPR (False Positive Rate) as performance parameters for comparison, and validated the methodology using a topology implemented in Mininet network emulator.

Recently, the Distributed Denial of Service (DDOS) attacks has been used for different aspects to denial the number of services for the end-users. Therefore, there is an urgent need to design an effective detection method against this type of attack. A fuzzy inference system offers the results in a more readable and understandable form. This paper introduces an anomaly-based Intrusion Detection (IDS) system using fuzzy logic. The fuzzy logic inference system implemented as a detection method for Distributed Denial of Service (DDOS) attacks. The suggested method was applied to an open-source DDOS dataset. Experimental results show that the anomaly-based Intrusion Detection system using fuzzy logic obtained the best result by utilizing the InfoGain features selection method besides the fuzzy inference system, the results were 91.1% for the true-positive rate and 0.006% for the false-positive rate.

In the ever evolving Internet threat landscape, Distributed Denial-of-Service (DDoS) attacks remain a popular means to invoke service disruption. DDoS attacks, however, have evolved to become a tool of deceit, providing a smokescreen or distraction while some other underlying attack takes place, such as data exfiltration. Knowing the intent of a DDoS, and detecting underlying attacks which may be present concurrently with it, is a challenging problem. An entity whose network is under a DDoS attack may not have the support personnel to both actively fight a DDoS and try to mitigate underlying attacks. Therefore, any system that can detect such underlying attacks should do so only with a high degree of confidence. Previous work utilizing flow aggregation techniques with multi-class anomaly detection showed promise in both DDoS detection and detecting underlying attacks ongoing during an active DDoS attack. In this work, we head in the opposite direction, utilizing flow segmentation and concurrent flow feature aggregation, with the primary goal of greatly reduced detection times of both DDoS and underlying attacks. Using the same multi-class anomaly detection approach, we show greatly improved detection times with promising detection performance.

Information system security is very important and very complicated, security is to prevent potential crisis. To detect both from external invasion behavior, also want to check the internal unauthorized behavior. Presented here ABHIDS hybrid intrusion detection system model, designed a component Agent, controller, storage, filter, manager component (database), puts forward a new detecting DDoS attacks (trinoo) algorithm and the implementation. ABHIDS adopts object-oriented design method, a study on intrusion detection can be used as a working mechanism of the algorithms and test verification platform.

Traditional DDoS attacks mainly send massive data packets through the attacking machine, consuming the network resources or server resources of the target server, making users unable to use server resources to achieve the purpose of denial of service. This type of attack is called a Flooding-based DDoS (FDDoS) attack. It has the characteristics of large traffic and suddenness. However, Low-rate DDoS (LDDoS) attack is a new type of DDoS attack. LDDoS utilize the TCP congestion control mechanism and sends periodic pulses to attack, which can seriously reduce the TCP flow throughput of the attacked link. It has the characteristics of small traffic and strong concealment. Each of these two DDoS attack methods has its own hard-to-handle characteristics, so that there is currently no particularly effective method to prevent such attacks. This paper uses time-frequency analysis to classify and filter DDoS traffic. The proposed filtering method is designed as a system in the actual environment. Experimental results show that the designed filtering algorithm can resist not only FDDoS attacks, but also LDDoS attacks.

With current Traditional / Legacy networks, the reliance on manual intervention to solve a variety of issues be it primary operational functionalities like addressing Link-failure or other consequent complexities arising out of existing solutions for challenges like Link-flapping or facing attacks like DDoS attacks is substantial. This physical and manual approach towards network configurations to make significant changes result in very slow updates and increased probability of errors and are not sufficient to address and support the rapidly shifting workload of the networks due to the fact that networking decisions are left to the hands of physical networking devices. With the advent of Software Defined Networking (SDN) which abstracts the network functionality planes, separating it from physical hardware – and decoupling the data plane from the control plane, it is able to provide a degree of automation for the network resources and management of the services provided by the network. This paper explores some of the aspects of automation provided by SDN capabilities in a Mesh Network (provides Network Security with redundancy of communication links) which contribute towards making the network inherently intelligent and take decisions without manual intervention and thus take a step towards Intelligent Automated Networks.